JWK To PEM Converter
Convert JWK or JWKS JSON into SPKI public or PKCS#8 private PEM, with local validation, thumbprints, and clear key-family checks.{{ pemDisplayText }}
| Field | Value | Note | Copy |
|---|---|---|---|
| {{ row.field }} | {{ row.value }} | {{ row.note }} |
| Check | Status | Evidence | Copy |
|---|---|---|---|
| {{ row.check }} | {{ row.status }} | {{ row.evidence }} |
Introduction:
A web identity system can publish a public key as JSON while a command-line utility, TLS service, or certificate workflow asks for a PEM file. The key can be the same in both places, but the surrounding format is different enough that copying values by hand is risky. JSON Web Key (JWK) names the mathematical parts of a key as JSON members. Privacy-Enhanced Mail (PEM) wraps binary ASN.1 DER bytes as base64 text between header and footer lines.
The difference matters most when a key crosses a boundary between JOSE systems and older public-key infrastructure tools. OAuth, OpenID Connect, JWT verification, and JSON Web Key Sets (JWKS) usually speak in JWK terms such as kty, kid, alg, crv, n, e, x, and y. OpenSSL-style tools usually expect a PEM label such as PUBLIC KEY or PRIVATE KEY. A correct conversion preserves the key material while changing the wrapper that tells the next program how to read it.
- Key material
- The public or private numbers that define the RSA, EC, or OKP key.
- Container
- The surrounding structure, such as JWK JSON, SubjectPublicKeyInfo (SPKI), or PKCS#8.
- Metadata
- Selection hints such as
kid,alg, anduse. These help choose a key but are not the key itself. - Trust
- The separate question of whether the key came from the expected issuer, certificate, or deployment record.
Public conversion and private conversion should be kept mentally separate. A public JWK can become an SPKI public PEM because it has enough public material to describe the key. A private PKCS#8 PEM requires private JWK members, and RSA private export also needs the Chinese Remainder Theorem (CRT) values used by common RSA private-key encodings. A public JWKS from an identity provider normally does not contain those private fields, which is a security feature rather than a missing export option.
A JWKS adds another practical decision before any conversion happens: choosing the right key from a set. Key sets support rotation, so several keys may appear together. The kid value is useful for matching a token header or deployment note, but it is not a cryptographic proof by itself. Thumbprints and fingerprints give stronger comparison values because they are derived from the public JWK members or exported DER bytes.
A valid PEM result still answers only a format question. It does not prove that the key belongs to the expected issuer, matches a certificate, or should be trusted for a production service. Treat conversion as one careful step in a larger key-handling workflow, especially when private material is present.
How to Use This Tool:
Use the converter when JWK or JWKS JSON needs to be handed to software that expects a PEM public or private key.
- Paste a single JWK or JWKS JSON object, browse for a JSON file, or drop the file onto the source area.
- Use the RSA, EC, or JWKS sample buttons when you want to inspect accepted key shapes before pasting your own material.
- If the source is a JWKS, choose the correct Key from JWKS. Only the selected key is converted.
- Leave Output PEM on Auto unless the receiving system specifically asks for public SPKI or private PKCS#8. Auto uses SPKI for public-only keys and PKCS#8 when private fields are present.
- Adjust PEM line wrap only for a strict importer. The default 64-character wrap is widely accepted, while the control stays within 48 to 76 characters.
- Set Fingerprint preview to the amount of hash text you want in tables. Full values remain available in the JSON result.
- Read PEM first, then check Key Details and Conversion Checks for key type, target wrapper, DER size, thumbprint, fingerprint, and private-field warnings.
When conversion fails, start with the failed check. JSON parse errors, unsupported key families, unsupported curves, invalid base64url values, and missing private fields usually point to the exact correction.
Interpreting Results:
The PEM tab is the value to copy or download. Its header identifies the wrapper: PUBLIC KEY for SPKI public output or PRIVATE KEY for PKCS#8 private output. A private header means the source contained private JWK material and the result should be handled as a secret.
- Key Details confirms the source shape, selected key, key family, estimated size,
kid, advisoryalg/usevalues, DER bytes, PEM size, JWK thumbprint preview, and DER SHA-256 preview. - Conversion Checks separates parsing, key-family support, output-target readiness, private-material detection, URL-sync boundaries, and PEM generation.
- JSON keeps the full thumbprint and DER fingerprint when table previews are shortened.
A matching kid is only a selection clue. For trust-sensitive work, compare the JWK thumbprint, DER fingerprint, issuer metadata, certificate public key, or deployment record that originally identified the key.
Technical Details:
JWK-to-PEM conversion is a change in encoding and ASN.1 wrapper, not a new cryptographic key. JWK public members are decoded from base64url into raw integers or byte strings. Those values are then placed into a DER structure with the algorithm object identifier required by the key family. PEM is the final textual armor around those DER bytes.
SPKI is the public-key wrapper used for PUBLIC KEY PEM. PKCS#8 is the private-key wrapper used for PRIVATE KEY PEM. RSA, elliptic-curve, and octet key pair (OKP) keys use different required members and object identifiers, so the key family and curve determine both validation and DER construction.
Transformation Core:
| Key family | Public JWK members | Private PEM requirement | Supported PEM output |
|---|---|---|---|
| RSA | kty, n, e |
d, p, q, dp, dq, and qi; multi-prime oth values are not supported. |
SPKI public, or PKCS#8 private when the complete CRT set is present. |
| EC | kty, crv, x, y |
d with the correct byte length for the curve. |
P-256, P-384, and P-521 SPKI or PKCS#8. |
| OKP | kty, crv, x |
d with the required byte length for the curve. |
Ed25519, X25519, Ed448, and X448 SPKI or PKCS#8. |
Wrapper And Hash Rules:
| Output or check | Rule | What it proves |
|---|---|---|
| Auto target | Private JWK member d selects PKCS#8; otherwise SPKI is selected. |
The wrapper matches whether private key material appears in the source. |
| PEM wrap | Base64 output is wrapped at a normalized multiple of 4 between 48 and 76 characters. | The armor remains import-friendly without changing DER bytes. |
| JWK thumbprint | Required public members are serialized in canonical order, hashed with SHA-256, and encoded as base64url. | The value identifies the public JWK representation defined by RFC 7638. |
| DER fingerprint | The exported DER bytes are hashed with SHA-256 and shown as a preview plus full JSON value. | The value identifies the exact PEM payload before text armor. |
Worked Transform Path:
- Parse the source as either one JWK object or a JWKS object with a non-empty
keysarray. - Select one key by index and resolve the PEM target from the requested setting and the presence of private material.
- Decode base64url members into bytes, then check curve names and fixed byte lengths where the key family requires them.
- Build the SPKI or PKCS#8 DER object using the key-family object identifier and public or private key structure.
- Hash the public JWK members for the thumbprint, hash the exported DER bytes for the fingerprint, base64-armor the DER bytes, and add the PEM header and footer.
JOSE metadata such as kid, alg, use, and key_ops remains useful for selection and review, but it is not embedded in the generated PEM key bytes.
Privacy Notes:
The conversion runs in the browser. Source JWK text and generated PEM are not written to the shareable URL. Settings such as selected key index, output target, line wrap, fingerprint preview length, and active tab may be reflected in the URL.
- Public JWKs can still be sensitive when they reveal internal key rotation or service identity details.
- Private JWK fields such as
d, RSA CRT values, and generated PKCS#8 PEM should be treated as secrets. - Clear the source text after private-key work on a shared browser profile or workstation.
Worked Examples:
RSA public JWK to SPKI
A JWK with kty: RSA, modulus n, exponent e, kid, and alg: RS256 should produce a PUBLIC KEY PEM. The details should identify RSA, estimate the bit length from the modulus, and show both the RFC 7638 thumbprint and DER SHA-256 fingerprint.
JWKS key selection
A JWKS containing RSA, P-256, and Ed25519 public keys can be pasted once, then switched by selected index. Changing the selected key changes the family, PEM body, thumbprint, fingerprint, and suggested filename while leaving the source JSON unchanged.
Private target without private members
Selecting PKCS#8 for a public-only JWK should block conversion because private output requires private members. Switch back to SPKI for public output, or use a complete private JWK from a trusted source when private PEM is genuinely required.
FAQ:
What is the difference between SPKI and PKCS#8?
SPKI is the public-key wrapper behind PUBLIC KEY PEM. PKCS#8 is the private-key wrapper behind PRIVATE KEY PEM when the JWK contains the required private fields.
Why did private export fail for an RSA key?
RSA private PEM needs d, p, q, dp, dq, and qi. A public JWKS usually has only n and e, so it can produce public SPKI but not private PKCS#8.
Does PEM preserve kid or alg?
No. Those JWK values are metadata used for selection and review. PEM carries the key material and algorithm wrapper, not JOSE selection hints.
Why are the JWK thumbprint and DER fingerprint different?
They hash different byte sequences. The JWK thumbprint hashes canonical public JWK JSON, while the DER fingerprint hashes the exported DER bytes that sit inside the PEM armor.
Glossary:
- JWK
- JSON Web Key, a JSON representation of public or private cryptographic key material.
- JWKS
- JSON Web Key Set, a JSON object with a
keysarray for publishing several keys. - DER
- A binary ASN.1 encoding used by many certificate and key formats.
- PEM
- Base64 text armor around DER bytes with a header and footer label.
- SPKI
- SubjectPublicKeyInfo, the ASN.1 wrapper commonly used for public-key PEM output.
- PKCS#8
- A standard ASN.1 wrapper for private keys and their algorithm information.