Zero Signup ToolsFree browser tools

Security Tools

JWK to PEM Converter

Convert JSON Web Keys (JWK) to PEM and PEM to JWK in your browser. RSA, EC (P-256, P-384, P-521), Ed25519, public and private, with SHA-256 fingerprint.

Input

Converted in your browser

Paste a JWK (JSON) or a PEM-encoded key block. The tool detects the format automatically and produces the other side in both public and private form when the input contains a private key.

Format
Or load a sample

Everything happens in your browser via the Web Crypto API. The key material you paste here is never uploaded.

How to use

  1. Paste a JWK (JSON object with kty and the matching key parameters) or a PEM block (-----BEGIN PUBLIC KEY----- or -----BEGIN PRIVATE KEY-----) into the input area. The tool auto-detects the format.
  2. If the auto-detect picks the wrong format, use the Format buttons to lock the input as JWK or PEM.
  3. Click Convert (or wait for the live auto-convert to run after a short debounce).
  4. Copy the PEM private key (PKCS#8), PEM public key (SPKI), JWK private key, or JWK public key from the output blocks. When the input is a private key, the matching public key is derived for you.
  5. Verify the result with the SHA-256 fingerprint of the SPKI, which matches openssl pkey -pubout -outform DER | openssl dgst -sha256.

About this tool

JWK to PEM Converter is a bidirectional tool that turns JSON Web Keys (RFC 7517 / 7518 / 8037) into PEM-encoded ASN.1 keys and back. Paste a JWK and get a PEM SPKI public key block (the format produced by openssl pkey -pubout and consumed by Node.js crypto.createPublicKey, Go crypto/x509.ParsePKIXPublicKey, Python cryptography.hazmat, and every JOSE library that verifies RS256, PS256, ES256, EdDSA, or related JWTs). Paste a PEM block and get the matching JWK in the exact shape every JWKS endpoint publishes (kty, alg, kid, use, key_ops, n, e, d, p, q, dp, dq, qi, crv, x, y). When the input is a private key the tool surfaces both the private and the derived public form on each side, so a single paste covers all four output combinations. The conversion uses the browser's Web Crypto API (crypto.subtle.importKey and exportKey) so the parsing, validation, and DER encoding match what every server-side library implements. Supported key families: RSA (RSASSA-PKCS1-v1_5, RSA-PSS, RSA-OAEP at 2048, 3072, or 4096 bits with SHA-256, SHA-384, or SHA-512), EC (ECDSA / ECDH on P-256, P-384, P-521), and OKP (Ed25519, on browsers that expose it in Web Crypto). PEM input understands PUBLIC KEY (SPKI / X.509) and PRIVATE KEY (PKCS#8) blocks directly, and gives a clear conversion hint for legacy PKCS#1 RSA PUBLIC KEY, PKCS#1 RSA PRIVATE KEY, and SEC1 EC PRIVATE KEY blocks. The result panel includes the SHA-256 fingerprint of the SPKI public key so it can be compared against openssl pkey -pubout -outform DER | openssl dgst -sha256. Everything runs locally in your browser: the JWK, PEM, and private key material you paste here never leave your device.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Security

PEM Public Key Inspector

Decode PEM public keys: RSA modulus, EC curve, JWK, SSH line, fingerprints.

Open tool

Security

RSA and EC Key Pair Generator

Generate RSA, EC, and Ed25519 key pairs in PEM and JWK with a SHA-256 fingerprint.

Open tool

Security

CSR Decoder

Decode PKCS#10 CSRs: subject, SANs, key, extensions, fingerprints, signature check.

Open tool

Security

SSL Certificate Decoder

Decode PEM X.509 certificates with subject, issuer, validity, SANs, key info, extensions, and SHA fingerprints.

Open tool

Developer

JWT Decoder

Decode header, payload, and claims of a JWT with expiry checks.

Open tool

Developer

JWT Verifier

Verify HS, RS, PS, and ES signatures plus exp, nbf, iss, aud claims.

Open tool

All toolsSecurity Tools