Convert PEM keys to JWK and back

Micah Parks
2 min readDec 13, 2023

--

Generated by DALLE 3

PEM encoding is a commonly used format to store and transmit cryptographic keys. Typically these keys are PEM encoded as ASN.1 DER data for SEC 1, PKCS #1, PKCS #8, PKIX, or X.509 certificates.

JSON Web Keys (JWK) are another popular way to represent cryptographic keys and metadata. Notably, OAuth 2.0 and OpenID connect use JWK Sets to communicate cryptographic keys for authentication and authorization.

I have updated my JWK Set Golang GitHub project to include an open-source website to convert between these formats. You can find this website deployed to jwkset.com, linked below.

The website and project aim to be the most complete implementation of a JWK Set possible using the Golang standard library.

The JWK generator accepts PEM encoded assets, including certificates. It can also create new keys from the selected options.

Screenshot of jwkset.com/generate

The JWK inspector validates and extracts the key material to PKIX (public key) and PKCS #8 (private key) formats.

Screenshot of jwkset.com/inspect

If you are working with private key material, self-host this website with the below Docker command. Then visit http://localhost:8080

docker run --rm -p 8080:8080 micahparks/jwksetcom

Alternatively, use the jwksetinfer CLI tool to convert between PEM and JWK. Install it with the Golang toolchain:

go install github.com/MicahParks/jwkset/cmd/jwksetinfer@latest

Use the CLI tool to turn PEM encoded assets into a JWK Set:

jwksetinfer mykey.pem mycert.crt

I hope these tools have helped you convert between PEM encoded keys and JSON Web Keys. If you have other JWK Set needs, be sure to check out the GitHub project for a JWK Set client and related projects.

--

--