What is a JSON Web Key (JWK)?

A JSON Web Key (JWK) is a JSON object that represents a cryptographic key. It's defined in RFC 7517 and is commonly used in JWT (JSON Web Tokens), OAuth 2.0, and other security protocols. JWK format makes it easy to exchange cryptographic keys in JSON format.

Can I convert EC (Elliptic Curve) keys from JWK to PEM?

Yes, this tool supports converting Elliptic Curve (EC) keys from JWK to PEM format. Supported curves include P-256 (secp256r1), P-384 (secp384r1), and P-521 (secp521r1). However, PEM to JWK conversion currently supports RSA keys only.

What key types are supported for JWK to PEM conversion?

This tool supports RSA and Elliptic Curve (EC) keys for JWK to PEM conversion. RSA keys can be 2048-bit or 4096-bit. EC keys support P-256, P-384, and P-521 curves. For PEM to JWK conversion, only RSA keys are currently supported.

Is my key data stored or transmitted to servers?

No, your key data is processed securely and is not stored on our servers. The conversion happens through secure API calls, and we follow privacy-first principles. Your keys are never logged or retained.

What is the difference between JWK and PEM formats?

JWK (JSON Web Key) is a JSON-based format defined in RFC 7517, commonly used in modern web applications and APIs. PEM (Privacy-Enhanced Mail) is a base64-encoded format with header/footer lines (-----BEGIN/END-----), widely used in OpenSSL and traditional cryptographic tools. JWK is more structured and easier to parse programmatically, while PEM is more human-readable and widely supported.

JWK to PEM Converter Online

By Anish Nath - Security Engineer & Cryptography Expert | @anish2good | Last Updated: January 23, 2025 | 4.6/5 (756 reviews)

Privacy-First No Data Stored 100% Free

Expert Tip: This tool supports converting RSA and Elliptic Curve (EC) keys from JWK to PEM format. For PEM to JWK conversion, currently only RSA keys are supported. JWK format is commonly used in JWT, OAuth 2.0, and modern web security protocols.

Conversion Configuration

Convert between JWK and PEM formats

JWK to PEM RSA & EC Supported Convert JSON Web Key to PEM format (RSA and Elliptic Curve keys supported)

PEM to JWK RSA Only Convert PEM format to JSON Web Key (RSA keys only)

Input

{
"kty": "RSA",
"n": "33TqqLR3eeUmDtHS89qF3p4MP7Wfqt2Zjj3lZjLjjCGDvwr9cJNlNDiuKboODgUiT4ZdPWbOiMAfDcDzlOxA04DDnEFGAf-kDQiNSe2ZtqC7bnIc8-KSG_qOGQIVaay4Ucr6ovDkykO5Hxn7OU7sJp9TP9H0JH8zMQA6YzijYH9LsupTerrY3U6zyihVEDXXOv08vBHk50BMFJbE9iwFwnxCsU5-UZUZYw87Uu0n4LPFS9BT8tUIvAfnRXIEWCha3KbFWmdZQZlyrFw0buUEf0YN3_Q0auBkdbDR_ES2PbgKTJdkjc_rEeM0TxvOUf7HuUNOhrtAVEN1D5uuxE1WSw",
"e": "AQAB",
"d": "DjU54mYvHpICXHjc5-JiFqiH8NkUgOG8LL4kwt3DeBp9bP0-5hSJH8vmzwJkeGG9L79EWG4b_bfxgYdeNX7cFFagmWPRFrlxbd64VRYFawZHRJt-2cbzMVI6DL8EK4bu5Ux5qTiV44Jw19hoD9nDzCTfPzSTSGrKD3iLPdnREYaIGDVxcjBv3Tx6rrv3Z2lhHHKhEHb0RRjATcjAVKV9NZhMajJ4l9pqJ3A4IQrCBl95ux6Xm1oXP0i6aR78cjchsCpcMXdP3WMsvHgTlsZT0RZLFHrvkiNHlPiil4G2_eHkwvT__CrcbO6SmI_zCtMmypuHJqcr-Xb7GPJoa64WoQ",
"p": "8K33pX90XX6PZGiv26wZm7tfvqlqWFT03nUMvOAytqdxhO2HysiPn4W58OaJd1tY4372Qpiv6enmUeI4MidCie-s-d0_B6A0xfhU5EeeaDN0xDOOl8yN-kaaVj9b4HDR3c91OAwKpDJQIeJVZtxoijxl-SRx3u7Vs_7meeSpOfE",
"q": "7a5KnUs1pTo72A-JquJvIz4Eu794Yh3ftTk_Et-83aE_FVc6Nk-EhfnwYSNpVmM6UKdrAoy5gsCvZPxrq-eR9pEwU8M5UOlki03vWY_nqDBpJSIqwPvGHUB16zvggsPQUyQBfnN3N8XlDi12n88ltvWwEhn1LQOwMUALEfka9_s",
"dp": "DB9nGuHplY_7Xv5a5UCs5YgxkWPtJFfbIZ1Zr-XHCCY09JIWReOGQG226OhjwixKtOK_OqmAKtMKM9OmKviJRHNbDhbTxumN3u7cL8dftjXpSryiEQlPmWyW94MneI2WNIrvh4wruQuDt8EztgOiDFxwcnUgey8iend7WmZnE7E",
"dq": "O-bSTUQ4N_UuQezgkF3TDrnBraO67leDGwRbfiE_U0ghQvqh5DA0QSPVzlWDZc9KUitvj8vxsR9o1PW9GS0an17GJEYuetLnkShKK3NWOhBBX6d1yP9rVdH6JhgIJEy_g0Suz7TAFiFc8i7JF8u4QJ05C8bZAMhOLotqftQeVOM",
"qi": "InfGmkb2jNkPGuNiZ-mU0-ZrOgLza_fLL9ErZ35jUPhGFzdGxJNobklvsNoTd-E2GAU41YkJh24bncMLvJVYxHHA5iF7FBWx1SvpEyKVhhnIcuXGD7N5PbNZzEdmr9C6I7cPVkWO-sUV7zfFukexIcANmsd_oBBGKRoYzP5Tti4"
}

Paste your JWK (JSON format) or PEM key here

Learn & try with AI

Conversion Result

Your converted keys will appear here

Select conversion type, paste your key, and click "Convert"

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users

200+ tools

100% private

☕ One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good

Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

Understanding JSON Web Keys (JWK)

A JSON Web Key (JWK) is a JSON data structure that represents a cryptographic key, as defined in RFC 7517. JWK format provides a standardized way to represent cryptographic keys in JSON, making them easy to exchange between systems, particularly in modern web applications, APIs, and security protocols like JWT, OAuth 2.0, and OpenID Connect.

Key Benefits:

Standardized Format: Industry-standard JSON structure for key representation
Easy Integration: Native JSON format works seamlessly with web APIs and JavaScript
Self-Describing: Key metadata (algorithm, usage, etc.) is embedded in the key itself
Flexible: Supports multiple key types: RSA, Elliptic Curve (EC), Octet Key Pair (OKP), and Octet Sequence

JWK Examples by Key Type

Elliptic Curve (EC) JWK Example

{
  "kty": "EC",
  "crv": "P-256",
  "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
  "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
  "kid": "my-ec-key-2025",
  "use": "sig",
  "alg": "ES256"
}

EC Key Details: Elliptic Curve keys are efficient and secure. P-256 (secp256r1) provides 128-bit security, equivalent to RSA 3072-bit. Supported curves: P-256, P-384, P-521. Commonly used in modern applications for JWT signing and OAuth 2.0.

RSA JWK Example (Public Key)

{
  "kty": "RSA",
  "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmb...",
  "e": "AQAB",
  "kid": "my-rsa-key-2025",
  "use": "sig",
  "alg": "RS256"
}

RSA Key Details: RSA keys are widely supported and used for both encryption and signing. Recommended sizes: 2048-bit (minimum), 4096-bit (recommended for long-term security). The n parameter is the modulus, e is the public exponent (typically 65537).

Octet Key Pair (OKP) - Ed25519 Example

{
  "kty": "OKP",
  "crv": "Ed25519",
  "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
  "kid": "my-ed25519-key-2025",
  "use": "sig",
  "alg": "EdDSA"
}

OKP Key Details: Octet Key Pairs represent Edwards curve keys (Ed25519/Ed448). Ed25519 provides excellent security (128-bit) with small key sizes (256 bits) and fast operations. Used in modern JWT implementations and SSH keys. Ed448 provides 224-bit security.

Octet Sequence (HMAC/AES) Example

{
  "kty": "oct",
  "k": "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
  "kid": "my-hmac-key-2025",
  "use": "sig",
  "alg": "HS256"
}

Security Warning: Octet sequence keys are symmetric keys used for HMAC (HS256, HS384, HS512) and AES encryption. Keep these keys secret! They are used for both signing and verification, unlike asymmetric keys.

JWK Key Types Comparison

Key Type	kty Value	Use Cases	Security Level	Key Size	Recommendation
Elliptic Curve	`EC`	JWT signing, OAuth 2.0, modern APIs	128-256 bit	256-521 bits	Highly Recommended Best for new projects
RSA	`RSA`	JWT signing, encryption, legacy systems	112-140 bit	2048-4096 bits	Recommended Widely compatible
Octet Key Pair	`OKP`	Ed25519/Ed448 signatures, modern JWT	128-224 bit	256-456 bits	Excellent Modern alternative to EC
Octet Sequence	`oct`	HMAC signatures, AES encryption	128-256 bit	128-512 bits	Symmetric Keep secret!

RSA JWK Field Reference

RSA keys in JWK format contain the following fields (all Base64URL encoded):

Public Key Fields

kty - Key type (always "RSA" for RSA keys)
n - Modulus (the public key component)
e - Public exponent (typically "AQAB" = 65537)
kid - Key ID (optional, for key identification)
use - Key use (optional: "sig" for signing, "enc" for encryption)
alg - Algorithm (optional: "RS256", "RS384", "RS512")

Private Key Fields

d - Private exponent (secret)
p - First prime factor (secret)
q - Second prime factor (secret)
dp - First factor CRT exponent: d mod (p-1)
dq - Second factor CRT exponent: d mod (q-1)
qi - First CRT coefficient: q^-1 mod p

Security Note: Private key fields (d, p, q, dp, dq, qi) must be kept secret and never shared.

Common JWK Use Cases

JWT (JSON Web Tokens)

JWK is used to represent the public keys for verifying JWT signatures. JWK Sets (JWKS) are commonly exposed at endpoints like /.well-known/jwks.json for token verification.

OAuth 2.0 / OpenID Connect

OAuth 2.0 providers use JWK Sets to publish their public keys, allowing clients to verify ID tokens and access tokens without pre-sharing keys.

API Authentication

APIs can use JWK for key-based authentication, allowing clients to register public keys and sign requests with corresponding private keys.

Key Exchange

JWK format simplifies key exchange between systems, making it easy to share public keys via JSON APIs, configuration files, or key management systems.

About This Tool & Author

Expert-Maintained Cryptography Tool

This JWK to PEM converter is developed and maintained by Anish Nath ( @anish2good), a Security Engineer and Cryptography Expert with extensive experience in network security and cryptographic implementations. The tool has been serving the developer and DevOps community since 2018, with over 756 verified reviews averaging 4.6/5 stars.

Security & Privacy Commitment

No Data Collection: Your keys are processed securely and are not stored on our servers. Nothing is logged or retained.
Industry Standards: Uses proven cryptographic libraries implementing RFC 7517 (JWK) and OpenSSL standards.
Regular Updates: Tool is actively maintained with security best practices and format support updated regularly.
Open Source Standards: Compatible with JWT, OAuth 2.0, OpenSSL, and all major cryptographic implementations.

Version History

v2.0 (Jan 2025): Enhanced UX, improved JSON response handling, added EEAT signals
v1.5 (2020): Added EC key support for JWK to PEM conversion
v1.0 (2018): Initial release with RSA support

Official Resources

Learn more about JWK and cryptographic key formats:

Community

Over 500,000 developers use 8gwifi.org tools monthly

Follow @anish2good on X

Trust Signals

7+ years of service
756 verified reviews
Active maintenance
Privacy-first approach

JWK to PEM Converter Online

Conversion Configuration

Conversion Result

Support This Free Tool

Understanding JSON Web Keys (JWK)

JWK Examples by Key Type

JWK Key Types Comparison

RSA JWK Field Reference

Public Key Fields

Private Key Fields

Common JWK Use Cases

JWT (JSON Web Tokens)

OAuth 2.0 / OpenID Connect

API Authentication

Key Exchange

About This Tool & Author

Expert-Maintained Cryptography Tool

Security & Privacy Commitment

Version History

Official Resources

Community

Trust Signals

Quick Access

PGP Tools

Sharing Services

Security Tools

Cryptography

Network Tools

Legal & Compliance

DevOps/Container

Blockchain

Encoders/Converters

Developer Tools

Machine Learning Visualizers

Media Tools

Documents & PDF

Finance

Health

Lifestyle & Productivity

Chemistry

Math & Education

Physics Tools

Internationalization