JWK ↔ PEM Converter
Convert cryptographic keys between JWK (JSON Web Key) and PEM formats for RSA and EC keys.
JWK vs PEM Key Formats
PEM (Privacy Enhanced Mail) is the classic Base64-encoded DER format wrapped in -----BEGIN ... KEY----- headers. It's used by OpenSSL, nginx, Apache, and most traditional PKI tools. PKCS#8 is the standard format for private keys; SPKI for public keys.
JWK (JSON Web Key) is the JSON representation defined in RFC 7517, used by OAuth 2.0, OIDC, and JWT libraries. JWKS (JWK Set) endpoints expose public keys so that relying parties can verify JWTs dynamically — for example, https://accounts.google.com/.well-known/jwks.json. JWK is the format expected by Web Crypto API and most modern auth libraries (jose, jsonwebtoken, python-jose).
Either a JWK JSON object ({kty, crv, x, y, d} for EC; {kty, n, e, d} for RSA) or a PEM string
Identify key type (RSA / EC), intended use (sign / encrypt), and curve or modulus length
importKey() parses key material into the browser's secure SubtleCrypto key store
exportKey() serializes the key in the target format: 'jwk', 'pkcs8', or 'spki'
PEM: Base64 + -----BEGIN/END----- armor. JWK: JSON with Base64url field values, no padding
Spec: RFC 7517 (JWK), RFC 7638 (JWK thumbprint), RFC 5958 (PKCS#8), RFC 5480 (SPKI)