PEM ⇄ JWK converter

Paste a key in either format — the direction is detected automatically. RSA, EC (P-256/P-384/P-521) and Ed25519; public and private keys.

This tool is deliberately different from the others: it runs entirely in your browser (WebCrypto). Keys — including private ones — are never sent anywhere.

Supported forms

PEM input must be PUBLIC KEY (SPKI) or PRIVATE KEY (PKCS#8) — the modern OpenSSL defaults. Legacy RSA PRIVATE KEY / EC PRIVATE KEY / OPENSSH PRIVATE KEY blocks aren't importable by WebCrypto; re-wrap them first with openssl pkey -in old.pem -out pkcs8.pem.

Often you don't need this at all

use K2gl\Dsse\PublicKey;

// The k2gl packages accept either form directly — often you don't need
// to convert at all:
$verifier = PublicKey::fromPem($pem);
$verifier = PublicKey::fromJwk($jwk);

k2gl/dsse (and everything built on it — SD-JWT verification included) takes PEM and JWK interchangeably.