RSA Key Formats
A side-by-side reference for PKCS#1, PKCS#8, SubjectPublicKeyInfo, PEM vs DER, and JWK — plus an in-browser demo generator that exports a real RSA key pair using the Web Crypto API. Private keys never leave your browser.
Generate & identify
Result
What this tool does
RSA keys travel in several different containers, and confusing them is one of the most common causes of "wrong key format" errors in TLS, signing, and JWT work. This page is two things at once: a concise reference that lays out the four ASN.1 containers and the JWK JSON form side by side, and a small demo generator. The generator calls crypto.subtle.generateKey with the RSASSA-PKCS1-v1_5 algorithm and SHA-256, then exports the resulting key pair in the formats the browser produces natively — SubjectPublicKeyInfo (SPKI) and JWK for the public key, and PKCS#8 and JWK for the private key. The DER bytes are Base64-armoured into PEM in JavaScript, so the whole exchange stays on your machine.
The second mode does not generate anything. Paste any PEM block and the tool reports which format it is by reading the dashed header label and decoding the first few DER bytes — the outer SEQUENCE tag (0x30) and its length field — so you can quickly tell a PKCS#1 key from a PKCS#8 key or an SPKI public key.
When to use it
Reach for this when a library rejects a key with an opaque error, when you need a throwaway key pair to test a parser or a signing pipeline, or when you simply want to remember which PEM header maps to which structure. It is also handy for teaching: generate a 2048-bit pair, look at the SPKI and JWK side by side, and the relationship between the ASN.1 integers and the JWK n/e fields becomes obvious. For real-world certificate and CSR inspection, pair it with the dedicated parsers linked below.
The formats at a glance
PKCS#1
RSA-specific. RSAPrivateKey and RSAPublicKey SEQUENCEs holding only the RSA integers. PEM headers RSA PRIVATE KEY and RSA PUBLIC KEY.
PKCS#8
Algorithm-neutral PrivateKeyInfo: an AlgorithmIdentifier (rsaEncryption) wrapping the PKCS#1 key in an OCTET STRING. PEM header PRIVATE KEY.
SubjectPublicKeyInfo
The X.509 public-key container: AlgorithmIdentifier + a BIT STRING wrapping the PKCS#1 RSAPublicKey. PEM header PUBLIC KEY.
PEM vs DER
DER is the raw binary ASN.1. PEM is that same DER, Base64-encoded between dashed BEGIN/END lines. Converting is encoding only — the structure is identical.
JWK
JSON Web Key. Fields: kty (RSA), n and e for public; private adds d, p, q, dp, dq, qi. Integers are base64url with no leading zero byte.
What Web Crypto exports
The browser exports public keys as spki or jwk, and private keys as pkcs8 or jwk. It does not expose PKCS#1 directly.
Input and output
Generate mode takes only a key size and produces four exports: the public key as SPKI PEM and JWK, and the private key as PKCS#8 PEM and JWK. Each block is labelled, and the JWK is pretty-printed JSON. Identify mode takes a pasted PEM block as input and outputs the detected format name, the matched header label, and the first decoded DER bytes (tag, length, and what they imply). If the input is not a valid PEM block, an inline error explains what is wrong.
Common mistakes
- Assuming
PRIVATE KEYmeans PKCS#1. TheRSAprefix is the tell:RSA PRIVATE KEYis PKCS#1; barePRIVATE KEYis PKCS#8. - Feeding an SPKI public key to a PKCS#1 parser. They differ by the AlgorithmIdentifier and BIT STRING wrapper, so a bare-RSAPublicKey parser will choke on SPKI.
- Expecting PEM↔DER to change the format. It only changes the encoding; a PKCS#8 PEM is a PKCS#8 DER once Base64-decoded.
- Reusing a 1024-bit key. 1024-bit RSA is considered broken for new use; some browsers' Web Crypto will refuse it outright, which this tool reports rather than faking a result.
- Treating a JWK integer as a normal Base64 string. JWK uses base64url without padding and strips leading zero bytes, so
nis not byte-identical to the ASN.1 modulus.