RSA Key Converter
Convert RSA private and public keys between PKCS#1, PKCS#8, SPKI, and DER base64 locally.
About the RSA Key Converter
The RSA Key Converter transforms PEM encoded RSA and generic private or public keys between common formats: PKCS#1 (BEGIN RSA PRIVATE KEY), PKCS#8 (BEGIN PRIVATE KEY), SPKI (BEGIN PUBLIC KEY), and raw DER as base64. Paste a key, pick the output format, and copy the result.
Different tools and platforms expect different wrappers around the same underlying key material. OpenSSL, Java keystores, Windows IIS, and various cloud load balancers disagree on PEM headers. This converter lets you rewrap without openssl on the command line.
Conversion runs entirely in your browser with node-forge. Private keys are never uploaded. Clear the page when finished on a shared machine.
EC keys can convert between PKCS#8 PEM and DER base64. PKCS#1 RSA-specific formats apply when the key is RSA.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
What is the difference between PKCS#1 and PKCS#8?
PKCS#1 wraps RSA key material directly (BEGIN RSA PRIVATE KEY). PKCS#8 wraps any algorithm in a standard envelope (BEGIN PRIVATE KEY). Many modern tools prefer PKCS#8.
Is my private key uploaded?
No. Parsing and conversion happen locally in your browser.
Can I convert encrypted (passphrase protected) keys?
No. Decrypt the key with openssl first, then paste the unencrypted PEM here.
What is SPKI?
Subject Public Key Info is the standard PEM format for public keys (BEGIN PUBLIC KEY). It is what you extract from a certificate or CSR public half.
Why does PKCS#1 export fail?
PKCS#1 RSA PEM is only defined for RSA keys. EC or other algorithms use PKCS#8 or SPKI instead.