JWK Generator

Generate and convert cryptographic keys in PEM and JWK formats for secure signing and encryption.

Your data security is our top priority. All key generation and transformation happen in this browser. This tool does not store or send your keys outside of the browser.
See source code in: https://github.com/authgear/authgear-widget-jwk-generator

Encode/Decode JWT
Quickly create and inspect JWTs. Paste a JWT to decode the header and payload, or craft your own for testing.
Sign & Verify JWT
Generate cryptographic signatures when creating JWTs, and verify existing JWT signatures to confirm token authenticity and integrity.
JWE Encryption
Encrypt any JWT into a JWE using a public key, ensuring data remains confidential during transmission.
JWE Decryption
Decrypt a JWE token to retrieve the original JWT—including the payload—for analysis.

How the Tool Works

Step 1.
Convert Between PEM and JWK:
  • Paste your PEM key to convert it into a JSON Web Key format or vice versa.
  • Copy the converted key for use in your applications.
Step 2.
Generate New Keys:
  • Select whether you want a key for signature or encryption tasks.
  • Choose the key type suitable for your security needs, such as symmetric (oct), RSA, or elliptic curve (EC or OKP).
  • Pick the cryptographic algorithm to match your system requirements (e.g., RS256 for RSA signature).
  • Receive the generated keys:Symmetric:
  • a. Secret key string + JWK JSON.
  • b. Asymmetric: PEM-formatted private and public keys + corresponding JWK objects for private and public key parts.
Step 3.
Use Your Keys Securely:
  • Implement these keys to sign or encrypt JWTs.
  • Host JWK sets on your authorization servers for key discovery.
  • Rotate and manage keys easily for robust security posture.
What is a JWT (JSON Web Token)?
A JSON Web Key (JWK) is a JSON data structure that represents cryptographic keys. JWKs are part of the JSON Web Token family of standards, used to securely represent keys for use in JWT signing, encryption, and verification tasks.Why JWK?
Machine-friendly JSON format, easy to use across web APIs
Supports all key types—symmetric and asymmetric
Facilitates key rotation and management for modern applications
What is PEM
PEM (Privacy Enhanced Mail) is a common format for storing and sharing cryptographic keys, typically in base64-encoded blocks. Many cryptography libraries and tools still use PEM format.
Best Practices
Always protect your private keys and secrets—never expose them publicly.
Use appropriate key lengths and algorithms according to your security requirements.
Regularly rotate keys to minimize risk and maintain security integrity.