Skip to content

pilinux/unjwks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
base64.go
base64.go
 
 
dependabot.yml
dependabot.yml
 
 
go.mod
go.mod
 
 
jwk.go
jwk.go
 
 
jwt_test.go
jwt_test.go
 
 

Repository files navigation

unjwks

Overview

  • Purpose: Parse JWK / JWKS payloads and convert them to Go crypto public keys (RSA, ECDSA, Ed25519) and PEM bytes.
  • Use cases:
    • Tooling or services that need to inspect JWK(S) and produce standard Go crypto objects or PEM exports.
    • Backend services that need to verify JWTs signed with keys provided in JWK(S) format. Auth services often publish their public keys in JWKS format.
    • Libraries like github.com/golang-jwt/jwt/v5 can use Go crypto public keys to verify JWT signatures.
  • Supported key types:
    • RSA (RS256, RS384, RS512)
    • ECDSA (ES256, ES384, ES512)
    • EdDSA (Ed25519)

Quick example

  • Import: github.com/pilinux/unjwks

Basic usage

var jwk unjwks.JWK
// populate jwk from JSON (unmarshal)
pub, err := unjwks.ParseRSAPublicKey(jwk)
if err != nil { /* handle */ }
pemBytes, err := unjwks.ExportRSAPublicKeyToPEM(pub)
// use pemBytes (e.g., write to file, feed to x509)

Hosted API

Application is deployed on https://unjwks.pilinux.me.

Usage

  • HTTP method: POST
  • URL: https://unjwks.pilinux.me/<kid>
    • Replace <kid> with the desired key ID to extract from the JWKS.
  • Headers:
    • Content-Type: application/json
  • Body: JWKS JSON payload.

Sample JSON body (JWKS)

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "my-rsa-key-1",
      "alg": "RS256",
      "n": "---BASE64URL_ENCODED_MODULUS---",
      "e": "AQAB"
    }
  ]
}

Send the JWKS JSON to the endpoint to receive the PEM for the specified kid.

Asymmetric key pairs (OpenSSL)

ECDSA

ES256 (prime256v1 / P-256):

openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem

ES384 (secp384r1):

openssl ecparam -name secp384r1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem

ES512 (secp521r1):

openssl ecparam -name secp521r1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem

EdDSA

Ed25519:

openssl genpkey -algorithm Ed25519 -out private-key.pem
openssl pkey -in private-key.pem -pubout -out public-key.pem

RSA

RS256 (2048 bits):

openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -in private-key.pem -pubout -out public-key.pem

RS384 (3072 bits):

openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:3072
openssl rsa -in private-key.pem -pubout -out public-key.pem

RS512 (4096 bits):

openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -in private-key.pem -pubout -out public-key.pem

Notes

This repository provides parsers and exporters for JWK / JWKS to Go crypto types. See the code (for example, jwk.go) for supported fields and conversion helpers.

About

Convert public keys from JWKS to PEM format using Go

unjwks.pilinux.me

Topics

jwk jwkset jwks jwks-to-pem

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 Latest
Jan 25, 2026

Contributors

Languages