This script, jwk_to_pem_with_validation.py, converts an RSA JSON Web Key (JWK) into a standard PEM-encoded RSA private key. It also includes validation functionality to ensure the generated key is correct and extracts the public key.
Ensure you have Python 3 installed along with the necessary dependencies. You can install the required package using:
pip install cryptographyor
pip install -r ./requirements.txtSave your RSA JWK as a JSON file in the same location as the script, e.g., test_key.jwk. The structure should resemble the following:
{
"key": {
"kty": "RSA",
"n": "...",
"e": "AQAB",
"d": "...",
"p": "...",
"q": "...",
"dp": "...",
"dq": "...",
"qi": "..."
}
}or, update line 77 to point to your JWK instead of test_key.jwk
# Load the JWK from file (update filename if needed)
with open("test_key.jwk", "r") as f:
jwk_data = json.load(f)["key"]Execute the script with:
python jwk_to_pem_with_validation.pyAfter running the script, the following files will be generated:
rsa_private.pem: The converted RSA private key in PEM format.rsa_public.pem: The extracted RSA public key in PEM format.
Upon execution, you should see output similar to:
🔑 RSA Private Key saved as rsa_private.pem
🔍 Validating RSA Key...
✅ RSA Key is valid
Modulus (n): output_value_here
Exponent (e): output_value_here
🔓 RSA Public Key saved as rsa_public.pemYou can verify the generated PEM key using OpenSSL:
openssl rsa -in rsa_private.pem -checkOutput:
RSA key okopenssl rsa -in rsa_private.pem -pubout -out rsa_public.pem
openssl rsa -in rsa_public.pem -pubin -text -nooutThis should match the modulus (n) and exponent (e) from the original JWK.
- The script supports PKCS#8 format for better compatibility.
- If you need an encrypted private key, update the script to pass a password using
serialization.BestAvailableEncryption(b'password'). - If you encounter issues, ensure that the JWK is properly formatted and includes all necessary fields (
n,e,d,p,q,dp,dq,qi).