step crypto key format

step crypto key format -- reformat a public or private key

step crypto key format prints or writes the key in a different format.

By default PEM formatted keys will be converted to DER with the following rules:

And DER encoded keys will be converted to PEM with the following rules:

The flags --pkcs8, --pem, --der, --ssh, and --jwk can be use to change the previous defaults. For example we can use --pkcs8 to save a PKCS#1 RSA key to the PKCS#8 form. Or we can combine --pem and --pkcs8 to convert to PKCS#8 a PEM file.

key-file Path to a file with a public or private key, or the public key of an X.509 certificate.

--pkcs8 Convert RSA and ECDSA private keys to PKCS#8 PEM/DER format.

--pem Uses PEM as the result encoding format. If neither --pem nor --der nor --ssh nor --jwk are set it will always switch to the DER format.

--der Uses DER as the result enconfig format. If neither --pem nor --der nor --ssh nor --jwk are set it will always switch to the PEM format.

--ssh Uses OpenSSH as the result encoding format.

--jwk Uses JSON Web Key as the result encoding format.

--out=value Path to write the reformatted result.

--password-file=value Location of file containing passphrase to decrypt private key.

--no-password Do not ask for a password to encrypt a private key with PEM format. Sensitive key material will be written to disk unencrypted. This is not recommended. Requires --insecure flag.

--insecure

-f, --force Force the overwrite of files without asking.

This command returns 0 on success and >0 if any error occurs.

Convert a PEM file to DER:

Convert DER file to PEM:

Convert a PEM file to OpenSSH:

Convert a PEM file to JWK:

Convert PEM file to DER and write to disk:

Convert a PKCS#1 RSA private key to PKCS#8 using the PEM format:

Convert PKCS#8 RSA private key to the PKCS#1 format:

Convert an ASN.1 DER format to the PEM-encoded PKCS#8 format:

Convert an ASN.1 DER format to the DER-encoded PKCS#8 format: