software

I Got Tired of Running OpenSSL Commands, So I Built a CLI for JWK Generation

Published: (February 27, 2026 at 03:46 AM EST)
3 min read
Source: Dev.to

Source: Dev.to

Introduction

There’s a certain kind of frustration that only developers know. When you need to do something relatively simple, but the tooling forces you through multiple manual steps, terminal commands you have to Google every time, and output files you’re not sure are formatted correctly.

The Problem

I was integrating with a service that required keys in JWK (JSON Web Key) format, not PEM.
I already knew how to generate a key pair with OpenSSL:

# Generate a private EC key
openssl ecparam -name prime256v1 -genkey -noout -out private.pem

# Derive the public key
openssl ec -in private.pem -pubout -out public.pem

Converting those PEM files to JWK, however, was tedious. I wrote a one‑off Node.js script, manually constructed the JWK object, double‑checked the kty, crv, x, y, d fields, and saved the output. It worked, but I knew I’d need to repeat the process.

The Solution: jwk-cli-tool

I built jwk-cli-tool, an interactive CLI that handles the full workflow:

  • Generate a new PEM key pair (EC or RSA)
  • Convert PEM files to JWK JSON format
  • Perform both steps in a single flow

The tool produces four files:

  • *.private.pem
  • *.public.pem
  • *.private.jwk.json
  • *.public.jwk.json

Supported Algorithms

TypeAlgorithms
ECES256, ES384, ES512
RSARS256, RS384, RS512

Installation & Usage

No installation is required. Run the tool with npx:

npx jwk-cli-tool

You will see an interactive menu:

? What would you like to do?
> Generate new PEM key pair
  Generate JWK JSON files
  Exit

From there you can:

  1. Name the key
  2. Pick the algorithm
  3. Choose to generate fresh PEM files or use existing ones from a keys folder

The generated files are placed in:

  • keys/ – for PEM files
  • outputs/ – for JWK JSON files

Both directories are created automatically if they don’t exist. If a key name already exists, the CLI prompts before overwriting.

Example Output

Running the flow for an ES256 key produces a public JWK similar to:

{
  "kty": "EC",
  "use": "sig",
  "alg": "ES256",
  "kid": "myapp",
  "crv": "P-256",
  "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
  "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"
}

The private JWK includes the d parameter in addition to the fields above.

Implementation Details

  • Built with Node.js and TypeScript
  • Uses @inquirer/prompts for the text‑based UI
  • Relies on Node’s built‑in crypto module – no heavy external crypto dependencies

The tool writes to process.cwd(), so wherever you run npx jwk-cli-tool from, the keys/ and outputs/ folders appear there.

Open Source

  • GitHub:
  • npm:

Contributing

Pull requests and feedback are welcome. If you need additional algorithms or features (e.g., EdDSA/Ed25519, JWKS array output, non‑interactive mode for CI pipelines), feel free to open an issue.

Sometimes the best tools come from solving your own problem. Hopefully this saves someone else the same 30 minutes of OpenSSL Googling.

0 views
#JWK #CLI #OpenSSL #Node.js #cryptography #JSON Web Key #key generation #developer tools
View source
Share:
Back to Blog

Related posts

Read more »