#Key formats

• JWK (JSON Web Key)
  • Used in JWT, OAuth, and other web security areas
  • Stores keys in a JSON format
  • {
        "kty": "EC",
        "d": "ld4HSs2CAT3q024_H5RX4WCEr08UyhkyTGHxqxmbL4I",
        "use": "sig",
        "crv": "P-256",
        "x": "fUjn_n2VJUk3aGHGtz1_aUhV2gGj6xg_bz5Bz0cBJ0o",
        "y": "FYuI2kDG8UPtVwJM2RxpK69wf3F-sAk5CAPMImxGB7k",
        "alg": "ES256"
    }
    

• RAW (Uncompressed/Compressed EC Point)
  • Usually stores the x, y coordinates, or just the private scalar
  • Used more for low-level cryptographic operations
• DER (Distinguished Encoding Rules, ASN.1 format)
  • Used in X.509 certificates and PKCS#8 keys
  • Also in Java Keystores (JKS, PKCS#12)
  • Primary format in JCA (/BouncyCastle)
• PEM (Base64-encoded DER with headers)
  • Text format that wraps DER (which makes it easier to handle in files)
  • Used in e.g. OpenSSL, TLS certificates, SSH keys
  • -----BEGIN EC PRIVATE KEY-----
    (Base64-encoded data)
    -----END EC PRIVATE KEY-----