PEM · X.509

PEM Parser.

Paste any PEM-encoded text. We extract every -----BEGIN-----/-----END----- block, decode the Base64, and show you the raw bytes — ready for downstream tools.

PEM Parser
What PEM is

PEM (Privacy Enhanced Mail) is a Base64-encoded container format for cryptographic data — certificates, private keys, public keys, CSRs, and CRLs. The Base64 sits between -----BEGIN X----- and -----END X----- markers. This tool extracts the raw bytes from each block; for ASN.1 / X.509 structural parsing, use a dedicated tool like openssl x509 -text.

Frequently asked

About this tool.

PEM (Privacy Enhanced Mail) is a text-based container format for cryptographic data. It wraps Base64-encoded binary data between BEGIN and END markers, like "-----BEGIN CERTIFICATE-----". PEM files commonly contain X.509 certificates, RSA or EC private keys, public keys, certificate signing requests (CSRs), and certificate revocation lists (CRLs).

DER (Distinguished Encoding Rules) is the binary form. PEM is just DER wrapped in Base64 with text markers, designed to survive email and file systems that may corrupt binary data. Our parser extracts the original DER bytes from PEM — those bytes are what tools like OpenSSL operate on internally.

Not yet — this tool extracts the raw DER bytes for inspection. For full X.509 field parsing (Common Name, Subject Alternative Names, validity dates, key usage), use a tool like "openssl x509 -text -noout" on the downloaded DER file.

Yes. The parser finds every BEGIN/END pair and shows each one separately, with its label and a hex dump of the decoded bytes. Certificate chains with three or more certificates are common, and the parser handles them all.

A PEM file is Base64-encoded DER binary wrapped in -----BEGIN...----- / -----END...----- markers. To parse it, strip the header, footer and line breaks, Base64-decode the remaining body back to DER bytes, then run that through an ASN.1/DER decoder to read the public key and metadata. This parser performs those steps for you.
DER is the raw binary encoding of a certificate. PEM is that same DER data Base64-encoded and wrapped in -----BEGIN CERTIFICATE----- / -----END CERTIFICATE----- markers so it can travel safely through text-only channels like email or copy-paste. This parser converts the PEM body back to DER before reading it.
Related tools

More from the toolkit.