# KeyToJwk()

Converts a cryptographic key to JWK (JSON Web Key) format — the standard JSON representation used by OAuth/OIDC providers to publish their public keys.

Accepts a key pair struct, PEM string, or Java key object.

**Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D)

```
KeyToJwk( key=any );
```

**Returns:** struct

# Arguments

| Argument | Type | Required | Description | Default |
|----------|------|----------|-------------|---------|
| key | any | Yes | Key to convert: PublicKey, PrivateKey, SecretKey, PEM string, or key pair struct from GenerateKeyPair() |  |

# Examples

```cfml
// Convert a key or key pair to JSON Web Key (JWK) format (RFC 7517)
// JWK is the standard way to represent cryptographic keys in JSON

// Convert a full key pair - includes private key material
kp = GenerateKeyPair( "RSA" );
jwk = KeyToJwk( kp );
// jwk.kty == "RSA", includes n, e (public) and d (private)

// Convert just the public key - safe to publish
jwk = KeyToJwk( kp.public );
// jwk.kty == "RSA", includes n, e but NOT d

// EC keys
ecKp = GenerateKeyPair( "P-256" );
jwk = KeyToJwk( ecKp );
// jwk.kty == "EC", jwk.crv == "P-256", includes x, y, d

jwk = KeyToJwk( ecKp.public );
// jwk.kty == "EC", includes x, y but NOT d

// Ed25519 keys use the OKP (Octet Key Pair) type
edKp = GenerateKeyPair( "Ed25519" );
jwk = KeyToJwk( edKp );
// jwk.kty == "OKP", jwk.crv == "Ed25519"

// Common workflow: publish your public key as a JWKS for JWT verification
jwk = KeyToJwk( kp.public );
jwksJson = '{"keys":[' & serializeJSON( jwk ) & ']}';
// Serve this JSON at /.well-known/jwks.json
```







# Categories

[Cryptography](../../categories/crypto.md)

# See Also

[GenerateKeyPair()](generatekeypair.md), [JwkToKey()](jwktokey.md), [KeyToPem()](keytopem.md), [PemToKey()](pemtokey.md)