Useful commands

Here is a handful of openssl commands that you may need.

Checking the curve specification of your public key

The command:
openssl ec -pubin -in ec-secp256k1-pub-key.pem -text -noout -param_out
The result for the ec-secp256k1-pub-key.pem public key:
read EC key
Private-Key: (256 bit)
pub: 
04:d4:cb:47:23:19:46:3f:94:c0:46:a0:5c:72:b7:
5d:36:6d:45:9d:81:f5:16:9f:a8:9c:44:f3:e4:a6:
d7:3d:27:86:e4:51:b0:28:c5:17:19:f0:26:49:92:
6a:da:01:0d:50:b1:5e:c3:0c:a6:b7:ef:5b:4d:79:
23:05:98:61:f0
ASN1 OID: secp256k1

Extracting a public key from a PEM certificate file

You can extract a public key from an ECDSA certificate in PEM format. In this example, the certificate file is named: ec256_cert.pem and looks like that:
-----BEGIN CERTIFICATE-----
MIIBfTCCASMCCQCKDA6MX6K5vDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJQTDET
MBEGA1UECgwKQWthbWFpLmNvbTEPMA0GA1UECwwGQWthbWFpMRMwEQYDVQQDDAph
a2FtYWkuY29tMB4XDTIwMDQyODExMjcxMloXDTIyMTIxNDExMjcxMlowSDELMAkG
A1UEBhMCUEwxEzARBgNVBAoMCkFrYW1haS5jb20xDzANBgNVBAsMBkFrYW1haTET
MBEGA1UEAwwKYWthbWFpLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABNTLRyMZ
Rj+UwEagXHK3XTZtRZ2B9RafqJxE8+Sm1z0nhuRRsCjFFxnwJkmSatoBDVCxXsMM
prfvW015IwWYYfAwCgYIKoZIzj0EAwIDSAAwRQIhAJZtIa0TeuLQgfSPJ9rVZwwx
Y0wxsGvf02XKhx0s77UmAiB7S9K8cJl+KNT5KDDZV8wSNfgYCdObzWXeqW3xa6ml
Wg==
-----END CERTIFICATE-----
The command:
openssl x509 -pubkey -noout -in ec256_cert.pem > ec-secp256k1-pub-key-extracted.pem
The result is the ec-secp256k1-pub-key-extracted.pem public key:
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1MtHIxlGP5TARqBccrddNm1FnYH1Fp+o
nETz5KbXPSeG5FGwKMUXGfAmSZJq2gENULFewwymt+9bTXkjBZhh8A==
-----END PUBLIC KEY-----
Tip: You can check the curve specification of the extracted ec-secp256k1-pub-key-extracted.pem key with the command:
openssl ec -pubin -in ec-secp256k1-pub-key-extracted.pem -text -noout -param_out
You'll see a result similar to this one:
read EC key
Private-Key: (256 bit)
pub: 
    04:d4:cb:47:23:19:46:3f:94:c0:46:a0:5c:72:b7:
    5d:36:6d:45:9d:81:f5:16:9f:a8:9c:44:f3:e4:a6:
    d7:3d:27:86:e4:51:b0:28:c5:17:19:f0:26:49:92:
    6a:da:01:0d:50:b1:5e:c3:0c:a6:b7:ef:5b:4d:79:
    23:05:98:61:f0
ASN1 OID: secp256k1

Removing a passphrase from a private key

You can remove a passphrase if you added it when creating an RSA private key In this example, the private key file is named: jwtRSA256-private.pem.

The command:
openssl rsa -in jwtRSA256-private.pem -out noPassphraseJwtRS256.pem

The result is the noPassphraseJwtRS256.pem public private key without a passphrase: