step certificate key


step certificate key -- print public key embedded in a certificate


step certificate key <crt-file> [--out=<file>]


step certificate key prints the public key embedded in a certificate or a certificate signing request. If crt-file is a certificate bundle, only the first block will be taken into account.

The command will print a public or a decrypted private key if crt-file contains only a key.

Positional arguments

crt-file Path to a certificate or certificate signing request (CSR).


--out=file, --output-file=file The destination file of the public key.

-f, --force Force the overwrite of files without asking.


Get the public key of a certificate:

$ step certificate key certificate.crt -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEio9DLyuglMxakS3w00DUKdGbeXXB 2Mfg6tVofeXYan9RbvftZufiypIAVqGZqO7CR9EbkoyHb/7GcKQa5HZ9rA== -----END PUBLIC KEY-----

Get the public key of a CSR and save it to a file:

$ step certificate key certificate.csr --out key.pem