What PEM types can this inspect?

It recognises CERTIFICATE, RSA PRIVATE KEY (PKCS#1), EC PRIVATE KEY (SEC1), PRIVATE KEY (PKCS#8), PUBLIC KEY (SubjectPublicKeyInfo) and RSA PUBLIC KEY blocks. It decodes the base64 body and walks the ASN.1 DER structure.

Is my private key uploaded anywhere?

No. The Base64 is decoded and the ASN.1 is parsed entirely in your browser using JavaScript. Nothing is sent to any server, so it is safe to inspect real private keys offline.

How is the RSA key size determined?

For RSA keys the tool reads the modulus INTEGER from the DER structure and counts its significant bits, which gives the standard 2048, 3072 or 4096-bit size after stripping any leading sign byte.

Why does it show a different size for EC keys?

Elliptic-curve keys are sized by their curve, not a modulus. The tool reads the named-curve OID (for example P-256 / prime256v1) and reports the curve and its bit strength rather than a modulus length.

Can it tell me if my certificate is expired?

Yes. For CERTIFICATE blocks it parses the validity SEQUENCE and shows the not-before and not-after timestamps, and flags the certificate as expired or not-yet-valid relative to your device clock.

PEM / Private Key Inspector

A PEM file is a Base64 wrapper around binary ASN.1 DER data, bounded by -----BEGIN ...----- and -----END ...----- lines. The same envelope carries X.509 certificates, RSA and EC private keys, and public keys — the label on the first line tells you which. This inspector decodes the Base64 body and walks the DER structure to surface the most useful facts about a key without ever leaving your browser.

How it works

The tool works in three steps:

Detect the type from the BEGIN label (for example RSA PRIVATE KEY, EC PRIVATE KEY, PRIVATE KEY, PUBLIC KEY or CERTIFICATE).
Base64-decode the body into raw DER bytes.
Parse the ASN.1 DER — a tag/length/value tree — to pull out the fields that matter for that type.

For an RSA PRIVATE KEY the structure is SEQUENCE { version, modulus, publicExponent, ... }; the modulus is the first large INTEGER, and counting its significant bits gives the key size. For an EC PRIVATE KEY the named-curve OID identifies the curve (P-256, P-384, P-521). For a CERTIFICATE the tool reaches the validity SEQUENCE inside tbsCertificate to read the not-before and not-after times.

Example

Pasting an RSA 2048 key produces something like:

Type:       RSA PRIVATE KEY (PKCS#1)
Algorithm:  RSA
Key size:   2048 bits

For a certificate you will additionally see the validity window and whether it is currently in date.

Notes

Bit-size is computed by stripping any leading 0x00 sign byte from the modulus INTEGER, then taking (byteLength * 8) adjusted for the top byte’s highest set bit, so a 2048-bit key reports exactly 2048. EC curves are matched by OID; an unknown OID is shown verbatim so you can look it up. Everything runs locally, so you can safely inspect production keys.