# RSA.PublicKey A typed container for an RSA public key parsed from PEM text. ``` struct PublicKey ``` ## Overview `PublicKey` accepts the SubjectPublicKeyInfo (SPKI) framing used almost universally in TLS certificates and JOSE key exchanges: `-----BEGIN PUBLIC KEY-----`, defined by [RFC 5280 §4.1.2.7](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7) and encoded in [RFC 7468](https://datatracker.ietf.org/doc/html/rfc7468) PEM form. Unlike [`RSA.PrivateKey`](/documentation/OpenSSL/RSA/PrivateKey), the legacy PKCS#1 `-----BEGIN RSA PUBLIC KEY-----` framing is **not** accepted; callers holding a PKCS#1 public key must convert it to SPKI first (OpenSSL CLI: `openssl rsa -RSAPublicKey_in -pubout`). Typical consumers: JWT verification pipelines (after the key has been extracted from a JWK), TLS pinning layers comparing against a known SPKI, and tooling that needs to round-trip a public key through storage without mutating it. The type is `Sendable`, so verification pipelines can cache instances across actor boundaries. > Warning: **Verification is not yet functional.** Frame > validation succeeds, but `PublicKey` cannot currently verify > signatures — that path requires the OpenSSL provider layer > (`EVP_PKEY_verify_init`), which is not integrated in this MVP. > See for the complete gap list. > SeeAlso: ``doc://OpenSSL/documentation/OpenSSL/RSA/PrivateKey``, ``doc://OpenSSL/documentation/OpenSSL/RSA/PublicKey/pemData``, > ``doc://OpenSSL/documentation/OpenSSL/RSA/PublicKey/init(pemRepresentation:)``