diff --git a/tools/uri2pem.py b/tools/uri2pem.py
new file mode 100644
index 00000000..d21a71d7
--- /dev/null
+++ b/tools/uri2pem.py
@@ -0,0 +1,34 @@
+"""
+CLI tool to create pkcs11-provider pem files from a key uri
+Requirements: asn1crypto
+
+Installation:
+    pip install asn1crypto
+    dnf install python3-asn1crypto
+
+Usage:
+    python keytool.py 'pkcs11:URI-goes-here'
+"""
+
+import sys
+from asn1crypto.core import Sequence, VisibleString, UTF8String
+from asn1crypto import pem
+
+
+class Pkcs11PrivateKey(Sequence):
+    _fields = [("desc", VisibleString), ("uri", UTF8String)]
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print(f"Usage: {sys.argv[0]} private-key-uri")
+        sys.exit(1)
+
+    data = Pkcs11PrivateKey(
+        {
+            "desc": VisibleString("PKCS#11 Provider URI v1.0"),
+            "uri": UTF8String(sys.argv[1]),
+        }
+    )
+
+    print(pem.armor("PKCS#11 PROVIDER URI", data.dump()).decode("ascii"), end="")