diff --git a/lib/rasha.js b/lib/rasha.js
index 639aa44..da0e4ba 100644
--- a/lib/rasha.js
+++ b/lib/rasha.js
@@ -1,13 +1,12 @@
 'use strict';
 
 var RSA = module.exports;
-var ASN1 = require('./asn1.js');
-//var Enc = require('./encoding.js');
-var PEM = require('./pem.js');
 var SSH = require('./ssh.js');
+var PEM = require('./pem.js');
+var x509 = require('./x509.js');
+var ASN1 = require('./asn1.js');
 var Enc = require('./encoding.js');
 
-
 /*global Promise*/
 RSA.parse = function parseRsa(opts) {
   return Promise.resolve().then(function () {
@@ -19,13 +18,13 @@ RSA.parse = function parseRsa(opts) {
     }
     var pem = opts.pem;
     var block = PEM.parseBlock(pem);
-    var asn1 = ASN1.parse(block.der);
     //var hex = toHex(u8);
     var jwk = { kty: 'RSA' };
+    var asn1 = ASN1.parse(block.der);
 
-    console.log(asn1);
-    var len = asn1.children.length;
-    if (2 === len || 9 === len) {
+    var meta = x509.guess(block.der, asn1);
+
+    if ('pkcs1' === meta.format) {
       jwk = RSA.parsePkcs1(block.der, asn1, jwk);
     } else {
       jwk = RSA.parsePkcs8(block.der, asn1, jwk);
@@ -75,11 +74,14 @@ RSA.parsePkcs1 = function parseRsaPkcs1(buf, asn1, jwk) {
     jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
     jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
     jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
-
     return jwk;
+
   } else {
     throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)");
   }
 };
+
 RSA.parsePkcs8 = function parseRsaPkcs8(buf, asn1, jwk) {
+  console.log(asn1);
+  return jwk;
 };
diff --git a/lib/x509.js b/lib/x509.js
new file mode 100644
index 0000000..23d2ccd
--- /dev/null
+++ b/lib/x509.js
@@ -0,0 +1,29 @@
+'use strict';
+
+//var ASN1 = require('./asn1.js');
+var x509 = module.exports;
+
+x509.guess = function (der, asn1) {
+  // accepting der for compatability with other usages
+
+  var meta = { kty: 'RSA', format: 'pkcs1', public: true };
+  //meta.asn1 = ASN1.parse(u8);
+
+  if (asn1.children.every(function(el) {
+    return 0x02 === el.type;
+  })) {
+    if (2 === asn1.children.length) {
+      // rsa pkcs1 public
+      return meta;
+    } else if (asn1.children.length >= 9) {
+      // the standard allows for "otherPrimeInfos", hence at least 9
+      meta.public = false;
+      // rsa pkcs1 private
+      return meta;
+    } else {
+      throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)");
+    }
+  }
+
+  return meta;
+};