diff --git a/.gitignore b/.gitignore
index 9e11ecb..6cd9c9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # key/cert files
 *.p15
 *.pem
+*.b64
 
 # ignore test_data folder
 /_test_data
diff --git a/pkg/app/cmd_create.go b/pkg/app/cmd_create.go
index bc9ecdf..46b239c 100644
--- a/pkg/app/cmd_create.go
+++ b/pkg/app/cmd_create.go
@@ -2,6 +2,7 @@ package app
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"os"
 )
@@ -59,5 +60,31 @@ func (app *app) cmdCreate(_ context.Context, args []string) error {
 	}
 	app.stdLogger.Printf("create: apc p15 key file %s written to disk", keyFileName)
 
+	// if debug, write additional debug files (b64 format to make copy/paste into asn1 decoder
+	// easy to do e.g., https://lapo.it/asn1js)
+	if app.config.debugLogging != nil && *app.config.debugLogging {
+		keyCertFileNameDebug := keyCertFileName + ".noheader.b64"
+		err = os.WriteFile(keyCertFileNameDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0777)
+		if err != nil {
+			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+		}
+		app.debugLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileNameDebug)
+
+		keyCertFileNameHeaderDebug := keyCertFileName + ".header.b64"
+		err = os.WriteFile(keyCertFileNameHeaderDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0777)
+		if err != nil {
+			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
+		}
+		app.debugLogger.Printf("create: apc p15 key+cert file header %s written to disk", keyCertFileNameHeaderDebug)
+
+		keyFileNameDebug := keyFileName + ".b64"
+		err = os.WriteFile(keyFileNameDebug, []byte(base64.StdEncoding.EncodeToString(keyFile)), 0777)
+		if err != nil {
+			return fmt.Errorf("create: failed to write apc p15 key file (%s)", err)
+		}
+		app.debugLogger.Printf("create: apc p15 key file %s written to disk", keyFileNameDebug)
+
+	}
+
 	return nil
 }
diff --git a/pkg/app/config.go b/pkg/app/config.go
index bea67aa..e8ff1fc 100644
--- a/pkg/app/config.go
+++ b/pkg/app/config.go
@@ -57,7 +57,7 @@ func (app *app) getConfig(args []string) error {
 	// apc-p15-tool -- root command
 	rootFlags := ff.NewFlagSet("apc-p15-tool")
 
-	cfg.debugLogging = rootFlags.BoolLong("debug", "set this flag to enable additional debug logging messages")
+	cfg.debugLogging = rootFlags.BoolLong("debug", "set this flag to enable additional debug logging messages and files")
 
 	rootCmd := &ff.Command{
 		Name:  "apc-p15-tool",