CryptoSys PKI Toolkit Manual

PEM string alternative for X.509 certificates and RSA key files

In the same way you can pass a base64 string instead of an X.509 filename, you can now pass a string containing the certificate in PEM format. The PEM format looks like

-----BEGIN CERTIFICATE-----
MIHgMIGaAgEBMA0GCSqG...
-----END CERTIFICATE-----

Similarly, those RSA functions which require you to pass the filename of an RSA key file will now accept a string that contains the file contents in PEM format. An RSA key file in PEM format looks like

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICojAcBgoqhkiG9w0BDAEDMA4ECHPQz6NdAmoFAgIH0ASCAoBKn9KXr+dm
Vtc0ZhEog7t3Prs4rJazwUsXExU78ePLMquxLi/cPmqtyjb472r6XUOa...
-----END ENCRYPTED PRIVATE KEY-----

The functions will accept all strings that start with "-----BEGIN" and are of the form

-----BEGIN XXX-----\n
(base64-encoded data)
\n-----END XXX-----

provided there is a newline character, either LF or CRLF (indicated as \n above) between the pre-encapsulation boundary "-----BEGIN XXX-----" and the start of the base64 data, and another before the post-encapsulation boundary "-----END XXX-----". So do not remove the newline characters from the PEM string. The exact word or words used for "XXX" do not matter. Any non-base64 characters found in the encoded data, including newline characters or spaces, will be ignored.

This means, for example, that you can store your certificates and encrypted private keys as strings in a database. Note that an X.509 certificate can be passed either as a plain base64 string or in PEM format; that is, both with and without the "-----BEGIN CERTIFICATE-----" encapsulation; but RSA key data can only be passed in PEM format.

Examples

This first example shows how an encrypted private key can be read from a string instead of a file.

Dim strKeyPemData As String
' The vbCrLf after the first line is important and so is the one before the last line
strKeyPemData = _
    "-----BEGIN ENCRYPTED PRIVATE KEY-----" & vbCrLf & _
    "MIICojAcBgoqhkiG9w0BDAEDMA4ECHPQz6NdAmoFAgIH0ASCAoBKn9KXr+dm" & vbCrLf & _
    "Vtc0ZhEog7t3Prs4rJazwUsXExU78ePLMquxLi/cPmqtyjb472r6XUOa9J/v" & vbCrLf & _
    "g2gYHlJ7D7FfAdTdVbHmXWfZzdIqI+AKZmrMoIfSVSSrI8mLDXLDgJVm2Gxa" & vbCrLf & _
    "r/YJ154L4fwqWjj0b06v8nTrXTp7G3ZSxjmXc3auf8tS1RatpDuSn027jBGt" & vbCrLf & _
    "Pg2CGPjeSomOU7Efd89R+gryW3RfXaMEv1TtGmdS+szxN4TAzgFTzjzE7qJ2" & vbCrLf & _
    "+WL09hBRxSyi5JybbxblrO5zDbGJD8rq4kGawWUj4PYDpOkxQYQyK/cALEvv" & vbCrLf & _
    "EipLeWvk03CadKER3EcpL7wQT3N5wJGNx7GR3efkO7lO/VfGf6kYFsJ8Qt94" & vbCrLf & _
    "vBlgq84abgSD+rlRX03re/NLJQ00Qxl3bDrkSiRoXSfBiOeVzBVTsh03Sj4B" & vbCrLf & _
    "V0v2KLENsMXr40rMqTGfKD3V+FyYUehWEkEl3NrIVpBSJir+g4H3tl76SdNe" & vbCrLf & _
    "mq/cTtQP+EY8fpC3I46dyDXFat3wQfubw+E5nGfv7xp6vRVRRolpZx7DpuB/" & vbCrLf & _
    "z1tzO3uP0vJ0pjATriO/ZAVs6UrXx+DJ6XsfrAVt0jpW5Ngr8rm2EiD3/1T9" & vbCrLf & _
    "7q1dELJ7GzCY1dG99XVjt9ZXb7cI8zsPpT/gzQJLfeLe3U5Mdw0hKZLfPCex" & vbCrLf & _
    "0urs3ytK0XNu+jZAYeSaysG8/rHJaH74WOgJ8gnSPY4QtWsu6+3qBErS2jbq" & vbCrLf & _
    "7E2jRvBKWICVd1yiQCDq/c6s9LeYhNhZsmcWxuX9b4lG9f1LHZy0djhIYi4x" & vbCrLf & _
    "IpcEfjkTH+7zUOkMQ+fXZHtSEVFt9L2Ci49jB8YReqbfOuDFzzwsk3xxfL2h" & vbCrLf & _
    "ZoRK" & vbCrLf & _
    "-----END ENCRYPTED PRIVATE KEY-----"
    
Dim nLen As Long
Dim strPassword As String
Dim strPrivateKey As String

strPassword = "password"

' How long is PrivateKey string?
nLen = RSA_ReadEncPrivateKey("", 0, strKeyPemData, strPassword, 0)
If nLen <= 0 Then
    Debug.Print "ERROR: RSA_ReadEncPrivateKey returns " & nLen
    Exit Sub
End If
' Pre-dimension the string to receive data
strPrivateKey = String(nLen, " ")
' Read in the Private Key
nLen = RSA_ReadEncPrivateKey(strPrivateKey, Len(strPrivateKey), strKeyPemData, strPassword, 0)
If nLen <= 0 Then
    Debug.Print "ERROR: RSA_ReadEncPrivateKey returns " & nLen
    Exit Sub
End If
Debug.Print "Private key is " & RSA_KeyBits(strPrivateKey) & " bits long."

' ... do something with the private key...

' then make sure it is deleted
strPrivateKey = wipeString(strPrivateKey)

This should produce the output

Private key is 1024 bits long.

[Contents] [Index]

[HOME]   [NEXT: Specifying the algorithm and mode for generic block cipher functions...]

Copyright © 2004-9 D.I. Management Services Pty Ltd. All rights reserved.