Creates a PEM file from a binary file .
Public Declare Function PEM_FileFromBinFile Lib "diCrPKI.dll"
(ByVal strOutputFile As String, ByVal strFileIn As String,
ByVal strHeader As String, ByVal nLineLen As Long) As Long
nRet = PEM_FileFromBinFile(strOutputFile, strFileIn, strHeader, nLineLen)
long __stdcall PEM_FileFromBinFile(const char *szFileOut, const char *szFileIn, const char *szHeader, long nLineLen);
If successful, the return value is zero; otherwise it returns a nonzero error code.
Pem.FileFromBinFile Method Pem.FileFromBinFile Method
static int dipki::Pem::FileFromBinFile (const std::string &fileToMake, const std::string &fileIn, const std::string &header="", int lineLen=0, Eol eol=Eol::Windows)
This function takes the contents of any file (usually an ASN.1 DER- or BER-encoded binary file), treats it as binary data, encodes in base64 format, and encapsulates in a PEM-style header and footer. Leave the header blank to omit the PEM encapsulation and just output plain base64. The default for nLineLen is 64 characters. The recommended limit is 72 characters.
A PEM file is a text file containing encapsulated base64 data of the form
-----BEGIN FOO BAR----- MIAGCSqGSIb3DQEHA... -----END FOO BAR-----
The label in the header between "BEGIN " and the following five dash characters "-----" is set
using the szHeader parameter.
In the above example, strHeader="FOO BAR". You are free to use whatever word or words you like.
In this Toolkit, we make no checks that the content of the file matches the header. However, other applications may.
Here is a list of commonly-used headers for PKI-related files.
| PEM Header | Type of file | Typical file extensions | Comment |
|---|---|---|---|
CERTIFICATE | X.509 certificate | .cer,.der,.pem,.crt | Should contain exactly one certificate |
CERTIFICATE REQUEST | PKCS#10 certificate signing request | .csr,.p10 | |
X509 CRL | X.509 certificate revocation list | .crl | |
PKCS12 | PFX file to PKCS#12 | .p12,.pfx | |
ENCRYPTED PRIVATE KEY | PKCS#8 key | .p8e,.key,(.epk) | Our default private key format |
RSA PUBLIC KEY | PKCS#1 public key | .p1,.pub | Our default public key format |
PUBLIC KEY | SubjectPublicKeyInfo | | OpenSSL format (PKI_KEY_FORMAT_SSL) |
PRIVATE KEY | Unencrypted PKCS#8 private key info | .p8,.pri,.key | Our private key info format |
RSA PRIVATE KEY | Unencrypted PKCS#1 private key | | OpenSSL format (PKI_KEY_FORMAT_SSL) |
PKCS7 | CMS object to PKCS#7 | .p7m,.p7s,.p7c,.p7b,.p7z | Used by OpenSSL |
PKCS #7 SIGNED DATA | ditto | | Used by Thawte for Microsoft users |
NETSCAPE CERTIFICATE CHAIN | "certs-only" PKCS#7 | .p7c,.p7b | Used by Thawte for Netscape users |
Update April 2015: see RFC 7468 "Textual Encodings of PKIX, PKCS, and CMS Structures" [RFC7468] for more definitive rules and recommendations on this subject.
Dim nRet As Long Dim strBinFile As String Dim strPemFile As String Dim strDigest As String ' Input file is a DER-encoded X.509 certificate ' (at 227 bytes, the smallest we could devise) strBinFile = "smallca.cer" strPemFile = "smallca.pem.cer" ' Convert to a PEM file nRet = PEM_FileFromBinFile(strPemFile, strBinFile, "CERTIFICATE", 72) Debug.Print "PEM_FileFromBinFile returns " & nRet & " (expecting 0)" ' To prove we did it properly, compute the thumbprint of the two certs strDigest = String(PKI_SHA1_CHARS, " ") nRet = X509_CertThumb(strBinFile, strDigest, Len(strDigest), PKI_HASH_SHA1) If nRet > 0 Then Debug.Print "SHA-1(der-file)=" & strDigest Else Debug.Print "ERROR: computing cert thumb" End If nRet = X509_CertThumb(strPemFile, strDigest, Len(strDigest), PKI_HASH_SHA1) If nRet > 0 Then Debug.Print "SHA-1(pem-file)=" & strDigest Else Debug.Print "ERROR: computing cert thumb" End If
The output should be
PEM_FileFromBinFile returns 0 (expecting 0) SHA-1(der-file)=a36b1bfa0af41a2785066b2d5135b67011ac3b7f SHA-1(pem-file)=a36b1bfa0af41a2785066b2d5135b67011ac3b7f
The X.509 file in this example is
-----BEGIN CERTIFICATE----- MIHgMIGaAgEBMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMDcwODAyMDIwMDAx WhcNMTEwODAyMDIwMDAxWjAMMQowCAYDVQQDEwFBMEowDQYJKoZIhvcNAQEBBQADOQAwNgIx A1KSJlPSmQAqQgDHUISaUsCrHbIZe249i6jFtfN3rA7czrP4CXS3mjvMFf0AsxV6BwIBAzAN BgkqhkiG9w0BAQUFAAMyAACeT7GtgmBRKUN20cIyNEGneEvmNxaliuBEVkg2npbyEBgeHXOH 6jqj9Ase348UN/Q= -----END CERTIFICATE-----
The binary file is
000000 30 81 e0 30 81 9a 02 01 01 30 0d 06 09 2a 86 48 0..0.....0...*.H
000010 86 f7 0d 01 01 05 05 00 30 0c 31 0a 30 08 06 03 ........0.1.0...
000020 55 04 03 13 01 41 30 1e 17 0d 30 37 30 38 30 32 U....A0...070802
000030 30 32 30 30 30 31 5a 17 0d 31 31 30 38 30 32 30 020001Z..1108020
000040 32 30 30 30 31 5a 30 0c 31 0a 30 08 06 03 55 04 20001Z0.1.0...U.
000050 03 13 01 41 30 4a 30 0d 06 09 2a 86 48 86 f7 0d ...A0J0...*.H...
000060 01 01 01 05 00 03 39 00 30 36 02 31 03 52 92 26 ......9.06.1.R.&
000070 53 d2 99 00 2a 42 00 c7 50 84 9a 52 c0 ab 1d b2 S...*B..P..R....
000080 19 7b 6e 3d 8b a8 c5 b5 f3 77 ac 0e dc ce b3 f8 .{n=.....w......
000090 09 74 b7 9a 3b cc 15 fd 00 b3 15 7a 07 02 01 03 .t..;......z....
0000a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 0...*.H.........
0000b0 32 00 00 9e 4f b1 ad 82 60 51 29 43 76 d1 c2 32 2...O...`Q)Cv..2
0000c0 34 41 a7 78 4b e6 37 16 a5 8a e0 44 56 48 36 9e 4A.xK.7....DVH6.
0000d0 96 f2 10 18 1e 1d 73 87 ea 3a a3 f4 0b 1e df 8f ......s..:......
0000e0 14 37 f4 .7.
>certmgr smallca.cer
==============Certificate # 1 ==========
Subject::
[0,0] 2.5.4.3 (CN) A
Issuer::
[0,0] 2.5.4.3 (CN) A
SerialNumber::
01
SHA1 Thumbprint::
A36B1BFA 0AF41A27 85066B2D 5135B670 11AC3B7F
MD5 Thumbprint::
575A5AEE 32B3810F EFA71CEC 5EAD35DD
Key MD5 Thumbprint::
42B4A712 FB3B4C12 B75CB679 1D0C0E01
NotBefore::
Thu Aug 02 10:00:01 2007
NotAfter::
Tue Aug 02 10:00:01 2011
==============No CTLs ==========
==============No CRLs ==========
==============================================
CertMgr Succeeded
PEM_FileFromBinFileEx PEM_FileToBinFile