CryptoSys PKI Pro Manual

PEM string alternative for X.509 certificates, RSA and EC keys, etc

In the same way you can pass a base64 string instead of an X.509 filename, you can pass a string containing the certificate in PEM format. The PEM format looks like

-----BEGIN CERTIFICATE-----
MIHgMIGaAgEBMA0GCSqG...
-----END CERTIFICATE-----

Similarly, those RSA and ECC functions which require you to pass the filename of an key file will accept a string that contains the file contents in PEM format. An key file in PEM format looks like

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICojAcBgoqhkiG9w0BDAEDMA4ECHPQz6NdAmoFAgIH0ASCAoBKn9KXr+dm
Vtc0ZhEog7t3Prs4rJazwUsXExU78ePLMquxLi/cPmqtyjb472r6XUOa...
-----END ENCRYPTED PRIVATE KEY-----

[New in v3.5] Similarly for CMS objects.

The functions will accept all strings that start with "-----BEGIN" and are of the form

-----BEGIN FOO BAR-----
(base64-encoded data)
-----END FOO BAR-----

The exact word or words used for "FOO BAR" in the "BEGIN FOO BAR" and "END FOO BAR" labels do not matter (at least as far as we are concerned; other applications may object), but there must be exactly 5 hyphen (minus) characters "-" before and after the label. Any non-base64 characters found in the encoded data, including newline characters or spaces, will be ignored.

White space is ignored in the PEM string input, so there is no need to add LF or CRLF newlines at the end of each line. You can input the data as one continuous line of characters, for example.

strPem = "-----BEGIN FOO-----MIICojAcBgoqhkiG9w0BDAEDMA4E...(snip)...se348UN/Q=-----END FOO-----"

This means, for example, that you can store your certificates and encrypted private keys as strings in a database. Note that an X.509 certificate can be passed either as a plain base64 string or in PEM format; that is, both with and without the "-----BEGIN CERTIFICATE-----" encapsulation; but RSA key data can only be passed in PEM format.

Example

This example shows how an encrypted private key can be read from a string instead of a file.

Dim strKeyPemData As String
strKeyPemData = _
  "-----BEGIN ENCRYPTED PRIVATE KEY-----" & _
  "MIICojAcBgoqhkiG9w0BDAEDMA4ECHPQz6NdAmoFAgIH0ASCAoBKn9KXr+dm" & _
  "Vtc0ZhEog7t3Prs4rJazwUsXExU78ePLMquxLi/cPmqtyjb472r6XUOa9J/v" & _
  "g2gYHlJ7D7FfAdTdVbHmXWfZzdIqI+AKZmrMoIfSVSSrI8mLDXLDgJVm2Gxa" & _
  "r/YJ154L4fwqWjj0b06v8nTrXTp7G3ZSxjmXc3auf8tS1RatpDuSn027jBGt" & _
  "Pg2CGPjeSomOU7Efd89R+gryW3RfXaMEv1TtGmdS+szxN4TAzgFTzjzE7qJ2" & _
  "+WL09hBRxSyi5JybbxblrO5zDbGJD8rq4kGawWUj4PYDpOkxQYQyK/cALEvv" & _
  "EipLeWvk03CadKER3EcpL7wQT3N5wJGNx7GR3efkO7lO/VfGf6kYFsJ8Qt94" & _
  "vBlgq84abgSD+rlRX03re/NLJQ00Qxl3bDrkSiRoXSfBiOeVzBVTsh03Sj4B" & _
  "V0v2KLENsMXr40rMqTGfKD3V+FyYUehWEkEl3NrIVpBSJir+g4H3tl76SdNe" & _
  "mq/cTtQP+EY8fpC3I46dyDXFat3wQfubw+E5nGfv7xp6vRVRRolpZx7DpuB/" & _
  "z1tzO3uP0vJ0pjATriO/ZAVs6UrXx+DJ6XsfrAVt0jpW5Ngr8rm2EiD3/1T9" & _
  "7q1dELJ7GzCY1dG99XVjt9ZXb7cI8zsPpT/gzQJLfeLe3U5Mdw0hKZLfPCex" & _
  "0urs3ytK0XNu+jZAYeSaysG8/rHJaH74WOgJ8gnSPY4QtWsu6+3qBErS2jbq" & _
  "7E2jRvBKWICVd1yiQCDq/c6s9LeYhNhZsmcWxuX9b4lG9f1LHZy0djhIYi4x" & _
  "IpcEfjkTH+7zUOkMQ+fXZHtSEVFt9L2Ci49jB8YReqbfOuDFzzwsk3xxfL2h" & _
  "ZoRK" & _
  "-----END ENCRYPTED PRIVATE KEY-----"
Dim nLen As Long
Dim strPassword As String
Dim strPrivateKey As String
strPassword = "password"
' How long is PrivateKey string?
nLen = RSA_ReadEncPrivateKey("", 0, strKeyPemData, strPassword, 0)
If nLen <= 0 Then
  Debug.Print "ERROR: RSA_ReadEncPrivateKey returns " & nLen
  Exit Sub
End If
' Pre-dimension the string to receive data
strPrivateKey = String(nLen, " ")
' Read in the Private Key
nLen = RSA_ReadEncPrivateKey(strPrivateKey, Len(strPrivateKey), strKeyPemData, strPassword, 0)
If nLen <= 0 Then
  Debug.Print "ERROR: RSA_ReadEncPrivateKey returns " & nLen
  Exit Sub
End If
' ... do something with the private key...
Debug.Print "Private key is " & RSA_KeyBits(strPrivateKey) & " bits long."
Debug.Print "KeyHashCode=" & Hex(RSA_KeyHashCode(strPrivateKey))
' then make sure it is deleted
strPrivateKey = wipeString(strPrivateKey)

This should produce the output

Private key is 1024 bits long.
KeyHashCode=48BFEF2C

The same using C# with a verbatim string:

string s = @"-----BEGIN ENCRYPTED PRIVATE KEY----- 
MIICojAcBgoqhkiG9w0BDAEDMA4ECHPQz6NdAmoFAgIH0ASCAoBKn9KXr+dm 
Vtc0ZhEog7t3Prs4rJazwUsXExU78ePLMquxLi/cPmqtyjb472r6XUOa9J/v 
g2gYHlJ7D7FfAdTdVbHmXWfZzdIqI+AKZmrMoIfSVSSrI8mLDXLDgJVm2Gxa 
r/YJ154L4fwqWjj0b06v8nTrXTp7G3ZSxjmXc3auf8tS1RatpDuSn027jBGt 
Pg2CGPjeSomOU7Efd89R+gryW3RfXaMEv1TtGmdS+szxN4TAzgFTzjzE7qJ2 
+WL09hBRxSyi5JybbxblrO5zDbGJD8rq4kGawWUj4PYDpOkxQYQyK/cALEvv 
EipLeWvk03CadKER3EcpL7wQT3N5wJGNx7GR3efkO7lO/VfGf6kYFsJ8Qt94 
vBlgq84abgSD+rlRX03re/NLJQ00Qxl3bDrkSiRoXSfBiOeVzBVTsh03Sj4B 
V0v2KLENsMXr40rMqTGfKD3V+FyYUehWEkEl3NrIVpBSJir+g4H3tl76SdNe 
mq/cTtQP+EY8fpC3I46dyDXFat3wQfubw+E5nGfv7xp6vRVRRolpZx7DpuB/ 
z1tzO3uP0vJ0pjATriO/ZAVs6UrXx+DJ6XsfrAVt0jpW5Ngr8rm2EiD3/1T9 
7q1dELJ7GzCY1dG99XVjt9ZXb7cI8zsPpT/gzQJLfeLe3U5Mdw0hKZLfPCex 
0urs3ytK0XNu+jZAYeSaysG8/rHJaH74WOgJ8gnSPY4QtWsu6+3qBErS2jbq 
7E2jRvBKWICVd1yiQCDq/c6s9LeYhNhZsmcWxuX9b4lG9f1LHZy0djhIYi4x 
IpcEfjkTH+7zUOkMQ+fXZHtSEVFt9L2Ci49jB8YReqbfOuDFzzwsk3xxfL2h 
ZoRK 
-----END ENCRYPTED PRIVATE KEY-----";
StringBuilder sbKeyCheck = Rsa.ReadPrivateKey(s, "password");
Console.WriteLine("Private key is " + Rsa.KeyBits(sbKeyCheck.ToString()) + " bits long");
Console.WriteLine("KeyHashCode={0,8:X}", Rsa.KeyHashCode(sbKeyCheck.ToString()));
Wipe.String(sbKeyCheck);
Private key is 1024 bits long
KeyHashCode=48BFEF2C

[Contents] [Index]

[PREV: Base64 alternative for X.509 certificates...]   [Contents]   [Index]   
   [NEXT: Base64 and PEM string alternatives for CMS objects...]

Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.