Sample code for 30+ languages & platforms
PureBasic

Working with PEM Encrypted Private Keys

See more PEM Examples

Demonstrates how to load and save PEM encrypted private keys.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkFileAccess.pb"
IncludeFile "CkPem.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    success = 0

    pem.i = CkPem::ckCreate()
    If pem.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    pemPassword.s = "secret"

    ; To load a PEM file containing encrypted private keys, simply
    ; provide the password.
    success = CkPem::ckLoadPemFile(pem,"/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem",pemPassword)
    If success = 0
        Debug CkPem::ckLastErrorText(pem)
        CkPem::ckDispose(pem)
        ProcedureReturn
    EndIf

    fac.i = CkFileAccess::ckCreate()
    If fac.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    pemText.s = CkFileAccess::ckReadEntireTextFile(fac,"/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem",pemPassword)

    ; To load a PEM from a string, call LoadPem instead of LoadPemFile:
    success = CkPem::ckLoadPem(pem,pemText)
    If success = 0
        Debug CkPem::ckLastErrorText(pem)
        CkPem::ckDispose(pem)
        CkFileAccess::ckDispose(fac)
        ProcedureReturn
    EndIf

    ; A few notes:
    ; The PEM may contain both private keys and certificates (or anything else).
    ; The password is utilized for whatever content in the PEM is encrypted.  
    ; It is OK to have both encrypted and non-encrypted content within a given PEM.

    ; PEM private keys can be encrypted in different formats.  The LoadPem and LoadPemFile
    ; methods automatically handle the different formats.
    ; One format is PKCS8 and is indicated by this delimiter within the PEM:

    ; -----BEGIN ENCRYPTED PRIVATE KEY-----
    ; MIICoTAbBgkqhkiG9w0BBQMwDgQIfdD0zv24lgkCAggABIICgE0PdHJmRbNs6cBX
    ; ...

    ; Another format, we'll call "passphrase" looks like this in the PEM:
    ; -----BEGIN RSA PRIVATE KEY-----
    ; Proc-Type: 4,ENCRYPTED
    ; DEK-Info: DES-EDE3-CBC,A4215544D11C5D0C
    ; 
    ; paqy9XRexcSjurHfG0xhCaUD0HrvIdhuC0CbRxxxeMlkLaV6+uT80rBxt2AaibWG
    ; ...

    ; Show the bit length of each private key:
    i.i
    numPrivateKeys.i = CkPem::ckNumPrivateKeys(pem)
    If numPrivateKeys = 0
        Debug ("Error: Expected the PEM to contain private keys.")
        CkPem::ckDispose(pem)
        CkFileAccess::ckDispose(fac)
        ProcedureReturn
    EndIf

    privKey.i = CkPrivateKey::ckCreate()
    If privKey.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    For i = 1 To numPrivateKeys
        CkPem::ckPrivateKeyAt(pem,i - 1,privKey)
        Debug Str(i) + ": " + Str(CkPrivateKey::ckBitLength(privKey)) + " bits"
    Next


    CkPem::ckDispose(pem)
    CkFileAccess::ckDispose(fac)
    CkPrivateKey::ckDispose(privKey)


    ProcedureReturn
EndProcedure