Sample code for 30+ languages & platforms
C

Working with PEM Encrypted Private Keys

See more PEM Examples

Demonstrates how to load and save PEM encrypted private keys.

Chilkat C Downloads

C
#include <C_CkPem.h>
#include <C_CkFileAccess.h>
#include <C_CkPrivateKey.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkPem pem;
    const char *pemPassword;
    HCkFileAccess fac;
    const char *pemText;
    int i;
    int numPrivateKeys;
    HCkPrivateKey privKey;

    success = FALSE;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    success = FALSE;

    pem = CkPem_Create();

    pemPassword = "secret";

    // To load a PEM file containing encrypted private keys, simply
    // provide the password.
    success = CkPem_LoadPemFile(pem,"/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem",pemPassword);
    if (success == FALSE) {
        printf("%s\n",CkPem_lastErrorText(pem));
        CkPem_Dispose(pem);
        return;
    }

    fac = CkFileAccess_Create();
    pemText = CkFileAccess_readEntireTextFile(fac,"/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem",pemPassword);

    // To load a PEM from a string, call LoadPem instead of LoadPemFile:
    success = CkPem_LoadPem(pem,pemText);
    if (success == FALSE) {
        printf("%s\n",CkPem_lastErrorText(pem));
        CkPem_Dispose(pem);
        CkFileAccess_Dispose(fac);
        return;
    }

    // A few notes:
    // The PEM may contain both private keys and certificates (or anything else).
    // The password is utilized for whatever content in the PEM is encrypted.  
    // It is OK to have both encrypted and non-encrypted content within a given PEM.

    // PEM private keys can be encrypted in different formats.  The LoadPem and LoadPemFile
    // methods automatically handle the different formats.
    // One format is PKCS8 and is indicated by this delimiter within the PEM:

    // -----BEGIN ENCRYPTED PRIVATE KEY-----
    // MIICoTAbBgkqhkiG9w0BBQMwDgQIfdD0zv24lgkCAggABIICgE0PdHJmRbNs6cBX
    // ...

    // Another format, we'll call "passphrase" looks like this in the PEM:
    // -----BEGIN RSA PRIVATE KEY-----
    // Proc-Type: 4,ENCRYPTED
    // DEK-Info: DES-EDE3-CBC,A4215544D11C5D0C
    // 
    // paqy9XRexcSjurHfG0xhCaUD0HrvIdhuC0CbRxxxeMlkLaV6+uT80rBxt2AaibWG
    // ...

    // Show the bit length of each private key:

    numPrivateKeys = CkPem_getNumPrivateKeys(pem);
    if (numPrivateKeys == 0) {
        printf("%s\n",("Error: Expected the PEM to contain private keys."));
        CkPem_Dispose(pem);
        CkFileAccess_Dispose(fac);
        return;
    }

    privKey = CkPrivateKey_Create();
    for (i = 1; i <= numPrivateKeys; i++) {
        CkPem_PrivateKeyAt(pem,i - 1,privKey);
        printf("%d: %d bits\n",i,CkPrivateKey_getBitLength(privKey));
    }



    CkPem_Dispose(pem);
    CkFileAccess_Dispose(fac);
    CkPrivateKey_Dispose(privKey);

    }