Sample code for 30+ languages & platforms
Delphi ActiveX

Working with PEM Encrypted Private Keys

See more PEM Examples

Demonstrates how to load and save PEM encrypted private keys.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
pem: TChilkatPem;
pemPassword: WideString;
fac: TCkFileAccess;
pemText: WideString;
i: Integer;
numPrivateKeys: Integer;
privKey: TPrivateKey;

begin
success := 0;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

success := 0;

pem := TChilkatPem.Create(Self);

pemPassword := 'secret';

// To load a PEM file containing encrypted private keys, simply
// provide the password.
success := pem.LoadPemFile('/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem',pemPassword);
if (success = 0) then
  begin
    Memo1.Lines.Add(pem.LastErrorText);
    Exit;
  end;

fac := TCkFileAccess.Create(Self);
pemText := fac.ReadEntireTextFile('/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem',pemPassword);

// To load a PEM from a string, call LoadPem instead of LoadPemFile:
success := pem.LoadPem(pemText);
if (success = 0) then
  begin
    Memo1.Lines.Add(pem.LastErrorText);
    Exit;
  end;

// A few notes:
// The PEM may contain both private keys and certificates (or anything else).
// The password is utilized for whatever content in the PEM is encrypted.  
// It is OK to have both encrypted and non-encrypted content within a given PEM.

// PEM private keys can be encrypted in different formats.  The LoadPem and LoadPemFile
// methods automatically handle the different formats.
// One format is PKCS8 and is indicated by this delimiter within the PEM:

// -----BEGIN ENCRYPTED PRIVATE KEY-----
// MIICoTAbBgkqhkiG9w0BBQMwDgQIfdD0zv24lgkCAggABIICgE0PdHJmRbNs6cBX
// ...

// Another format, we'll call "passphrase" looks like this in the PEM:
// -----BEGIN RSA PRIVATE KEY-----
// Proc-Type: 4,ENCRYPTED
// DEK-Info: DES-EDE3-CBC,A4215544D11C5D0C
// 
// paqy9XRexcSjurHfG0xhCaUD0HrvIdhuC0CbRxxxeMlkLaV6+uT80rBxt2AaibWG
// ...

// Show the bit length of each private key:

numPrivateKeys := pem.NumPrivateKeys;
if (numPrivateKeys = 0) then
  begin
    Memo1.Lines.Add(('Error: Expected the PEM to contain private keys.'));
    Exit;
  end;
privKey := TPrivateKey.Create(Self);
for i := 1 to numPrivateKeys do
  begin
    pem.PrivateKeyAt(i - 1,privKey.ControlInterface);
    Memo1.Lines.Add(IntToStr(i) + ': ' + IntToStr(privKey.BitLength) + ' bits');
  end;
end;