Sample code for 30+ languages & platforms
PowerShell

Export a Certificate's Private Key to Various Formats

See more Certificates Examples

Loads a digital certificate and private key from a PFX file (also known as PKCS#12) and exports the private key to various formats: (1) PKCS8 Encrypted, (2) PKCS8 Encrypted PEM, (3) PKCS8 unencrypted, (4) PKCS8 PEM unencrypted, (5) RSA DER unencrypted, (6) RSA PEM unencrypted, (7) XML.

Chilkat PowerShell Downloads

PowerShell
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"

$success = $false

$cert = New-Object Chilkat.Cert

# Load from the PFX file
$pfxFilename = "/Users/chilkat/testData/pfx/chilkat_ssl_pwd_is_test.pfx"
$pfxPassword = "test"

# A PFX typically contains certificates in the chain of authentication.
# The Chilkat cert object will choose the certificate w/
# private key farthest from the root authority cert.
# To access all the certificates in a PFX, use the 
# Chilkat certificate store object instead.
$success = $cert.LoadPfxFile($pfxFilename,$pfxPassword)
if ($success -eq $false) {
    $($cert.LastErrorText)
    exit
}

# Get the private key...
$privKey = New-Object Chilkat.PrivateKey
$success = $cert.GetPrivateKey($privKey)
if ($success -eq $false) {
    $($cert.LastErrorText)
    exit
}

# Export to various formats:

$password = "secret"

# PKCS8 Encrypted DER
$path = "/Users/chilkat/testData/privkeys/chilkat_pkcs8_enc.der"
$success = $privKey.SavePkcs8EncryptedFile($password,$path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

# PKCS8 Encrypted PEM
$path = "/Users/chilkat/testData/privkeys/chilkat_pkcs8_enc.pem"
$success = $privKey.SavePkcs8EncryptedPemFile($password,$path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

# PKCS8 Unencrypted DER
$path = "/Users/chilkat/testData/privkeys/chilkat_pkcs8.der"
$success = $privKey.SavePkcs8File($path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

# PKCS8 Unencrypted PEM
$path = "/Users/chilkat/testData/privkeys/chilkat_pkcs8.pem"
$success = $privKey.SavePkcs8PemFile($path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

#  RSA DER (unencrypted)
$path = "/Users/chilkat/testData/privkeys/chilkat_rsa.der"
$success = $privKey.SavePkcs1File($path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

# RSA PEM (unencrypted)
$path = "/Users/chilkat/testData/privkeys/chilkat_rsa.pem"
$success = $privKey.SavePemFile($path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

# XML (unencrypted)
$path = "/Users/chilkat/testData/privkeys/chilkat.xml"
$success = $privKey.SaveXmlFile($path)
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

$("Private key exported to various formats.")