(Unicode C) Working with PEM Encrypted Private Keys

Demonstrates how to load and save PEM encrypted private keys.

Note: This example requires Chilkat v11.0.0 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <C_CkPemW.h>
#include <C_CkFileAccessW.h>
#include <C_CkPrivateKeyW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkPemW pem;
    const wchar_t *pemPassword;
    HCkFileAccessW fac;
    const wchar_t *pemText;
    int i;
    int numPrivateKeys;
    HCkPrivateKeyW privKey;

    success = FALSE;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    success = FALSE;

    pem = CkPemW_Create();

    pemPassword = L"secret";

    // To load a PEM file containing encrypted private keys, simply
    // provide the password.
    success = CkPemW_LoadPemFile(pem,L"/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem",pemPassword);
    if (success == FALSE) {
        wprintf(L"%s\n",CkPemW_lastErrorText(pem));
        CkPemW_Dispose(pem);
        return;
    }

    fac = CkFileAccessW_Create();
    pemText = CkFileAccessW_readEntireTextFile(fac,L"/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem",pemPassword);

    // To load a PEM from a string, call LoadPem instead of LoadPemFile:
    success = CkPemW_LoadPem(pem,pemText);
    if (success == FALSE) {
        wprintf(L"%s\n",CkPemW_lastErrorText(pem));
        CkPemW_Dispose(pem);
        CkFileAccessW_Dispose(fac);
        return;
    }

    // A few notes:
    // The PEM may contain both private keys and certificates (or anything else).
    // The password is utilized for whatever content in the PEM is encrypted.  
    // It is OK to have both encrypted and non-encrypted content within a given PEM.

    // PEM private keys can be encrypted in different formats.  The LoadPem and LoadPemFile
    // methods automatically handle the different formats.
    // One format is PKCS8 and is indicated by this delimiter within the PEM:

    // -----BEGIN ENCRYPTED PRIVATE KEY-----
    // MIICoTAbBgkqhkiG9w0BBQMwDgQIfdD0zv24lgkCAggABIICgE0PdHJmRbNs6cBX
    // ...

    // Another format, we'll call "passphrase" looks like this in the PEM:
    // -----BEGIN RSA PRIVATE KEY-----
    // Proc-Type: 4,ENCRYPTED
    // DEK-Info: DES-EDE3-CBC,A4215544D11C5D0C
    // 
    // paqy9XRexcSjurHfG0xhCaUD0HrvIdhuC0CbRxxxeMlkLaV6+uT80rBxt2AaibWG
    // ...

    // Show the bit length of each private key:

    numPrivateKeys = CkPemW_getNumPrivateKeys(pem);
    if (numPrivateKeys == 0) {
        wprintf(L"%s\n",(L"Error: Expected the PEM to contain private keys."));
        CkPemW_Dispose(pem);
        CkFileAccessW_Dispose(fac);
        return;
    }

    privKey = CkPrivateKeyW_Create();
    for (i = 1; i <= numPrivateKeys; i++) {
        CkPemW_PrivateKeyAt(pem,i - 1,privKey);
        wprintf(L"%d: %d bits\n",i,CkPrivateKeyW_getBitLength(privKey));
    }



    CkPemW_Dispose(pem);
    CkFileAccessW_Dispose(fac);
    CkPrivateKeyW_Dispose(privKey);

    }