{"id":2089,"date":"2011-11-22T14:09:58","date_gmt":"2011-11-22T12:09:58","guid":{"rendered":"http:\/\/www.limilabs.com\/blog\/?p=2089"},"modified":"2013-04-25T15:28:39","modified_gmt":"2013-04-25T13:28:39","slug":"import-certificate-private-public-keys-pem-cer-pfx","status":"publish","type":"post","link":"https:\/\/www.limilabs.com\/blog\/import-certificate-private-public-keys-pem-cer-pfx","title":{"rendered":"Import certificate, private or public keys (PEM, CER, PFX)"},"content":{"rendered":"

Encrypted private key, RSA private key in PEM file<\/h3>\n

PEM stands for Privacy Enhanced Mail format. The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extensions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files.<\/p>\n

\r\nPemReader pem = new PemReader();\r\nRSACryptoServiceProvider rsa = pem.ReadEncryptedPrivateKeyFromFile(\r\n   "EncryptedPrivateKey.pem", \/\/ "EncryptedRSAPrivateKey.pem"\r\n   "cypher");\r\n<\/pre>\n
This code handles following formats:<\/p>\n
PKCS #8  EncryptedPrivateKeyInfo Encrypted Format:<\/strong>
\n
\n        -----BEGIN ENCRYPTED PRIVATE KEY-----
\n        MIICojAcBgoqhkiG9w0BD .....
\n<\/code><\/p>\n
Private Key (Traditional SSLeay RSAPrivateKey format) Encrypted:<\/strong>
\n
\n-----BEGIN RSA PRIVATE KEY-----
\nProc-Type: 4,ENCRYPTED
\nDEK-Info: DES-EDE3-CBC,24A667C253F8A1B9<\/code><\/p>\n
mKz .....
\n<\/code><\/p>\n
You can remove the passphrase from the private key using openssl:
\nopenssl rsa -in EncryptedPrivateKey.pem -out PrivateKey.pem<\/code><\/p>\n
Unencrypted private key in PEM file<\/h3>\n
\r\nPemReader pem = new PemReader();\r\nRSACryptoServiceProvider rsa = pem.ReadPrivateKeyFromFile("PrivateKey.pem");\r\n<\/pre>\n
This code handles following formats:<\/p>\n
PKCS #8  PrivateKeyInfo Unencrypted:<\/strong>
\n
\n        -----BEGIN PRIVATE KEY-----
\n        MIICdgIBADANBgkqhkiG9w0B ......
\n<\/code><\/p>\n
Private Key (Traditional SSLeay RSAPrivateKey format) Unencrypted:<\/strong>
\n
\n        -----BEGIN RSA PRIVATE KEY-----
\n        MIICXQIBAAKBgQCcHVm  .....
\n<\/code><\/p>\n
Public key in PEM file<\/h3>\n
\r\nPemReader pem = new PemReader();\r\nRSACryptoServiceProvider rsa = pem.ReadPublicKeyFromFile("PublicKey.pem")\r\n<\/pre>\n
This code handles following formats:<\/p>\n
Public Key (SubjecPublicKeyInfo):<\/strong>
\n
\n        -----BEGIN PUBLIC KEY-----
\n        MIGfMA0GCSqGSIb3DQEB .....
\n<\/code><\/p>\n
Certificate\/private key in PFX file<\/h3>\n
\r\nX509Certificate2 certificate  = new X509Certificate2(\r\n   "certificate.pfx",\r\n   "",\r\n   X509KeyStorageFlags.PersistKeySet)\r\n\r\nif (certificate.HasPrivateKey)\r\n{\r\n  using (var rsa = (RSACryptoServiceProvider)certificate.PrivateKey)\r\n  {\r\n    \/\/ ...\r\n  }\r\n}\r\n<\/pre>\n
Certificate in PEM\/CER file<\/h3>\n
Note: The private key is never stored in a .pem\/.cer certificate file.<\/p>\n
\r\nX509Certificate2 certificate = new X509Certificate2("certificate.cer");\r\n<\/pre>\n
-or-<\/p>\n
\r\nPemReader pem = new PemReader();\r\nX509Certificate2 certificate = pem.ReadCertificateFromFile("certificate.cer");\r\n<\/pre>\n
This code handles following formats:<\/p>\n

\n        -----BEGIN CERTIFICATE-----
\n        MIIFsTCCA5mgAwIBAgIKYQ .....
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"
Encrypted private key, RSA private key in PEM file PEM stands for Privacy Enhanced Mail format. The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extensions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files. PemReader pem = new PemReader(); RSACryptoServiceProvider rsa […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[18,33,49],"class_list":["post-2089","post","type-post","status-publish","format-standard","hentry","category-mail-dll","tag-dkim","tag-email-component","tag-smime"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/2089"}],"collection":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/comments?post=2089"}],"version-history":[{"count":7,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/2089\/revisions"}],"predecessor-version":[{"id":3980,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/2089\/revisions\/3980"}],"wp:attachment":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/media?parent=2089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/categories?post=2089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/tags?post=2089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}