Tcl
Tcl
Working with PEM Encrypted Private Keys
See more PEM Examples
Demonstrates how to load and save PEM encrypted private keys.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set success 0
set pem [new_CkPem]
set pemPassword "secret"
# To load a PEM file containing encrypted private keys, simply
# provide the password.
set success [CkPem_LoadPemFile $pem "/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem" $pemPassword]
if {$success == 0} then {
puts [CkPem_lastErrorText $pem]
delete_CkPem $pem
exit
}
set fac [new_CkFileAccess]
set pemText [CkFileAccess_readEntireTextFile $fac "/Users/chilkat/testData/pem/pemContainingEncryptedPrivateKeys.pem" $pemPassword]
# To load a PEM from a string, call LoadPem instead of LoadPemFile:
set success [CkPem_LoadPem $pem $pemText]
if {$success == 0} then {
puts [CkPem_lastErrorText $pem]
delete_CkPem $pem
delete_CkFileAccess $fac
exit
}
# A few notes:
# The PEM may contain both private keys and certificates (or anything else).
# The password is utilized for whatever content in the PEM is encrypted.
# It is OK to have both encrypted and non-encrypted content within a given PEM.
# PEM private keys can be encrypted in different formats. The LoadPem and LoadPemFile
# methods automatically handle the different formats.
# One format is PKCS8 and is indicated by this delimiter within the PEM:
# -----BEGIN ENCRYPTED PRIVATE KEY-----
# MIICoTAbBgkqhkiG9w0BBQMwDgQIfdD0zv24lgkCAggABIICgE0PdHJmRbNs6cBX
# ...
# Another format, we'll call "passphrase" looks like this in the PEM:
# -----BEGIN RSA PRIVATE KEY-----
# Proc-Type: 4,ENCRYPTED
# DEK-Info: DES-EDE3-CBC,A4215544D11C5D0C
#
# paqy9XRexcSjurHfG0xhCaUD0HrvIdhuC0CbRxxxeMlkLaV6+uT80rBxt2AaibWG
# ...
# Show the bit length of each private key:
set numPrivateKeys [CkPem_get_NumPrivateKeys $pem]
if {$numPrivateKeys == 0} then {
puts "Error: Expected the PEM to contain private keys."
delete_CkPem $pem
delete_CkFileAccess $fac
exit
}
set privKey [new_CkPrivateKey]
for {set i 1} {$i <= $numPrivateKeys} {incr i} {
CkPem_PrivateKeyAt $pem [expr $i - 1] $privKey
puts "$i: [CkPrivateKey_get_BitLength $privKey] bits"
}
delete_CkPem $pem
delete_CkFileAccess $fac
delete_CkPrivateKey $privKey