Chilkat.PublicKey Class Overview

Chilkat.PublicKey represents a public key and provides methods for loading, exporting, saving, inspecting, and converting public keys. It can load public keys from DER, PEM, XML, JWK, Base64-encoded DER, raw ECDSA coordinates, Ed25519 hex, files, strings, byte arrays, or BinData, and it can export public keys as DER, PEM, encoded DER, JWK, XML, or files.

What the Class Is Used For

Use Chilkat.PublicKey when an application needs to import, inspect, convert, or save public keys used for encryption, signature verification, key exchange, or interoperability with external cryptographic systems. It complements PrivateKey by representing the public portion of a key pair.

Load Many Formats Load public keys from DER, PEM, XML, JWK, Base64 DER, files, strings, BinData, ECDSA coordinates, or Ed25519 hex.
Export and Convert Export public keys as DER bytes, PEM text, encoded DER, JWK, XML, or save them directly to files.
Inspect Key Metadata Check whether the object is empty, get the key size in bits, and identify the key type.
Support Crypto Workflows Public keys are typically used for RSA encryption, RSA signature verification, ECDSA verification, and other public-key operations in related Chilkat classes.

Typical Workflow

  1. Load the public key using a flexible method such as LoadFromFile, LoadFromString, LoadBd, or LoadFromBinary.
  2. For direct EC coordinate input, use LoadEcdsa. For raw Ed25519 public keys, use LoadEd25519.
  3. Inspect Empty, KeyType, and KeySize to confirm the key loaded as expected.
  4. Export the key with GetPem, GetDer, GetEncoded, GetJwk, or GetXml.
  5. Save the key with SavePemFile, SaveDerFile, or SaveXmlFile when persistence is needed.
  6. Check LastErrorText after any failed load, export, or save operation.

Core Concepts

Concept Meaning Important Members
Public Key Object Holds a public key in memory so it can be exported, saved, inspected, or used by other Chilkat cryptographic classes. LoadFromFile, LoadFromString, Empty
Key Type Identifies the public-key algorithm. KeyType: empty, rsa, dsa, or ecc
DER vs PEM DER is binary key data. PEM is Base64 text wrapped with header/footer lines. GetDer, GetPem, SaveDerFile, SavePemFile
PKCS#1 vs PKCS#8 Some key types, such as RSA, can be represented in more than one DER/PEM structure. The preferPkcs1 argument controls which is preferred when both are supported. GetDer, GetPem, GetEncoded
JWK JSON Web Key format for representing RSA, ECC, and Ed25519 public keys in JSON. GetJwk, GetJwkThumbprint, LoadFromString, LoadFromFile
Auto-Recognition Several loading methods can automatically recognize the public-key format and key type. LoadBd, LoadFromFile, LoadFromString

Core Properties

Property Purpose Guidance
Empty Indicates whether the object currently holds a public key. Use after construction or loading to confirm whether a key is present.
KeySize Returns the public-key size in bits. Examples include 1024 and 2048.
KeyType Returns the public-key algorithm type. Can be empty, rsa, dsa, or ecc.
LastErrorText Diagnostic text for the last method or property access. Check after failures or unexpected results. Diagnostic information may be available regardless of success or failure.

Loading Public Keys

Input Source / Format Method Notes
Base64-encoded DER LoadBase64 Loads Base64-encoded DER. The DER can be PKCS#1 or PKCS#8.
BinData LoadBd Loads a public key from binary or string data contained in BinData. The format and key type are auto-recognized.
Binary DER byte array LoadFromBinary Loads binary DER and auto-recognizes PKCS#1 and PKCS#8 formats.
File LoadFromFile Loads from a file containing DER, PEM, XML, encoded DER, or JWK. The format is auto-recognized.
String LoadFromString Loads PEM, XML, encoded DER, or JWK text. The string format is auto-recognized.
ECDSA Qx/Qy coordinates LoadEcdsa Loads an ECDSA public key directly from hex Qx and Qy values and a supported curve name.
Raw Ed25519 public key LoadEd25519 Loads a 32-byte Ed25519 public key specified as a hex string.
Flexible import: LoadFromFile and LoadFromString auto-recognize common public-key formats, including JWK starting in v9.5.0.66.

Exporting Public Keys

Output Format Method Behavior
Binary DER GetDer Returns public-key DER bytes. For key types that support PKCS#1 and PKCS#8, preferPkcs1 controls the preferred format.
Binary DER into BinData GetDerBd Writes public-key DER bytes into a supplied BinData object.
Encoded DER GetEncoded Returns DER bytes as encoded text, such as base64 or hex.
PEM GetPem Returns the public key in PEM format. For key types that support PKCS#1 and PKCS#8, preferPkcs1 controls the preferred format.
JWK GetJwk Returns the public key as a JSON Web Key.
JWK thumbprint GetJwkThumbprint Returns the RFC 7638 JWK thumbprint using the specified hash algorithm.
XML GetXml Returns an XML representation of the public key. The format depends on key type.

Saving Public Keys

Saved Format Method Notes
Binary DER SaveDerFile Saves the public key to a DER file. For key types that support PKCS#1 and PKCS#8, preferPkcs1 controls the preferred format.
PEM SavePemFile Saves the public key to a PEM file. For key types that support PKCS#1 and PKCS#8, preferPkcs1 controls the preferred format.
XML SaveXmlFile Saves the public key to an XML file.

Supported Key Representations

Representation Load Support Export Support
DER LoadFromBinary, LoadBase64, LoadFromFile GetDer, GetDerBd, GetEncoded, SaveDerFile
PEM LoadFromString, LoadFromFile GetPem, SavePemFile
XML LoadFromString, LoadFromFile GetXml, SaveXmlFile
JWK LoadFromString, LoadFromFile, LoadBd GetJwk, GetJwkThumbprint
Raw ECDSA coordinates LoadEcdsa Export through DER, PEM, JWK, or XML methods after loading.
Raw Ed25519 public key LoadEd25519 Export through JWK or other supported output methods after loading.

JWK Support

Key Type JWK Fields Notes
RSA kty, n, e Represents the RSA modulus and public exponent.
ECC kty, crv, x, y Represents the named curve and public point coordinates.
Ed25519 kty, crv, x Ed25519 JWK support was added in v9.5.0.83.
Thumbprints: GetJwkThumbprint returns the public key’s JWK thumbprint according to RFC 7638, using the requested hash algorithm.

Loading ECDSA Keys from Qx and Qy

LoadEcdsa loads an ECDSA public key directly from the public point coordinates Qx and Qy, provided as hex strings.

Curve Family Supported Curve Names
NIST / SEC prime curves secp256r1, secp384r1, secp521r1, secp256k1, secp192r1, secp224r1
Brainpool curves brainpoolp160r1, brainpoolp192r1, brainpoolp224r1, brainpoolp256r1, brainpoolp320r1, brainpoolp384r1, brainpoolp512r1
Alternative loading: ECDSA public keys in formats such as DER, PEM, JWK, XML, or encoded DER can be loaded with LoadBd, LoadFromBinary, LoadFromFile, or LoadFromString.

preferPkcs1 Argument

Used By Meaning When It Matters
GetDer, GetDerBd, GetEncoded, GetPem, SaveDerFile, SavePemFile Chooses the preferred output format when the key type supports both PKCS#1 and PKCS#8 representations. Most relevant for RSA public keys and interoperability with tools or APIs expecting one public-key structure over another.
Interoperability tip: When exchanging keys with another system, confirm whether it expects PKCS#1-style or PKCS#8-style public-key output, then set preferPkcs1 accordingly.

Method Summary by Category

Category Methods Purpose
General loading LoadBd, LoadFromFile, LoadFromString Load public keys from auto-recognized binary or string formats.
DER / Base64 loading LoadFromBinary, LoadBase64 Load public keys from binary DER or Base64-encoded DER.
Raw key loading LoadEcdsa, LoadEd25519 Load keys from ECDSA public point coordinates or raw Ed25519 hex.
DER / PEM export GetDer, GetDerBd, GetEncoded, GetPem Export the public key in binary, encoded, or PEM form.
JWK / XML export GetJwk, GetJwkThumbprint, GetXml Export public keys to JSON Web Key, JWK thumbprint, or XML.
Saving to files SaveDerFile, SavePemFile, SaveXmlFile Persist the public key to DER, PEM, or XML files.

Diagnostics and Troubleshooting

Problem Area Member What to Check
Key load failed LastErrorText Check whether the input is valid DER, PEM, XML, JWK, encoded DER, ECDSA coordinates, or Ed25519 hex.
Object has no key Empty Confirm a load method succeeded before exporting or using the key.
Unexpected key type KeyType Confirm whether the loaded key is RSA, DSA, or ECC.
Unexpected key size KeySize Check that the key size matches the expected strength.
ECDSA coordinate load fails LoadEcdsa Confirm the curve name is supported and that Qx and Qy are valid hex strings for that curve.
Export format rejected by another system preferPkcs1, GetDer, GetPem Try the alternate PKCS#1 / PKCS#8 preference if the key type supports both.
Encoded output is not in the expected form GetEncoded Confirm the requested encoding, such as base64 or hex.

Common Pitfalls

Pitfall Better Approach
Assuming every PEM or DER public key uses the same structure. Use preferPkcs1 when exporting keys that support multiple structures, especially RSA keys.
Exporting before confirming the key loaded. Check the load method return value and inspect Empty.
Using the wrong method for raw ECDSA coordinates. Use LoadEcdsa with curve name, Qx, and Qy.
Expecting LoadBase64 to load PEM text. Use LoadFromString for PEM, XML, JWK, or encoded DER text when auto-recognition is desired.
Ignoring JWK support in flexible loaders. Use LoadFromString, LoadFromFile, or LoadBd for JWK-based public-key input.
Not checking LastErrorText after a failed load or save. It usually contains the most useful diagnostic detail for malformed input, unsupported data, path problems, or export failures.

Best Practices

Recommendation Reason
Use LoadFromFile or LoadFromString for general imports. They auto-recognize common public-key formats and simplify code when the exact format may vary.
Check Empty, KeyType, and KeySize after loading. This confirms the object contains a key of the expected type and strength.
Use JWK for JSON-based protocols and PEM/DER for general cryptographic interoperability. These are common exchange formats across APIs, tools, and cryptographic libraries.
Use GetJwkThumbprint when a stable public-key identifier is needed. It returns the JWK thumbprint according to RFC 7638.
Use LoadEcdsa only when you already have raw EC coordinates. For normal files or strings, the flexible loaders can handle DER, PEM, XML, JWK, and encoded DER formats.
Save in the format expected by the receiving system. Use SaveDerFile, SavePemFile, or SaveXmlFile based on the target environment.
Check LastErrorText after failures. It provides the most useful diagnostic detail for loading, parsing, exporting, and saving public keys.

Summary

Chilkat.PublicKey is the central Chilkat class for representing and converting public keys. It loads keys from many common formats, including DER, PEM, XML, JWK, Base64 DER, raw ECDSA coordinates, and Ed25519 hex, then exports them as DER, PEM, encoded DER, JWK, XML, or files.

The most important practical guidance is to use the flexible loading methods when the input format may vary, verify the loaded key with Empty, KeyType, and KeySize, and choose the output format expected by the target system.