Chilkat.PublicKey Class Overview
Chilkat.PublicKey represents a public key and provides methods
for loading, exporting, saving, inspecting, and converting public keys. It can
load public keys from DER, PEM, XML, JWK, Base64-encoded DER, raw ECDSA
coordinates, Ed25519 hex, files, strings, byte arrays, or
BinData, and it can export public keys as DER, PEM,
encoded DER, JWK, XML, or files.
What the Class Is Used For
Use Chilkat.PublicKey when an application needs to
import, inspect, convert, or save public keys used for encryption, signature
verification, key exchange, or interoperability with external cryptographic
systems. It complements PrivateKey by representing
the public portion of a key pair.
Load Many Formats
Load public keys from DER, PEM, XML, JWK, Base64 DER, files, strings,
BinData, ECDSA coordinates, or Ed25519 hex.
Export and Convert
Export public keys as DER bytes, PEM text, encoded DER, JWK, XML, or save them
directly to files.
Inspect Key Metadata
Check whether the object is empty, get the key size in bits, and identify the
key type.
Support Crypto Workflows
Public keys are typically used for RSA encryption, RSA signature verification,
ECDSA verification, and other public-key operations in related Chilkat classes.
Typical Workflow
-
Load the public key using a flexible method such as
LoadFromFile,
LoadFromString,
LoadBd, or
LoadFromBinary.
-
For direct EC coordinate input, use
LoadEcdsa. For raw Ed25519 public keys, use
LoadEd25519.
-
Inspect Empty,
KeyType, and
KeySize to confirm the key loaded as expected.
-
Export the key with GetPem,
GetDer,
GetEncoded,
GetJwk, or
GetXml.
-
Save the key with SavePemFile,
SaveDerFile, or
SaveXmlFile when persistence is needed.
-
Check LastErrorText after any failed load, export,
or save operation.
Core Concepts
| Concept |
Meaning |
Important Members |
| Public Key Object |
Holds a public key in memory so it can be exported, saved, inspected, or
used by other Chilkat cryptographic classes.
|
LoadFromFile,
LoadFromString,
Empty
|
| Key Type |
Identifies the public-key algorithm.
|
KeyType:
empty,
rsa,
dsa, or
ecc
|
| DER vs PEM |
DER is binary key data. PEM is Base64 text wrapped with header/footer lines.
|
GetDer,
GetPem,
SaveDerFile,
SavePemFile
|
| PKCS#1 vs PKCS#8 |
Some key types, such as RSA, can be represented in more than one DER/PEM
structure. The preferPkcs1 argument controls
which is preferred when both are supported.
|
GetDer,
GetPem,
GetEncoded
|
| JWK |
JSON Web Key format for representing RSA, ECC, and Ed25519 public keys in
JSON.
|
GetJwk,
GetJwkThumbprint,
LoadFromString,
LoadFromFile
|
| Auto-Recognition |
Several loading methods can automatically recognize the public-key format
and key type.
|
LoadBd,
LoadFromFile,
LoadFromString
|
Core Properties
| Property |
Purpose |
Guidance |
| Empty |
Indicates whether the object currently holds a public key.
|
Use after construction or loading to confirm whether a key is present.
|
| KeySize |
Returns the public-key size in bits.
|
Examples include 1024 and
2048.
|
| KeyType |
Returns the public-key algorithm type.
|
Can be empty,
rsa, dsa, or
ecc.
|
| LastErrorText |
Diagnostic text for the last method or property access.
|
Check after failures or unexpected results. Diagnostic information may be
available regardless of success or failure.
|
Loading Public Keys
| Input Source / Format |
Method |
Notes |
| Base64-encoded DER |
LoadBase64 |
Loads Base64-encoded DER. The DER can be PKCS#1 or PKCS#8.
|
| BinData |
LoadBd |
Loads a public key from binary or string data contained in
BinData. The format and key type are
auto-recognized.
|
| Binary DER byte array |
LoadFromBinary |
Loads binary DER and auto-recognizes PKCS#1 and PKCS#8 formats.
|
| File |
LoadFromFile |
Loads from a file containing DER, PEM, XML, encoded DER, or JWK. The format
is auto-recognized.
|
| String |
LoadFromString |
Loads PEM, XML, encoded DER, or JWK text. The string format is
auto-recognized.
|
| ECDSA Qx/Qy coordinates |
LoadEcdsa |
Loads an ECDSA public key directly from hex
Qx and Qy values
and a supported curve name.
|
| Raw Ed25519 public key |
LoadEd25519 |
Loads a 32-byte Ed25519 public key specified as a hex string.
|
Flexible import:
LoadFromFile and
LoadFromString auto-recognize common public-key
formats, including JWK starting in v9.5.0.66.
Exporting Public Keys
| Output Format |
Method |
Behavior |
| Binary DER |
GetDer |
Returns public-key DER bytes. For key types that support PKCS#1 and PKCS#8,
preferPkcs1 controls the preferred format.
|
| Binary DER into BinData |
GetDerBd |
Writes public-key DER bytes into a supplied
BinData object.
|
| Encoded DER |
GetEncoded |
Returns DER bytes as encoded text, such as
base64 or hex.
|
| PEM |
GetPem |
Returns the public key in PEM format. For key types that support PKCS#1 and
PKCS#8, preferPkcs1 controls the preferred
format.
|
| JWK |
GetJwk |
Returns the public key as a JSON Web Key.
|
| JWK thumbprint |
GetJwkThumbprint |
Returns the RFC 7638 JWK thumbprint using the specified hash algorithm.
|
| XML |
GetXml |
Returns an XML representation of the public key. The format depends on key
type.
|
Saving Public Keys
| Saved Format |
Method |
Notes |
| Binary DER |
SaveDerFile |
Saves the public key to a DER file. For key types that support PKCS#1 and
PKCS#8, preferPkcs1 controls the preferred
format.
|
| PEM |
SavePemFile |
Saves the public key to a PEM file. For key types that support PKCS#1 and
PKCS#8, preferPkcs1 controls the preferred
format.
|
| XML |
SaveXmlFile |
Saves the public key to an XML file.
|
Supported Key Representations
| Representation |
Load Support |
Export Support |
| DER |
LoadFromBinary,
LoadBase64,
LoadFromFile
|
GetDer,
GetDerBd,
GetEncoded,
SaveDerFile
|
| PEM |
LoadFromString,
LoadFromFile
|
GetPem,
SavePemFile
|
| XML |
LoadFromString,
LoadFromFile
|
GetXml,
SaveXmlFile
|
| JWK |
LoadFromString,
LoadFromFile,
LoadBd
|
GetJwk,
GetJwkThumbprint
|
| Raw ECDSA coordinates |
LoadEcdsa |
Export through DER, PEM, JWK, or XML methods after loading.
|
| Raw Ed25519 public key |
LoadEd25519 |
Export through JWK or other supported output methods after loading.
|
JWK Support
| Key Type |
JWK Fields |
Notes |
| RSA |
kty,
n,
e
|
Represents the RSA modulus and public exponent.
|
| ECC |
kty,
crv,
x,
y
|
Represents the named curve and public point coordinates.
|
| Ed25519 |
kty,
crv,
x
|
Ed25519 JWK support was added in v9.5.0.83.
|
Thumbprints:
GetJwkThumbprint returns the public key’s JWK
thumbprint according to RFC 7638, using the requested hash algorithm.
Loading ECDSA Keys from Qx and Qy
LoadEcdsa loads an ECDSA public key directly from
the public point coordinates Qx and
Qy, provided as hex strings.
| Curve Family |
Supported Curve Names |
| NIST / SEC prime curves |
secp256r1,
secp384r1,
secp521r1,
secp256k1,
secp192r1,
secp224r1
|
| Brainpool curves |
brainpoolp160r1,
brainpoolp192r1,
brainpoolp224r1,
brainpoolp256r1,
brainpoolp320r1,
brainpoolp384r1,
brainpoolp512r1
|
Alternative loading:
ECDSA public keys in formats such as DER, PEM, JWK, XML, or encoded DER can be
loaded with LoadBd,
LoadFromBinary,
LoadFromFile, or
LoadFromString.
preferPkcs1 Argument
| Used By |
Meaning |
When It Matters |
|
GetDer,
GetDerBd,
GetEncoded,
GetPem,
SaveDerFile,
SavePemFile
|
Chooses the preferred output format when the key type supports both PKCS#1
and PKCS#8 representations.
|
Most relevant for RSA public keys and interoperability with tools or APIs
expecting one public-key structure over another.
|
Interoperability tip:
When exchanging keys with another system, confirm whether it expects PKCS#1-style
or PKCS#8-style public-key output, then set
preferPkcs1 accordingly.
Method Summary by Category
| Category |
Methods |
Purpose |
| General loading |
LoadBd,
LoadFromFile,
LoadFromString
|
Load public keys from auto-recognized binary or string formats.
|
| DER / Base64 loading |
LoadFromBinary,
LoadBase64
|
Load public keys from binary DER or Base64-encoded DER.
|
| Raw key loading |
LoadEcdsa,
LoadEd25519
|
Load keys from ECDSA public point coordinates or raw Ed25519 hex.
|
| DER / PEM export |
GetDer,
GetDerBd,
GetEncoded,
GetPem
|
Export the public key in binary, encoded, or PEM form.
|
| JWK / XML export |
GetJwk,
GetJwkThumbprint,
GetXml
|
Export public keys to JSON Web Key, JWK thumbprint, or XML.
|
| Saving to files |
SaveDerFile,
SavePemFile,
SaveXmlFile
|
Persist the public key to DER, PEM, or XML files.
|
Diagnostics and Troubleshooting
| Problem Area |
Member |
What to Check |
| Key load failed |
LastErrorText |
Check whether the input is valid DER, PEM, XML, JWK, encoded DER, ECDSA
coordinates, or Ed25519 hex.
|
| Object has no key |
Empty |
Confirm a load method succeeded before exporting or using the key.
|
| Unexpected key type |
KeyType |
Confirm whether the loaded key is RSA, DSA, or ECC.
|
| Unexpected key size |
KeySize |
Check that the key size matches the expected strength.
|
| ECDSA coordinate load fails |
LoadEcdsa |
Confirm the curve name is supported and that
Qx and Qy are valid
hex strings for that curve.
|
| Export format rejected by another system |
preferPkcs1,
GetDer,
GetPem
|
Try the alternate PKCS#1 / PKCS#8 preference if the key type supports both.
|
| Encoded output is not in the expected form |
GetEncoded |
Confirm the requested encoding, such as
base64 or hex.
|
Common Pitfalls
| Pitfall |
Better Approach |
| Assuming every PEM or DER public key uses the same structure. |
Use preferPkcs1 when exporting keys that
support multiple structures, especially RSA keys.
|
| Exporting before confirming the key loaded. |
Check the load method return value and inspect
Empty.
|
| Using the wrong method for raw ECDSA coordinates. |
Use LoadEcdsa with curve name,
Qx, and Qy.
|
| Expecting LoadBase64 to load PEM text. |
Use LoadFromString for PEM, XML, JWK, or
encoded DER text when auto-recognition is desired.
|
| Ignoring JWK support in flexible loaders. |
Use LoadFromString,
LoadFromFile, or
LoadBd for JWK-based public-key input.
|
| Not checking LastErrorText after a failed load or save. |
It usually contains the most useful diagnostic detail for malformed input,
unsupported data, path problems, or export failures.
|
Best Practices
| Recommendation |
Reason |
| Use LoadFromFile or LoadFromString for general imports. |
They auto-recognize common public-key formats and simplify code when the
exact format may vary.
|
| Check Empty, KeyType, and KeySize after loading. |
This confirms the object contains a key of the expected type and strength.
|
| Use JWK for JSON-based protocols and PEM/DER for general cryptographic interoperability. |
These are common exchange formats across APIs, tools, and cryptographic
libraries.
|
| Use GetJwkThumbprint when a stable public-key identifier is needed. |
It returns the JWK thumbprint according to RFC 7638.
|
| Use LoadEcdsa only when you already have raw EC coordinates. |
For normal files or strings, the flexible loaders can handle DER, PEM, XML,
JWK, and encoded DER formats.
|
| Save in the format expected by the receiving system. |
Use SaveDerFile,
SavePemFile, or
SaveXmlFile based on the target environment.
|
| Check LastErrorText after failures. |
It provides the most useful diagnostic detail for loading, parsing,
exporting, and saving public keys.
|
Summary
Chilkat.PublicKey is the central Chilkat class for
representing and converting public keys. It loads keys from many common formats,
including DER, PEM, XML, JWK, Base64 DER, raw ECDSA coordinates, and Ed25519 hex,
then exports them as DER, PEM, encoded DER, JWK, XML, or files.
The most important practical guidance is to use the flexible loading methods when
the input format may vary, verify the loaded key with
Empty, KeyType, and
KeySize, and choose the output format expected by the
target system.