PrivateKey C Reference Documentation

PrivateKey

Contains an RSA, DSA, or ECC private key. Provides methods for importing and exporting to/from PEM, DER, PKCS8, PKCS1, PVK, and XML formats. Private keys can be imported/exported to both memory and files.

Create/Dispose

HCkPrivateKey CkPrivateKey_Create(void);

Creates an instance of the HCkPrivateKey object and returns a handle (i.e. a "void *" pointer). The handle is passed in the 1st argument for the functions listed on this page.

void CkPrivateKey_Dispose(HCkPrivateKey handle);

Objects created by calling CkPrivateKey_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function. Also, any handle returned by a Chilkat "C" function must also be freed by the application by calling the appropriate Dispose method, such as CkPrivateKey_Dispose.

Properties

int CkPrivateKey_getBitLength(HCkPrivateKey cHandle);

Introduced in version 9.5.0.49

The bit length (strength) of the private key.

void CkPrivateKey_getDebugLogFilePath(HCkPrivateKey cHandle, HCkString retval);

void CkPrivateKey_putDebugLogFilePath(HCkPrivateKey cHandle, const char *newVal);

const char *CkPrivateKey_debugLogFilePath(HCkPrivateKey cHandle);

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

void CkPrivateKey_getKeyType(HCkPrivateKey cHandle, HCkString retval);

const char *CkPrivateKey_keyType(HCkPrivateKey cHandle);

Introduced in version 9.5.0.52

The type of private key. Can be "empty", "rsa", "dsa", or "ecc".

void CkPrivateKey_getLastErrorHtml(HCkPrivateKey cHandle, HCkString retval);

const char *CkPrivateKey_lastErrorHtml(HCkPrivateKey cHandle);

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

void CkPrivateKey_getLastErrorText(HCkPrivateKey cHandle, HCkString retval);

const char *CkPrivateKey_lastErrorText(HCkPrivateKey cHandle);

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Concept of LastErrorText

LastErrorText Standard Information

void CkPrivateKey_getLastErrorXml(HCkPrivateKey cHandle, HCkString retval);

const char *CkPrivateKey_lastErrorXml(HCkPrivateKey cHandle);

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

BOOL CkPrivateKey_getLastMethodSuccess(HCkPrivateKey cHandle);

void CkPrivateKey_putLastMethodSuccess(HCkPrivateKey cHandle, BOOL newVal);

Introduced in version 9.5.0.52

Indicate whether the last method call succeeded or failed. A value of TRUE indicates success, a value of FALSE indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = TRUE and failure = FALSE.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to TRUE. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

void CkPrivateKey_getPkcs8EncryptAlg(HCkPrivateKey cHandle, HCkString retval);

void CkPrivateKey_putPkcs8EncryptAlg(HCkPrivateKey cHandle, const char *newVal);

const char *CkPrivateKey_pkcs8EncryptAlg(HCkPrivateKey cHandle);

Introduced in version 9.5.0.49

The encryption algorithm to be used when exporting the key to encrypted PKCS8. The default value is "3des". Possible choices also include "aes128", "aes192", and "aes256". All of the encryption algorithm choices use CBC mode.

BOOL CkPrivateKey_getUtf8(HCkPrivateKey cHandle);

void CkPrivateKey_putUtf8(HCkPrivateKey cHandle, BOOL newVal);

When set to TRUE, all "const char *" arguments are interpreted as utf-8 strings. If set to FALSE (the default), then "const char *" arguments are interpreted as ANSI strings. Also, when set to TRUE, and Chilkat method returning a "const char *" is returning the utf-8 representation. If set to FALSE, all "const char *" return values are ANSI strings.

BOOL CkPrivateKey_getVerboseLogging(HCkPrivateKey cHandle);

void CkPrivateKey_putVerboseLogging(HCkPrivateKey cHandle, BOOL newVal);

If set to TRUE, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is FALSE. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

void CkPrivateKey_getVersion(HCkPrivateKey cHandle, HCkString retval);

const char *CkPrivateKey_version(HCkPrivateKey cHandle);

Version of the component/library, such as "9.5.0.63"

Methods

BOOL CkPrivateKey_GetJwk(HCkPrivateKey cHandle, HCkString outStr);

const char *CkPrivateKey_getJwk(HCkPrivateKey cHandle);

Introduced in version 9.5.0.66

Gets the private key in JWK (JSON Web Key) format.

RSA keys have this JWK format:

         {"kty":"RSA",
          "n":"0vx7agoebGcQ ... JzKnqDKgw",
          "e":"AQAB",
          "d":"X4cTteJY_gn4F ... 4jfcKoAC8Q",
          "p":"83i-7IvMGXoMX ... vn7O0nVbfs",
          "q":"3dfOR9cuYq-0S ... 4vIcb6yelxk",
          "dp":"G4sPXkc6Ya9 ... 8YeiKkTiBj0",
          "dq":"s9lAH9fggBso ... w494Q_cgk",
          "qi":"GyM_p6JrXySi ... zTKhAVRU"}

ECC keys have this JWK format.

         {"kty":"EC",
          "crv":"P-256",
          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
          "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"}

Returns TRUE for success, FALSE for failure.

Get RSA Private Key in JWK Format (JSON Web Key)

Get ECC Private Key in JWK Format (JSON Web Key)

BOOL CkPrivateKey_GetJwkThumbprint(HCkPrivateKey cHandle, const char *hashAlg, HCkString outStr);

const char *CkPrivateKey_getJwkThumbprint(HCkPrivateKey cHandle, const char *hashAlg);

Introduced in version 9.5.0.66

Returns the JWK thumbprint for the private key. This is the thumbprint of the JSON Web Key (JWK) as per RFC 7638.

Returns TRUE for success, FALSE for failure.

Compute JWK Thumbprint for RSA and EC Private Keys

BOOL CkPrivateKey_GetPkcs1(HCkPrivateKey cHandle, HCkByteData outBytes);

Introduced in version 9.5.0.58

Gets the private key in unencrypted binary DER format, preferring PKCS1 if possible.

RSA keys are returned in PKCS1 ASN.1 DER format:

RSAPrivateKey ::= SEQUENCE {
    version           Version,
    modulus           INTEGER,  -- n
    publicExponent    INTEGER,  -- e
    privateExponent   INTEGER,  -- d
    prime1            INTEGER,  -- p
    prime2            INTEGER,  -- q
    exponent1         INTEGER,  -- d mod (p-1)
    exponent2         INTEGER,  -- d mod (q-1)
    coefficient       INTEGER,  -- (inverse of q) mod p
    otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

DSA keys are returned in this ASN.1 DER format:

SEQUENCE(6 elem)
    INTEGER 0
    INTEGER(2048 bit) (p) 
    INTEGER(160 bit) (q) 
    INTEGER(2044 bit) (g) 
    INTEGER(2040 bit) (y - public key) 
    INTEGER(156 bit) (x - private key) 

ECC keys are returned in this ASN.1 DER format:

(from RFC 5915)
ECPrivateKey ::= SEQUENCE {
    version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
    privateKey     OCTET STRING,
    parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
    publicKey  [1] BIT STRING OPTIONAL (This is the ANSI X9.63 public key format.)

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_GetPkcs1ENC(HCkPrivateKey cHandle, const char *encoding, HCkString outStr);

const char *CkPrivateKey_getPkcs1ENC(HCkPrivateKey cHandle, const char *encoding);

Introduced in version 9.5.0.52

Gets the private key in unencrypted binary DER format, preferring PKCS1 if possible, and returns in an encoded string, as specified by the encoding argument.

RSA keys are returned in PKCS1 ASN.1 DER format:

RSAPrivateKey ::= SEQUENCE {
    version           Version,
    modulus           INTEGER,  -- n
    publicExponent    INTEGER,  -- e
    privateExponent   INTEGER,  -- d
    prime1            INTEGER,  -- p
    prime2            INTEGER,  -- q
    exponent1         INTEGER,  -- d mod (p-1)
    exponent2         INTEGER,  -- d mod (q-1)
    coefficient       INTEGER,  -- (inverse of q) mod p
    otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

DSA keys are returned in this ASN.1 DER format:

SEQUENCE(6 elem)
    INTEGER 0
    INTEGER(2048 bit) (p) 
    INTEGER(160 bit) (q) 
    INTEGER(2044 bit) (g) 
    INTEGER(2040 bit) (y - public key) 
    INTEGER(156 bit) (x - private key) 

ECC keys are returned in this ASN.1 DER format:

(from RFC 5915)
ECPrivateKey ::= SEQUENCE {
    version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
    privateKey     OCTET STRING,
    parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
    publicKey  [1] BIT STRING OPTIONAL (This is the ANSI X9.63 public key format.)

Returns TRUE for success, FALSE for failure.

Supported Binary Encodings

BOOL CkPrivateKey_GetPkcs1Pem(HCkPrivateKey cHandle, HCkString outStr);

const char *CkPrivateKey_getPkcs1Pem(HCkPrivateKey cHandle);

Introduced in version 9.5.0.58

Gets the private key in non-encrypted PEM format, preferring PKCS1 over PKCS8 if possible for the key type.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_GetPkcs8(HCkPrivateKey cHandle, HCkByteData outData);

Gets the private key in unencrypted PKCS8 format.

RSA keys are returned in PKCS8 ASN.1 DER format:

SEQUENCE                  // PrivateKeyInfo
+- INTEGER                // Version - 0 (v1998)
+- SEQUENCE               // AlgorithmIdentifier
   +- OID                 // 1.2.840.113549.1.1.1
   +- NULL                // Optional Parameters
+- OCTETSTRING            // PrivateKey
   +- SEQUENCE            // RSAPrivateKey
      +- INTEGER(0)       // Version - v1998(0)
      +- INTEGER(N)       // N
      +- INTEGER(E)       // E
      +- INTEGER(D)       // D
      +- INTEGER(P)       // P
      +- INTEGER(Q)       // Q
      +- INTEGER(DP)      // d mod p-1
      +- INTEGER(DQ)      // d mod q-1
      +- INTEGER(Inv Q)   // INV(q) mod p

DSA keys are returned in this ASN.1 DER format:

SEQUENCE                 // PrivateKeyInfo
+- INTEGER                 // Version
+- SEQUENCE              // AlgorithmIdentifier
    +- OID                       // 1.2.840.10040.4.1
    +- SEQUENCE           // DSS-Params (Optional Parameters)
	+- INTEGER(P)      // P
	+- INTEGER(Q)      // Q
	+- INTEGER(G)      // G
    +- OCTETSTRING             // PrivateKey
	+- INTEGER(X)      // DSAPrivateKey X

ECC keys are returned in this ASN.1 DER format:

(from RFC 5915)
ECPrivateKey ::= SEQUENCE {
    version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
    privateKey     OCTET STRING,
    parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
    publicKey  [1] BIT STRING OPTIONAL (This is the ANSI X9.63 public key format.)

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_GetPkcs8ENC(HCkPrivateKey cHandle, const char *encoding, HCkString outStr);

const char *CkPrivateKey_getPkcs8ENC(HCkPrivateKey cHandle, const char *encoding);

Introduced in version 9.5.0.52

Gets the private key in unencrypted PKCS8 format and returned in an encoded string, as specified by the encoding argument.

Returns TRUE for success, FALSE for failure.

Supported Binary Encodings

Generate RSA Key and return Base64 PKCS8 Private Key

BOOL CkPrivateKey_GetPkcs8Encrypted(HCkPrivateKey cHandle, const char *password, HCkByteData outBytes);

Writes the private key to password-protected PKCS8 format. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_GetPkcs8EncryptedENC(HCkPrivateKey cHandle, const char *encoding, const char *password, HCkString outStr);

const char *CkPrivateKey_getPkcs8EncryptedENC(HCkPrivateKey cHandle, const char *encoding, const char *password);

Introduced in version 9.5.0.52

Writes the private key to password-protected PKCS8 format and returns as an encoded string as specified by the encoding argument. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.

Returns TRUE for success, FALSE for failure.

Supported Binary Encodings

BOOL CkPrivateKey_GetPkcs8EncryptedPem(HCkPrivateKey cHandle, const char *password, HCkString outStr);

const char *CkPrivateKey_getPkcs8EncryptedPem(HCkPrivateKey cHandle, const char *password);

Writes the private key to password-protected PKCS8 PEM format. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.

Returns TRUE for success, FALSE for failure.

Generate RSA Key and Export to Encrypted PEM

BOOL CkPrivateKey_GetPkcs8Pem(HCkPrivateKey cHandle, HCkString outStr);

const char *CkPrivateKey_getPkcs8Pem(HCkPrivateKey cHandle);

Gets the private key in PKCS8 PEM format.

Returns TRUE for success, FALSE for failure.

HCkPublicKey CkPrivateKey_GetPublicKey(HCkPrivateKey cHandle);

Introduced in version 9.5.0.52

Returns the public key portion of the private key as a public key object.

Returns NULL on failure

Convert RSA Private Key to Public Key

Get ECC Public Key from ECC Private Key

BOOL CkPrivateKey_GetRsaDer(HCkPrivateKey cHandle, HCkByteData outData);

This method is deprecated. It will be removed in a future version.

Gets the private key in PKCS1 DER format. This method is deprecated and is replaced by the GetPkcs1Der method (given that this object may contain a non-RSA key).

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_GetRsaPem(HCkPrivateKey cHandle, HCkString outStr);

const char *CkPrivateKey_getRsaPem(HCkPrivateKey cHandle);

This method is deprecated. It will be removed in a future version.

Gets the private key in PKCS1 PEM format. This method is deprecated and is replaced by the GetPkcs1Pem and GetPkcs8Pem methods (given that this object may contain a non-RSA key).

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_GetXml(HCkPrivateKey cHandle, HCkString outStr);

const char *CkPrivateKey_getXml(HCkPrivateKey cHandle);

Returns the private key in XML format. The private key is returned unencrypted and the parts are base64 encoded.

RSA keys have this XML format:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
  <P>...</P>
  <Q>...</Q>
  <DP>...</DP>
  <DQ>...</DQ>
  <InverseQ>...</InverseQ>
  <D>...</D>
</RSAKeyValue>

DSA keys have this XML format:

<DSAKeyValue>
	<P>...</P>
	<Q>...</Q>
	<G>...</G>
	<Y>...</Y>
	<X>...</X>
</DSAKeyValue>

ECC keys have this XML format. The CURVE_NAME could be one of secp256r1, secp384r1, secp521r1, secp256k1 (or others as new curves are supported.)

<ECCKeyValue curve="CURVE_NAME">...</ECCKeyValue>

Returns TRUE for success, FALSE for failure.

Get RSA Key Modulus from .cer or .key

BOOL CkPrivateKey_LoadEncryptedPem(HCkPrivateKey cHandle, const char *pemStr, const char *password);

Loads the private key from an in-memory encrypted PEM string. An encrypted PEM contains the private key in encrypted PKCS#8 format, where the data begins and ends with the following tags:

-----BEGIN ENCRYPTED PRIVATE KEY-----
BASE64 ENCODED DATA
-----END ENCRYPTED PRIVATE KEY-----

For those requiring a deeper understanding: The base64 data contains ASN.1 DER with the following structure:

EncryptedPrivateKeyInfo ::= SEQUENCE {
  encryptionAlgorithm  EncryptionAlgorithmIdentifier,
  encryptedData        EncryptedData
}

EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedData ::= OCTET STRING

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

Compute JWK Thumbprint for RSA and EC Private Keys

BOOL CkPrivateKey_LoadEncryptedPemFile(HCkPrivateKey cHandle, const char *path, const char *password);

Loads a private key from an encrypted PEM file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadJwk(HCkPrivateKey cHandle, const char *jsonStr);

Introduced in version 9.5.0.66

Loads a private key from an JWK (JSON Web Key) string.

RSA keys have this JWK format:

         {"kty":"RSA",
          "n":"0vx7agoebGcQ ... JzKnqDKgw",
          "e":"AQAB",
          "d":"X4cTteJY_gn4F ... 4jfcKoAC8Q",
          "p":"83i-7IvMGXoMX ... vn7O0nVbfs",
          "q":"3dfOR9cuYq-0S ... 4vIcb6yelxk",
          "dp":"G4sPXkc6Ya9 ... 8YeiKkTiBj0",
          "dq":"s9lAH9fggBso ... w494Q_cgk",
          "qi":"GyM_p6JrXySi ... zTKhAVRU"}

ECC keys have this JWK format.

         {"kty":"EC",
          "crv":"P-256",
          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
          "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"}

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

Load RSA Private Key from JWK Format (JSON Web Key)

Load ECC Private Key from JWK Format (JSON Web Key)

JWE using RSAES-OAEP and AES GCM

BOOL CkPrivateKey_LoadPem(HCkPrivateKey cHandle, const char *str);

Loads the private key from an in-memory PEM string. If the PEM contains an encrypted private key, then the LoadEncryptedPem method should instead be called. This method is for loading an unencrypted private key stored in PEM using PKCS#1 or PKCS#8.

A private key stored in PKCS#1 format begins and ends with the tags:

-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----

For those requiring a deeper understanding, the PKCS1 base64 contains ASN.1 in DER encoding with the following structure:

RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

A private key stored in PKCS#8 format begins and ends with the tags:

-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

For those requiring a deeper understanding, the PKCS8 base64 contains ASN.1 in DER encoding with the following structure:

PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      BIT STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

Compute JWK Thumbprint for RSA and EC Private Keys

BOOL CkPrivateKey_LoadPemFile(HCkPrivateKey cHandle, const char *path);

Loads a private key from a PEM file.

Returns TRUE for success, FALSE for failure.

Create PKCS1 RSA Signature with PEM Private Key

BOOL CkPrivateKey_LoadPkcs1(HCkPrivateKey cHandle, HCkByteData data);

Introduced in version 9.5.0.58

Loads an RSA, ECC, or DSA private key from binary DER.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadPkcs1File(HCkPrivateKey cHandle, const char *path);

Introduced in version 9.5.0.58

Loads a private key from a PKCS1 file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadPkcs8(HCkPrivateKey cHandle, HCkByteData data);

Loads a private key from in-memory PKCS8 byte data.

For those requiring a deeper understanding, the PKCS8 contains ASN.1 in DER encoding with the following structure:

PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      BIT STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadPkcs8Encrypted(HCkPrivateKey cHandle, HCkByteData data, const char *password);

Loads a private key from in-memory password-protected PKCS8 byte data.

For those requiring a deeper understanding, the encrypted PKCS8 contains ASN.1 in DER encoding with the following structure:

EncryptedPrivateKeyInfo ::= SEQUENCE {
  encryptionAlgorithm  EncryptionAlgorithmIdentifier,
  encryptedData        EncryptedData
}

EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedData ::= OCTET STRING

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadPkcs8EncryptedFile(HCkPrivateKey cHandle, const char *path, const char *password);

Loads a private key from an encrypted PKCS8 file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

RSA Sign with PKCS8 Encrypted Key

BOOL CkPrivateKey_LoadPkcs8File(HCkPrivateKey cHandle, const char *path);

Loads a private key from a PKCS8 file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadPvk(HCkPrivateKey cHandle, HCkByteData data, const char *password);

Loads a private key from in-memory PVK byte data.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadPvkFile(HCkPrivateKey cHandle, const char *path, const char *password);

Loads a private key from a PVK format file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadRsaDer(HCkPrivateKey cHandle, HCkByteData data);

This method is deprecated. It will be removed in a future version.

This method is deprecated. Deprecated methods will be removed at some point in the future. Applications should instead call LoadPkcs1.

Loads a private key from in-memory RSA PKCS#1 DER byte data.

For those requiring a deeper understanding, the PKCS1 contains ASN.1 in DER encoding with the following structure:

RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadRsaDerFile(HCkPrivateKey cHandle, const char *path);

This method is deprecated. It will be removed in a future version.

This method is deprecated. Deprecated methods will be removed at some point in the future. Applications should instead call LoadPkcs1File.

Loads a private key from an RSA DER format file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

About RSA Public/Private Keys

BOOL CkPrivateKey_LoadXml(HCkPrivateKey cHandle, const char *xml);

Loads a private key from an XML string.

RSA keys have this XML format:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
  <P>...</P>
  <Q>...</Q>
  <DP>...</DP>
  <DQ>...</DQ>
  <InverseQ>...</InverseQ>
  <D>...</D>
</RSAKeyValue>

DSA keys have this XML format:

<DSAKeyValue>
	<P>...</P>
	<Q>...</Q>
	<G>...</G>
	<Y>...</Y>
	<X>...</X>
</DSAKeyValue>

ECC keys have this XML format. The CURVE_NAME could be one of secp256r1, secp384r1, secp521r1, secp256k1 (or others as new curves are supported.)

<ECCKeyValue curve="CURVE_NAME">...</ECCKeyValue>

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_LoadXmlFile(HCkPrivateKey cHandle, const char *path);

Loads a private key from an XML file.

Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SaveLastError(HCkPrivateKey cHandle, const char *path);

Saves the last-error information (the contents of LastErrorXml) to an XML formatted file.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SavePemFile(HCkPrivateKey cHandle, const char *path);

Introduced in version 9.5.0.58

Saves the private key to an unencrypted PKCS1 PEM format file.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SavePkcs1File(HCkPrivateKey cHandle, const char *path);

Introduced in version 9.5.0.58

Saves the private key to an unencrypted binary PKCS1 format file.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SavePkcs8EncryptedFile(HCkPrivateKey cHandle, const char *password, const char *path);

Saves the private key to a password-protected PKCS8 format file. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SavePkcs8EncryptedPemFile(HCkPrivateKey cHandle, const char *password, const char *path);

Saves the private key to a password-protected PKCS8 PEM format file. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SavePkcs8File(HCkPrivateKey cHandle, const char *path);

Saves the private key to an unencrypted binary PKCS8 format file.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SavePkcs8PemFile(HCkPrivateKey cHandle, const char *path);

Saves the private key to a PKCS8 PEM format file.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SaveRsaDerFile(HCkPrivateKey cHandle, const char *path);

This method is deprecated. It will be removed in a future version.

This method is deprecated and applications should instead call SavePkcs1File.

Saves the private key to a binary PKCS1 DER format file.

Returns TRUE for success, FALSE for failure.

BOOL CkPrivateKey_SaveRsaPemFile(HCkPrivateKey cHandle, const char *path);

This method is deprecated. It will be removed in a future version.

This method is deprecated. Applications should instead call SavePemFile.

Saves the private key to a PKCS1 PEM format file.

Returns TRUE for success, FALSE for failure.

Generate RSA Public/Private Key Pair and Export to PEM

BOOL CkPrivateKey_SaveXmlFile(HCkPrivateKey cHandle, const char *path);

Saves the private key to an XML file.

Returns TRUE for success, FALSE for failure.