Discuss this help topic in SecureBlackbox Forum

Load certificate and private key from different sources

Certain X.509 certificate formats assume storing the certificate itself and its private key separately, in different files. The examples of such formats are DER (with certificate files typically having a .csr, .cer or .crt extension), and PKCS7 (.p7b). PEM format supports storing private keys either together as well as separately from the certificates.

There is just one important thing that you should take into account when loading a certificate and its key separately: you load the certificate first. Once the certificate is loaded, you can load the key. The things won't work the other way round, you can't load the key prior to the certificate.

The whole procedure looks as the following.

  1. Create a new instance of TElX509Certificate class: TElX509Certificate cert = new TElX509Certificate();
  2. Load the certificate asuming it is stored in the DER format (use TElX509Certificate.DetectCertFileFormat() to check it): cert.LoadFromStream(certStream);
  3. Load the key assuming it is stored in PEM format and encrypted with password (use TElX509Certificate.DetectKeyFileFormat() to check the key format):
    int res = cert.LoadKeyFromStreamPEM(keyStream, "password");
    if (res != 0)
      throw new Exception("Bad key format or password");

Certificate-related How To articles

Discuss this help topic in SecureBlackbox Forum