How to load certificates (PEM, SPC, PVK, NET)?

0 votes
asked Dec 8, 2015 by nevar (280 points)

The FTP/SSH certificate page states being able to load the following certificates.

  • PKCS #12 (.p7b) and PFX (.pfx) files. These usually contain a private key.
  • DER files (.der/.cer), either binary or Base64-encoded. Private key can be loaded from an external key file

The examples are great, yet I am missing some details on how to load other certificate types. These are;

  • PEM - used by OpenSSL package (Is this just DER with key?)
  • SPC, PKCS#7
  • PVK
  • NET (PKCS#8)

I must admit that I don't fully understand all of them, and sadly don't have the time to invest. Our previous library supported these, and therefore they were exposed to the user has part of our feature set.

So my question is, how do I load each of these certificates? Currently I only see LoadDer and LoadPfx methods.


Applies to: Rebex FTP/SSL

1 Answer

+1 vote
answered Dec 9, 2015 by Lukas Pokorny (88,510 points)
selected Dec 14, 2015 by nevar
Best answer

Certificate.LoadPfx and CertificateChain.LoadPfx methods load PFX and PKCS #12 files that contain certificate and private key. These usually use .pfx and .p12 extension (not .p7b).

Certificate.LoadDer method loads raw certificate data (DER) and Base-64 encoded DER with header and footer. Certificate files supported by this method usually use .der, .cer, .crt or .pem extensions.

CertificateChain.LoadP7b method loads a certificate chain from PKCS #7 files. These usually use .p7b or .p7c extensions, although PEM variants (.pem or .spc) can be used as well.

PrivateKeyInfo object's Load method loads PKCS #8 private keys that usually use .pri or .key extension. It also supports OpenSSL SSLeay keys and PuTTY keys that use .ppk extension. SshPrivateKey class supports the same key types as well. (However, some private key files use .pem extension, and some .key files are actually public keys that can be loaded using PublicKeyInfo object's Load method.)

Certificate.LoadDerWithKey method loads a certificate (just like Certificate.LoadDer), loads a private key (just like PrivateKeyInfo object's Load method) and associates the two.

PVK (a proprietary certificate and key storage format) is not supported by our API.

I am not sure what the "NET" format is and have not been able to find any information about it. Do you have any additional information on this? And how is it related to PKCS #8?