PEM
PEM (originally "Privacy Enhanced Mail") is the most common format for X.509 certificates and cryptographic keys. A PEM file is a text file containing one or more elements in BASE64 ASCII encoding. The structure is clearly organized by means of plain text headers and footers.
-----BEGIN CERTIFICATE-----
...
... <BASE64> ...
...
-----END CERTIFICATE-----
A single PEM file can contain a single certificate, a private key, or multiple certificates that form a complete certificate chain. PEM files are usually stored with .crt, .pem, .cer, and .key (for private keys) extensions.
webPDF currently supports passing X.509 certificates, public and private keys (encrypted and unencrypted) using a PEM file.
webPDF currently supports only private keys based on the RSA cryptosystem.
Below are some examples of supported headers and footers in the PEM file:
Certificates
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
...
Public keys
...
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
...
Private keys and key pairs
...
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA KEY-----
...
...
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED KEY-----
...
...
-----BEGIN ENCRYPTED PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,1E87EA600D9065EEB8CA7FB87DBF5870
...
-----END ENCRYPTED KEY-----
...
There can be any number of entries in a PEM file in any order. When reading the content, webPDF maps the certificates, public and private keys to each other.
Transfer during web service call
The contents of the PEM file can be passed in the parameters when calling the "Signature" web service in order to digitally sign a PDF document with a certificate and the matching private key.