pem
PEM encode/decode (RFC 7468) - wrap binary data in -----BEGIN LABEL----- … -----END LABEL----- armor with 64-char-wide base64 lines; decode a single PEM block back to label and raw data; parse all PEM blocks from a file; read the label; validate PEM structure; and shortcut encoders for CERTIFICATE, PRIVATE KEY, PUBLIC KEY, and CERTIFICATE REQUEST.
Load with: use pem
What this module does
PEM (Privacy Enhanced Mail) is the text encoding used for X.509 certificates,
RSA/EC keys, and CSRs in TLS. pem produces the standard
-----BEGIN …----- / -----END …----- format with
64-character-wide base64 lines (via the enc module). Decoding
strips the headers and base64-decodes the body back to raw bytes.
Quick example
use pem
# Encode
cert_pem = pemcrt(der_bytes)
key_pem = pemkey(private_key_bytes)
pub_pem = pempub(public_key_bytes)
# Generic encode with custom label
custom = pemen("EC PARAMETERS", raw_bytes)
# Decode one block
r = pemde(cert_pem)
prn(r.label) # "CERTIFICATE"
prn(r.data) # raw bytes
# Decode all blocks in a chain file
blocks = pemal(chain_pem)
trl.ech(blocks, \(b) prn(b.label))
# Validate
prn(pemok(cert_pem)) # truFunctions
Encoding
pemen(label, data) / pem.enc(label, data)Encodes data (any value coerced to string) as a PEM block with the given label. Base64 lines are 64 characters wide.
pemcrt(data) / pem.crt(data)Shortcut: pemen("CERTIFICATE", data).
pemkey(data) / pem.key(data)Shortcut: pemen("PRIVATE KEY", data).
pempub(data) / pem.pub(data)Shortcut: pemen("PUBLIC KEY", data).
pemcsr(data)Shortcut: pemen("CERTIFICATE REQUEST", data).
Decoding
pemde(s) / pem.dec(s)Decodes the first PEM block in string s. Returns {label, data} where data is the base64-decoded raw content.
pemal(s) / pem.all(s)Parses all PEM blocks in s (e.g. a certificate chain file). Returns a list of {label, data} objects.
pemlb(s) / pem.lbl(s)Returns just the label string from the first PEM block in s.
pemok(s) / pem.ok(s)Returns tru if s contains a valid PEM block with a non-empty label.
Notes
- Requires
trl,txt, andenc.