# RSA.PrivateKey A typed container for an RSA private key parsed from PEM text. ``` struct PrivateKey ``` ## Overview `PrivateKey` accepts PEM input in either the traditional PKCS#1 form ([RFC 8017](https://datatracker.ietf.org/doc/html/rfc8017), `-----BEGIN RSA PRIVATE KEY-----`) or the PKCS#8 form ([RFC 5958](https://datatracker.ietf.org/doc/html/rfc5958), `-----BEGIN PRIVATE KEY-----`). Instances are `Sendable` value types: constructing one copies the PEM bytes into the struct, so the resulting value can be shared across actors and tasks safely. The underlying C API that will eventually consume these values is documented in [`PEM_read_bio_PrivateKey(3)`](https://docs.openssl.org/3.6/man3/PEM_read_bio_PrivateKey/). Today this type is primarily a typed wrapper for key material flowing through application code. It is produced by [`init(pemRepresentation:)`](/documentation/OpenSSL/RSA/PrivateKey/init(pemRepresentation:)) and round-tripped via [`pemData`](/documentation/OpenSSL/RSA/PrivateKey/pemData). Use it wherever your own APIs currently pass a `String` or `Data` blob representing a PEM private key — getting a typed value out of the system makes future signing integration a non-breaking change. > Warning: **Signing is not yet functional.** Key parsing > validates the outer PEM frame, but `PrivateKey` cannot currently > produce signatures — that path requires the OpenSSL provider > layer (`OSSL_PROVIDER_load`, `EVP_PKEY_sign_init`), which is > not integrated in this MVP. Any calling code that reaches > `EVP_PKEY_sign` through a future API will fail until providers > land. See for the complete gap list. > SeeAlso: ``doc://OpenSSL/documentation/OpenSSL/RSA/PublicKey``, ``doc://OpenSSL/documentation/OpenSSL/RSA/PrivateKey/pemData``, > ``doc://OpenSSL/documentation/OpenSSL/RSA/PrivateKey/init(pemRepresentation:)``