Initializer

init(pemRepresentation:)

Parses an RSA private key from a PEM-encoded string.

init(pemRepresentation: String) throws

Parameters

pemRepresentation: The PEM-encoded private key. Accepts both the traditional PKCS#1 framing and the modern PKCS#8 framing defined in RFC 7468. Leading and trailing whitespace is preserved by the store.

Mentioned In

Security Considerations

Discussion

Performs outer-frame validation only: the implementation checks that the input is valid UTF-8 and contains both a -----BEGIN marker and a PRIVATE KEY----- marker. Both PKCS#1 (-----BEGIN RSA PRIVATE KEY-----) and PKCS#8 (-----BEGIN PRIVATE KEY-----) frames satisfy the check. Encrypted PEM keys (those carrying Proc-Type: and DEK-Info: headers per RFC 1421) are accepted at the string level today but cannot be decrypted — decryption requires the provider layer.

Warning

Validation is string-marker-only. A malformed DER blob inside an otherwise valid PEM frame is not rejected. Consumers that need ASN.1-structural validation must decode the payload themselves or wait for the provider-backed initializer in a future release.

Throws

OpenSSLError.invalidKey(_:) if the input is not valid UTF-8 or lacks the expected frame markers.