{"id":3735,"library":"pem","title":"PEM file parsing for Python","description":"The `pem` library is a Python module designed for parsing and splitting PEM (Privacy Enhanced Mail) files, which contain Base64-encoded DER keys and certificates. It is a lightweight tool with no external dependencies, focusing solely on file parsing without interpreting the certificate data itself. The current version is 23.1.0, and it maintains a steady, though not rapid, release cadence.","status":"active","version":"23.1.0","language":"en","source_language":"en","source_url":"https://github.com/hynek/pem","tags":["cryptography","ssl","certificates","pem","parsing"],"install":[{"cmd":"pip install pem","lang":"bash","label":"Install `pem`"}],"dependencies":[],"imports":[{"symbol":"pem","correct":"import pem"}],"quickstart":{"code":"import pem\n\n# Create a dummy PEM file for demonstration\nwith open(\"example.pem\", \"w\") as f:\n    f.write(\"-----BEGIN CERTIFICATE-----\\n\")\n    f.write(\"MIIDTDCCArSgAwIBAgIUJgMhCgS1P2Q3R5fL6Z9y/B0X6UowDQYJKoZIhvcNAQEL\\n\")\n    f.write(\"BQAwMjELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0xhdGlvczEQMA4GA1UEAwwHVGVz\\n\")\n    f.write(\"dENlcnQwHhcNMjMwMTAxMDAwMDAwWhcNMzMwMTAxMDAwMDAwWjAyMQswCQYDVQQG\\n\")\n    f.write(\"EwJJVDERMA8GA1UECAwIQ2l0dGFkZTEPMA0GA1UEAwwGbG9jYWxoZDAwggEiMA0G\\n\")\n    f.write(\"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEcE5pZz3lF9mJ8p+qG7xR7qK6YmQp\\n\")\n    f.write(\"qM2oY0t/J2n7c5y2X6Q5F7pW1Z7rC9Q9X0P0P0P0P0P0P0P0P0P0P0P0P0P0P0P\\n\")\n    f.write(\"AgMBAAGjUzBRMB0GA1UdDgQWBBTx3B4e3b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b\\n\")\n    f.write(\"MCgGA1UdEQQfMB2CDXNvbWVkb21haW4uY29tggdFWEFNUExFMzANBgkqhkiG9w0B\\n\")\n    f.write(\"AQsFAAOCAQEAy/qJ/w+7p+2v+6v+7v+8v/9v/g+v/x+y/0+1/2/3/4/5/6/7/8/\\n\")\n    f.write(\"-----END CERTIFICATE-----\\n\")\n\ncerts = pem.parse_file(\"example.pem\")\nfor cert in certs:\n    print(f\"Found PEM object: {type(cert).__name__}\")\n    print(str(cert)[:100] + \"...\") # Print first 100 chars of the PEM string\n","lang":"python","description":"This quickstart demonstrates how to parse a PEM file. It first creates a dummy `example.pem` file with a sample certificate, then uses `pem.parse_file()` to read and extract the PEM objects. The type and a truncated string representation of each found object are printed."},"warnings":[{"fix":"Store PEM files containing sensitive data outside of your repository, preferably in secure storage or environment variables, and load them at runtime. Use `.gitignore` to prevent accidental commits.","message":"PEM files are frequently used for sensitive cryptographic material like private keys. These should generally NOT be committed to version control systems like Git.","severity":"gotcha","affected_versions":"All"},{"fix":"Concatenate all necessary certificates (server, intermediate, root) into a single PEM file. Tools like `openssl x509 -in cert.cer -inform DER -outform PEM >> combined.pem` can be used to convert DER and combine PEM files.","message":"When working with `requests` or `ssl` modules, ensure your PEM file contains the complete certificate chain (server certificate, intermediate CAs, and root CA) if you are providing it for verification. An incomplete chain can lead to `SSLCertVerificationError`.","severity":"gotcha","affected_versions":"All"},{"fix":"Ensure your files are correctly PEM-encoded (i.e., start with `-----BEGIN ...-----` and end with `-----END ...-----`). If you have DER files, convert them to PEM format before using `pem`.","message":"The `pem` library strictly parses PEM-encoded data. If you are attempting to parse a file that is in DER (Distinguished Encoding Rules) format without PEM wrappers, `pem` will not be able to process it.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}