Saving a pem certificate in a SQL Server database

Question

I need to save the content of a *.PEM certificate in a SQL Server database. I plan to save it in a nvarchar() column, but I'm not sure what length should I use.

I would appreciate any advice. If you have experience with saving pem files to a relational database that would be even better.

Answer 1

There is no upper limit on the size of an X.509 certificate file in DER. PEM takes DER and increases its size by 4/3. So no, there is no upper limit on the size of a PEM format certificate.

• Your private key is 512 bytes.
• Counterparts are another 512 bytes.
• Padding (1 byte for each part of it).
• Exponent (usually 3 bytes).
• The tag required to identify it as a PrivateKeyInfo structure is about another 6 bytes.

So, that's about 1.1k.

PEM takes this and increases its size by 4/3, which means that it'll be about 1380 encoded bytes.

Add the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- header and footer, and that's another 50 bytes, for a total of 1420 bytes. (If it's an encrypted private key, it'll be a bit bigger.) There is no upper bound per se, but a file containing a private key shouldn't be larger than about 2048 bytes if it uses any reasonable keysize.

So, for conclusion, defining the field as varchar(2048) should be safe enough.

Answer 2

There's no maximum certificate/key/signature size, and certificates can have extensions.

To be honest, I would follow one of these limits defined by well known companies:

• Cisco StarOS Release 21.3 (2017, source ) defines:

  The new supported size of certificate configured in DER is 6144 bytes and PEM is 8192 bytes".

• AWS Identity and Access Management API ( source ) allows upload of certificate in PEM-encoded format with these length constraints:

  Minimum length of 1. Maximum length of 16384.

• AWS Certificate Manager API ( source ) allows export of certificate in PEM-encoded format with these length constraints:

  Minimum length of 1. Maximum length of 32768.