GioTlsCertificate:private-key-pem

The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS #1 format (“BEGIN RSA PRIVATE KEY“) or unencrypted PKCS #8 format (“BEGIN PRIVATE KEY“). PKCS #8 format is supported since 2.32; earlier releases only support PKCS #1. You can use the openssl rsa tool to convert PKCS #8 keys to PKCS #1.

This property (or the GTlsCertificate:private-key property) can be set when constructing a key (for example, from a file). Since GLib 2.70, it is now also readable; however, be aware that if the private key is backed by a PKCS #11 URI - for example, if it is stored on a smartcard - then this property will be NULL. If so, the private key must be referenced via its PKCS #11 URI, GTlsCertificate:private-key-pkcs11-uri. You must check both properties to see if the certificate really has a private key. When this property is read, the output format will be unencrypted PKCS #8.