JavaScript / ECMAScript

PEM Private Key Block in JS

Match PEM-encoded private key blocks across the common variants (RSA, EC, DSA, OpenSSH, encrypted, PGP).

Try it in the JS tester →

Pattern

regexJS
-----BEGIN (?:RSA |EC |DSA |OPENSSH |ENCRYPTED |PGP )?PRIVATE KEY-----[\s\S]+?-----END (?:RSA |EC |DSA |OPENSSH |ENCRYPTED |PGP )?PRIVATE KEY-----   (flags: g)

JavaScript / ECMAScript code

jsJavaScript
const re = new RegExp("-----BEGIN (?:RSA |EC |DSA |OPENSSH |ENCRYPTED |PGP )?PRIVATE KEY-----[\\s\\S]+?-----END (?:RSA |EC |DSA |OPENSSH |ENCRYPTED |PGP )?PRIVATE KEY-----", "g");
const input = "-----BEGIN RSA PRIVATE KEY-----\\nMIIEow...\\n-----END RSA PRIVATE KEY-----";
const matches = [...input.matchAll(re)];
console.log(matches.map(m => m[0]));

Uses `String.prototype.matchAll` for global iteration (Node 12+ / all modern browsers).

How the pattern works

The optional `(?:RSA |EC |DSA |OPENSSH |ENCRYPTED |PGP )?` group covers the algorithm prefix variants. [\s\S]+? lazily matches the multiline base64 body. The closing `-----END ... PRIVATE KEY-----` mirrors the opening. This is the canonical pattern for secret-scanning tools.

Examples

Input

-----BEGIN RSA PRIVATE KEY-----\nMIIEow...\n-----END RSA PRIVATE KEY-----

Matches

  • -----BEGIN RSA PRIVATE KEY-----\nMIIEow...\n-----END RSA PRIVATE KEY-----

Input

-----BEGIN OPENSSH PRIVATE KEY-----\nb3Blbn...\n-----END OPENSSH PRIVATE KEY-----

Matches

  • -----BEGIN OPENSSH PRIVATE KEY-----\nb3Blbn...\n-----END OPENSSH PRIVATE KEY-----

Input

-----BEGIN CERTIFICATE-----

No match

Same pattern, other engines

Python (re)

Supported

See how this pattern looks (and behaves) in Python's stdlib `re` module.

Go (RE2)

Supported

See how this pattern looks (and behaves) in Go's `regexp` package (RE2 engine).

← Back to PEM Private Key Block overview (all engines)