I have a private key in DER format. I trying to convert it to PEM format. While converting I do
-----BEGIN PRIVATE KEY-----
Base64.encode(privateKey,.getEncoded());
-----END PRIVATE KEY-----
But in some example I see, below lines right after the header.
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F2D4E6438DBD4EA8
Do they have any significance ? Is that also should be added while converting from DER to PEM ?
Those headers are derived from the original PEM format. PEM was replaced by new secure standard before deployment but the file format and the idea to transfer binary data in plain text is re-used in many different standards.
OpenSSL header file pem.h and RFC7468 defined most of them. However new standard as OpenSSH and OpenPGP also use this format to store keys in plain text.
You may check this answer for more information.
Typically keeping a private key unencrypted is considered a bad practice in terms of security.
Basically the headers indicate that the private key base64 data is encrypted with a password. So any program (for e.g. a web server) trying to read the private key would know that the private key is password protected and it needs the password first to decrypt the private key.
If these headers are not there, the program would assume that the base64 key data is in plain text would directly use it.
If you do not use a password to protect the key in pem format, the pem might look like this (without the headers):
-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDL9R9pUyXOnHybNhm9FqhNjUX1W2HEt7bCGQIo0FvT6UyyL7TT -----END RSA PRIVATE KEY-----
These headers are significant if you are encrypting the PEM file. First one tells if the file is encrypted, the second one gives the encryption algorithm (as you can see) and initial vector.
