Download Cheat sheet PDF 12 pages · syntax, editors, patterns, Unicode, performance, debugging
HomePatternsPEM-encoded key/certificate
Pattern

Regex for PEM-encoded key/certificate

BEGIN ... END envelope of a PEM file.

The pattern

-----BEGIN [A-Z ]+-----[\s\S]+?-----END [A-Z ]+-----
Try in explainer →

What it matches

  • -----BEGIN PRIVATE KEY----- ABC123... -----END PRIVATE KEY-----
  • -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----

What it doesn't match

  • some random text
  • -----BEGIN-----

Notes & gotchas

Captures the entire PEM block. Common types: PRIVATE KEY, RSA PRIVATE KEY, EC PRIVATE KEY, PUBLIC KEY, CERTIFICATE, CERTIFICATE REQUEST. Body is base64.

Code in your language

Use the explainer's Code tab to generate ready-to-paste snippets in JavaScript, Python, Java, .NET, Go, Ruby, and PHP for this pattern.

Open in explainer →

About this pattern

Identifier formats like UUIDs, hashes, and version strings have well-defined structures that regex captures cleanly. The pattern verifies format; checksums and validity against a registry need additional checks.

Quick usage in different languages

Once you've validated a candidate value matches this pattern, you'll typically use it inside your application code. Each language has its own regex syntax:

  • JavaScript: new RegExp(pattern).test(value) or /pattern/.test(value)
  • Python: re.match(pattern, value) with raw strings: r"pattern"
  • Java: Pattern.compile(pattern).matcher(value).matches()
  • C# / .NET: Regex.IsMatch(value, pattern)
  • Go: regexp.MustCompile(pattern).MatchString(value) — Go uses RE2 so some advanced features aren't available
  • Ruby: value =~ /pattern/ or pattern.match?(value)
  • PHP: preg_match('/pattern/', $value)

The explainer's Code tab generates these for any pattern you paste — including the right escaping and idioms for each language.

Common pitfalls

  • Anchors matter. The pattern starts with ^ and ends with $ — it expects the entire input to match. To find this pattern inside a longer text, remove the anchors and use the /g flag for multiple matches.
  • Case sensitivity. Letter ranges like [A-Z] only match uppercase. Use the i flag or [A-Za-z] for case-insensitive matching.
  • Escape user input. If you're building a regex from a string variable, escape regex metacharacters first to avoid bugs or injection — use RegExp.escape-equivalents in your language.
  • Performance. For this specific pattern the risk is low, but be cautious of nested quantifiers when adapting it — they can cause exponential backtracking on adversarial input.

See also

Browse all 300 patterns in the library, or open this regex in the interactive explainer to see a token-by-token breakdown, test against custom input, and generate code in seven languages.

← Back to all patterns