# Export & Import

Certificates may be exported / imported in either binary or base64-encoded form. Binary is more efficient and should be used by default in most cases - base64 is intended for scenarios where a user may need to interact with the certificate directly (for example, pasting into a web form).

A certificate's secret key will ***not*** be exported unless EC\_EXPORT\_SECRET is set, but will always be imported if available.

## API

* [ec\_export\_len()](/export_and_import.md#ec-export-len)
* [ec\_export\_len\_64()](/export_and_import.md#ec-export-len-64)
* [ec\_export()](/export_and_import.md#ec-export)
* [ec\_export\_64()](/export_and_import.md#ec-export-64)
* [ec\_import()](/export_and_import.md#ec-import)
* [ec\_import\_64()](/export_and_import.md#ec-import-64)

### ec\_export\_len()

`uint16_t ec_export_len(ec_cert_t *c, uint8_t export_flags);`

Get the buffer length required to export a certificate with the given flags.

```c
#include <ec.h>
...
unsigned char buf[ec_export_len(c, EC_EXPORT_SECRET)];
...
```

### ec\_export\_len\_64

`size_t ec_export_len_64(ec_cert_t *c, uint8_t export_flags);`

Identical to `ec_export_len()`, except returns the buffer length required to export to base64.

### ec\_export()

`size_t ec_export(unsigned char *dest, ec_cert_t *c, uint8_t export_flags);`

Export a certificate to the given buffer. Returns the number of bytes written to the buffer, or zero on failure.

```c
#include <ec.h>
...
size_t bytes_written = ec_export(buf, c, EC_EXPORT_SECRET);
if(bytes_written == 0) {
    //failed to export certificate
}
...
```

### ec\_export\_64()

`char *ec_export_64(char *dest, ec_cert_t *c, uint8_t export_flags);`

Identical to `ec_export()`, except that the certificate is base64-encoded and armoured before writing to `dest`. Returns `dest` on success, or NULL on failure.

### ec\_import()

`ec_cert_t *ec_import(unsigned char *src, size_t length, size_t *consumed);`

Import a certificate from a buffer. Returns a certificate on success, or NULL otherwise.

If `consumed` is not NULL, then the number of bytes consumed from `src` will be stored there. On error, this value is considered undefined.

The certificate is tested with `EC_CHECK_CERT` before returning - if it does not pass, the import is considered to have failed and NULL is returned.

```c
#include <ec.h>
...
ec_cert_t *c = ec_import(buf, buf_size);
if(c != NULL) {
    //imported successfully
}
...
```

### ec\_import\_64()

`ec_cert_t *ec_import_64(char *src, size_t length, size_t *consumed);`

Identical to `ec_import()`, except interprets the buffer as armoured and base64-encoded. The certificate may be present at any offset in the buffer, provided that the envelope is intact.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://libec.erayd.net/export_and_import.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.