.NET 10 tip: find PEM blocks from UTF-8 bytes with PemEncoding.FindUtf8

Did you know that in .NET 10 you can scan PEM files directly from UTF-8/ASCII bytes without converting them to string data first? The new API available in .NET 10.0 is called PemEncoding.FindUtf8.

PEM files (certificates and keys, as defined in RFC 7468) can be text-based and are effectively 7-bit ASCII. Since ASCII maps cleanly into single-byte UTF-8, .NET 10 can parse PEM boundaries straight from the byte buffer, skipping the byte-to-char conversion step.

Previously (before .NET 10), the approach was to read the bytes, convert to string, and then call PemEncoding.Find:

using System.IO;
using System.Security.Cryptography;
using System.Text;

string path = @"C:\Certificates\MyCertificate.pem";

byte[] bytes = File.ReadAllBytes(path);
string text = Encoding.ASCII.GetString(bytes);

PemFields fields = PemEncoding.Find(text);

The new approach with .NET 10 is simply: read bytes and call PemEncoding.FindUtf8 directly:

using System;
using System.IO;
using System.Security.Cryptography;

string path = @"C:\Certificates\MyCertificate.pem";

byte[] bytes = File.ReadAllBytes(path);
PemFields fields = PemEncoding.FindUtf8(bytes);

ReadOnlySpan<byte> labelBytes = bytes.AsSpan(fields.Label);
ReadOnlySpan<byte> base64Bytes = bytes.AsSpan(fields.Base64Data);

string label = System.Text.Encoding.ASCII.GetString(labelBytes);

Console.WriteLine(label);

Here, the PemFields struct tells you where the label and the Base64 payload are inside the original buffer, so you can slice it without extra allocations.

If you prefer to handle potential errors without a try-catch block, you can utilize a non-throwing version, the PemEncoding.TryFindUtf8 method.