set file permissions on writing encrypted PEM data; search for specific object in PEM file when reading instead of just returning the first one