<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] are used as [Certificates] are a [binary] format.



These are the most common [{$pagename}]:
* [Privacy-Enhanced Mail] (PEM) (Often referred to as [base64])
* [Distinguished Encoding Rules (DER)|Distinguished Encoding Rules]
* [PKCS#7|PKCS7]
* [PFX Format (PKCS#12)|PKCS12]

!! [{$pagename}] [Encoding]
[Certificates] maybe encoded in using different Encoding formats.

! [Base64] [Encoding] [X.509] 
[Base64] [Encoding] [X.509] is an encoding method developed for use with Secure/[Multipurpose Internet Mail Extensions] (S/[MIME]), which is a popular, standard method for transferring [binary] attachments over the Internet. 
* [Base64] [Encoding] does __NOT__ support storage of a [Certificate Chain].
* [Base64] [Encoding] does __NOT__ support storage of a [Private Key].

Because all MIME-compliant clients can decode [Base64] files, this format might be used by [Certificate Authority] that are not on computers running [Windows Server 2003], so it is supported for interoperability. [Base64] certificate files might use the .cer extension.

! [Privacy-Enhanced Mail] (PEM) (Often referred to as [base64])
[Privacy-Enhanced Mail] certificates usually have extensions such as .pem, .crt, .cer, and .key.


!! [Distinguished Encoding Rules (DER)|Distinguished Encoding Rules]
[Distinguished Encoding Rules (Distinguished Encoding Rules)|Distinguished Encoding Rules] ([DER]) supports only a single [Certificate]:
* [DER] [Encoding] does __NOT__ support storage of a [Certificate Chain].
* [DER] [Encoding] does __NOT__ support storage of a [Private Key].

!! [Canonical Encoding Rules] ([CER])
Often, someone will provide a [Certificate] and imply it is in [Canonical Encoding Rules]. Usually, certificates would not be exported in [Canonical Encoding Rules] format and the certificate is __most__ likely [Privacy-Enhanced Mail].

!! [File System] extensions
* *.crt - Probably this is __most__ likely [Privacy-Enhanced Mail]


!! [Public-Key Cryptography Standards] ([PKCS])
Produced by [RSA] Labs. Specifies format of objects used during public key operations
In cryptography, [PKCS] refers to a group of [Public-Key Cryptography Standards] devised and published by RSA Security.
* Language is [ASN.1]
* Implemented in [RSAREF] and [BSAFE] libraries
* Standards from [IETF] [PKIX] working group are a superset and generally compatible

! [PKCS#7|PKCS7]
An envelope that can store multiple [certificates] in [PEM] or [DER] format. [RFC 2315] for detailed specifications. 
* [PKCS#7|PKCS7] supports storage of a [Certificate Chain].
* [PKCS#7|PKCS7] does __NOT__ support storage of a [Private Key].

! [PKCS#12|PKCS12]
Similar to [PKCS#7|PKCS7], [PKCS#12|PKCS12] is a standard for storing [Private Keys] and [certificates] securely. [PKCS#7|PKCS7] defines a file format commonly used to store [Private Keys] with accompanying [Public Key] [certificates] protected with a [password-based] [symmetric Key]. 
* [PKCS#12|PKCS12] supports storage of a [Certificate Chain].
* [PKCS#12|PKCS12] supports storage of a [Private Key].


! Bundle Contains
*Three parts; all are optional
** [Certificates]
** Content
** Signature (with signer information)
* Include all three: opaque signing
* Omit content: detached signature
* Only [certificates]: &quot;certs only&quot;
** Used for set/list/chain of [Certificate Chain]
** File extension = .p7c (or .p7b)


!! [S/MIME|Secure MIME]
* IETF Standard for &quot;secure electronic mail&quot;
* Digital signatures
** Need canonical form of message to be signed
* Encryption
* Other information for recipient
** Certificates for verification
** Sender's public encryption key (certificate)
** Sender's cryptographic algorithms
!! Example S/MIME (Signed)
{{{
From: Eric Norman &lt;ejnorman@doit.wisc.edu&gt;
MIME-version: 1.0
Content-type: multipart/signed; protocol=&quot;application/pkcs7-signature&quot;;
boundary=Apple-Mail-3-2162327; micalg=sha1
--Apple-Mail-3-2162327
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message text
--Apple-Mail-3-2162327
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Disposition: attachment; filename=smime.p7s
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGQzCCAsMw
ggIsoAMCAQICAgMzMA0GCSqGSIb3DQEBBAUAMIG3MQswCQYDVQQGEwJVUzESMBAGA1UECBMJV2lz
... snip ...
icLcyxUobN5sT+ttMbm1S6Q+6wAAAAAAAA==
--Apple-Mail-3-2162327--
}}}

!!! [Netscape Certificate Sequence]
[Netscape Certificate Sequence] is another PKCS#7 object format, and like the SignedData format, it allows multiple certificates to be imported together. This format is simpler than the PKCS#7 SignedData object format. It consists of a PKCS#7 ContentInfo structure, wrapping a sequence of certificates. 

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>