Certificate Formats are used as
Certificates are a
binary format.
These are the most common Certificate Formats:
Certificates maybe encoded in using different Encoding formats.
Base64 Encoding X.509 is an encoding method developed for use with Secure/
Multipurpose Internet Mail Extensions (S/
MIME), which is a popular, standard method for transferring
binary attachments over the Internet.
Because all MIME-compliant clients can decode Base64 files, this format might be used by Certificate Authority that are not on computers running Windows Server 2003, so it is supported for interoperability. Base64 certificate files might use the .cer extension.
Privacy-Enhanced Mail certificates usually have extensions such as .pem, .crt, .cer, and .key.
Distinguished Encoding Rules (Distinguished Encoding Rules) (
DER) supports only a single
Certificate:
Often, someone will provide a
Certificate and imply it is in
Canonical Encoding Rules. Usually, certificates would not be exported in
Canonical Encoding Rules format and the certificate is
most likely
Privacy-Enhanced Mail.
Produced by
RSA Labs. Specifies format of objects used during public key operations
In cryptography,
PKCS refers to a group of
Public-Key Cryptography Standards devised and published by RSA Security.
- Language is ASN.1
- Implemented in RSAREF and BSAFE libraries
- Standards from IETF PKIX working group are a superset and generally compatible
An envelope that can store multiple
certificates in
PEM or
DER format.
RFC 2315 for detailed specifications.
Similar to
PKCS#7,
PKCS#12 is a standard for storing
Private Keys and
certificates securely.
PKCS#7 defines a file format commonly used to store
Private Keys with accompanying
Public Key certificates protected with a
password-based symmetric Key.
- Three parts; all are optional
- Include all three: opaque signing
- Omit content: detached signature
- Only certificates: "certs only"
- IETF Standard for "secure electronic mail"
- Digital signatures
- Need canonical form of message to be signed
- Encryption
- Other information for recipient
- Certificates for verification
- Sender's public encryption key (certificate)
- Sender's cryptographic algorithms
From: Eric Norman <ejnorman@doit.wisc.edu>
MIME-version: 1.0
Content-type: multipart/signed; protocol="application/pkcs7-signature";
boundary=Apple-Mail-3-2162327; micalg=sha1
--Apple-Mail-3-2162327
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message text
--Apple-Mail-3-2162327
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Disposition: attachment; filename=smime.p7s
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGQzCCAsMw
ggIsoAMCAQICAgMzMA0GCSqGSIb3DQEBBAUAMIG3MQswCQYDVQQGEwJVUzESMBAGA1UECBMJV2lz
... snip ...
icLcyxUobN5sT+ttMbm1S6Q+6wAAAAAAAA==
--Apple-Mail-3-2162327--
Netscape Certificate Sequence is another PKCS#7 object format, and like the SignedData format, it allows multiple certificates to be imported together. This format is simpler than the PKCS#7 SignedData object format. It consists of a PKCS#7 ContentInfo structure, wrapping a sequence of certificates.
There might be more information for this subject on one of the following: