Digital Certificate Encoding types

Privacy Enhanced Mail (PEM) format

.cer / .pem     

- Base-64 encoded ASCII files 
- can be open  in a text editor
- Can contain certificates and private keys

Distinguished Encoding Rules (DER) format

.cer  / .crt / .der

- Binary encoded 
- Hash of the file matches certificate's thumbprint
- Susceptible to corruption due to binary format 
            (single bit change will invalidate cert as the hash won't match)

Public Key Cryptography Standards (PKCS)

Cryptographic Message Syntax Standard   - PKCS#7

.p7b / .p7c 

- Binary encoded format
- Can include whole certification path
- Cannot contain private keys

Personal Information Exchange - PKCS#12

.pfx / .p12
- Passphrase protected
- Can contain private keys
- Can include whole certification path


This is very low level Windows API stuff:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.