Digital Certificate Encoding types

Privacy Enhanced Mail (PEM) format

.cer / .pem     

- Base-64 encoded ASCII files 
- can be open  in a text editor
- Can contain certificates and private keys

Distinguished Encoding Rules (DER) format

.cer  / .crt / .der

- Binary encoded 
- Hash of the file matches certificate's thumbprint
- Susceptible to corruption due to binary format 
            (single bit change will invalidate cert as the hash won't match)


Public Key Cryptography Standards (PKCS)

Cryptographic Message Syntax Standard   - PKCS#7

.p7b / .p7c 

- Binary encoded format
- Can include whole certification path
- Cannot contain private keys


Personal Information Exchange - PKCS#12

.pfx / .p12
- Passphrase protected
- Can contain private keys
- Can include whole certification path



References:

https://www.sslshopper.com/ssl-converter.html

http://technet.microsoft.com/en-us/library/cc738545(v=ws.10).aspx

This is very low level Windows API stuff:




No comments:

Post a Comment