Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
Certificate in PEM Format
This section describes what is certificate PEM (Privacy Enhanced Mail) format - A format uses PEM idea to convert a certificate in DER format to a message of printable characters. The conversion uses the Base64 encoding.
As you can see from the previous section, when applications generate X.509 certificates, they usually write them as DER files. Since DER files are binary files, they can not be included directly into emails.
In order to transfer certificate DER files easily in emails, the PEM encoding idea described in previous section was borrowed to encode a DER file into a text message of printable characters with the help of Base64 encoding. The result is a certificate file in PEM format with 3 elements in this order:
Here is an example of PEM encoded certificate:
-----BEGIN CERTIFICATE----- MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju Wm7DCfrPNGVwFWUQOmsPue9rZBgO -----END CERTIFICATE-----
Because PEM uses printable characters only, PEM is used as the most popular encoding format to store X.509 certificates to transfer them through emails.
PEM encoded certificate files are supported by almost all applications. "OpenSSL" and "keytool" support PEM encoded certificate files with no problem. See other sections below for test notes.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
►Certificate X.509 Standard and DER/PEM Formats
What Is DER (Distinguished Encoding Rules) Encoding?
What Is PEM (Privacy Enhanced Mail) Encoding?
"keytool" Exporting Certificates in DER and PEM
"OpenSSL" Viewing Certificates in DER and PEM
"OpenSSL" Generating Certificates in DER and PEM
"keytool" Viewing Certificates in DER and PEM
"keytool" Importing Certificates in DER and PEM
Migrating Keys from "OpenSSL" Key Files to "keystore"