PKI Certificate Tutorials - Herong's Tutorial Examples

∟PKI Certificate File Formats

∟Certificate File Format Summary

This section provides a summary of 5 commonly used file formats of PKI certificates: DER, PEM, PKCS7 Binary, PKCS7 Text, and PKCS12.

As a summary, here is my understanding of PKI certificate data structure and its commonly used file formats.

A PKI certificate uses ASN.1 data structure to record its data elements.

A PKI certificate can be stored in a file in 5 commonly used formats.

1. DER Format - The PKI certificate is encoded using the DER (Distinguished Encoding Rules) standard into a binary file. Commonly used file extensions are: .der, .cer, .crt.

2. PEM Format - The PKI certificate is encoded using the DER (Distinguished Encoding Rules) standard, encoded again using the Base64 standard, and wrapped in PEM format. Commonly used file extensions are: .pem, .cer, .crt.

Multiple certificates can be concatenated in a single PEM format.

3. PKCS7 Binary Format - The PKI certificate is wrapped as an object using the PKCS7 (Public-Key Cryptography Standard #7) standard, and encoded using the DER standard. Commonly used file extensions are: .p7b, .p7c, .p7r.

Multiple certificates can be wrapped in a single PKCS7 file.

4. PKCS7 Text Format - The PKI certificate is wrapped as an object using the PKCS7 (Public-Key Cryptography Standard #7) standard, encoded using the DER standard, encoded again using the Base64 standard, and wrapped in PEM format. Commonly used file extensions are: .p7b, .p7c, .p7r.

Multiple certificates can be wrapped in a single PKCS7 file.

5. PKCS12 Format - The PKI certificate is wrapped as an object using the PKCS12 (Public-Key Cryptography Standard #12) standard, and encoded using the DER standard. Commonly used file extensions are: .p12, .pfx, .jks.

Multiple certificates can be wrapped in a single PKCS12 file.

Associated private/public key pair can be wrapped together with a certificate in a single PKCS12 file.

The following diagram illustrates those 5 certificate file formats and their relations.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

►PKI Certificate File Formats

 What Is ASN.1 (Abstract Syntax Notation One)

 What Is BER (Basic Encoding Rules)

 BER Encoding Examples

 ASN.1 Type Modifier - Type Tagging

 What Is DER (Distinguished Encoding Rules)

 PKI Certificate Structure in ASN.1 Notations

 PKI Certificate in DER Format

 PKI Certificate in Base64 Format

 PKI Certificate in PEM Format

 PKI Certificate File Viewer and Decoder

 PKI Certificate File ASN.1 Parser

 Certificate Wrapped in PKCS7 Formats

 Certificate Wrapped in PKCS12 Formats

►Certificate File Format Summary

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB

Certificate File Format Summary - Updated in 2024, by Herong Yang