PKI Certificate Tutorials - Herong's Tutorial Examples

∟PKI Certificate File Formats

∟Certificate Wrapped in PKCS12 Formats

This section provides a quick introduction of the certificate PKCS12 file format, which wraps one or more certificates with/without associated key pairs under a single ASN.1 structure.

The PKI certificate data structure can also be wrapped in a higher level data structures called PKCS12 (Public-Key Cryptography Standard #12) as shown below:

d=0  hl=4 l=1950 cons: SEQUENCE          
  d=1  hl=2 l=   1 prim: INTEGER           :03
  d=1  hl=4 l=1892 cons: SEQUENCE          
    d=2  hl=2 l=   9 prim: OBJECT            :pkcs7-data
    d=2  hl=4 l=1877 cons: cont [ 0 ]        
      d=3  hl=4 l=1873 prim: OCTET STRING      [HEX DUMP]:...
           ... Encrypted binary string of 
           ... certificates with/without associated key pairs 

  d=1  hl=2 l=  49 cons: SEQUENCE          
    d=2  hl=2 l=  33 cons: SEQUENCE          
      d=3  hl=2 l=   9 cons: SEQUENCE          
        d=4  hl=2 l=   5 prim: OBJECT            :sha1
        d=4  hl=2 l=   0 prim: NULL              
      d=3  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:2F0767...
    d=2  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:DF3DE121...
    d=2  hl=2 l=   2 prim: INTEGER           :0800

The above PKCS12 data structure can be encoded by the DER standard into a binary file, resulting a certificate PKCS12 binary file.

The PKCS12 file format is capable to store the following combinations of certificates and their associated private/public key pairs.

1. A single certificate and its associated key pair. This format is supported with most PKCS12 file managers like OpenSSL and Java "keytool".

2. A signing chain of certificates and a key pair associated with the end certificate. This format is supported by OpenSSL.

3. A single certificate or multiple unrelated certificates without with key pair. This format is supported by Java "keytool".

For more information, see PKCS12 Certificate Bundle File chapter.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

►PKI Certificate File Formats

 What Is ASN.1 (Abstract Syntax Notation One)

 What Is BER (Basic Encoding Rules)

 BER Encoding Examples

 ASN.1 Type Modifier - Type Tagging

 What Is DER (Distinguished Encoding Rules)

 PKI Certificate Structure in ASN.1 Notations

 PKI Certificate in DER Format

 PKI Certificate in Base64 Format

 PKI Certificate in PEM Format

 PKI Certificate File Viewer and Decoder

 PKI Certificate File ASN.1 Parser

 Certificate Wrapped in PKCS7 Formats

►Certificate Wrapped in PKCS12 Formats

 Certificate File Format Summary

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB

Certificate Wrapped in PKCS12 Formats - Updated in 2024, by Herong Yang