PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
Certificate Wrapped in PKCS7 Formats
This section provides a quick introduction of the certificate PKCS7 file format, which wraps one or more certificates under a single ASN.1 structure.
The PKI certificate data structure can be wrapped in a higher level data structures called PKCS12 (Public-Key Cryptography Standard #7) as shown below:
d=0 hl=4 l=1344 cons: SEQUENCE d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData d=1 hl=4 l=1329 cons: cont [ 0 ] d=2 hl=4 l=1325 cons: SEQUENCE d=3 hl=2 l= 1 prim: INTEGER :01 d=3 hl=2 l= 0 cons: SET d=3 hl=2 l= 11 cons: SEQUENCE d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data d=3 hl=4 l=1299 cons: cont [ 0 ] d=4 hl=4 l= 367 cons: SEQUENCE ... First certificate data structure goes here d=4 hl=4 l= 413 cons: SEQUENCE ... Second certificate data structure goes here d=4 hl=4 l= 507 cons: SEQUENCE ... Third certificate data structure goes here ... d=3 hl=2 l= 0 cons: cont [ 1 ] d=3 hl=2 l= 0 cons: SET
The above PKCS7 data structure can be encoded by the DER standard into a binary file, resulting a certificate PKCS7 binary file.
The certificate PKCS7 binary file can be further encoded by the Base64 standard, and wrapped by the PEM standard into a text file, resulting a certificate PKCS7 text file.
The PKCS7 file format can be used to store a single certificate. It is more commonly used to store a signing chain of certificates.
For more information, see PKCS7 Certificate Chain File chapter.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
What Is ASN.1 (Abstract Syntax Notation One)
What Is BER (Basic Encoding Rules)
ASN.1 Type Modifier - Type Tagging
What Is DER (Distinguished Encoding Rules)
PKI Certificate Structure in ASN.1 Notations
PKI Certificate in Base64 Format
PKI Certificate File Viewer and Decoder
PKI Certificate File ASN.1 Parser
►Certificate Wrapped in PKCS7 Formats
Certificate Wrapped in PKCS12 Formats
Certificate File Format Summary
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File