Certificate Wrapped in PKCS7 Formats

This section provides a quick introduction of the certificate PKCS7 file format, which wraps one or more certificates under a single ASN.1 structure.

The PKI certificate data structure can be wrapped in a higher level data structures called PKCS12 (Public-Key Cryptography Standard #7) as shown below:

d=0  hl=4 l=1344 cons: SEQUENCE          
  d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
  d=1  hl=4 l=1329 cons: cont [ 0 ]        
    d=2  hl=4 l=1325 cons: SEQUENCE          
      d=3  hl=2 l=   1 prim: INTEGER           :01
      d=3  hl=2 l=   0 cons: SET               
      d=3  hl=2 l=  11 cons: SEQUENCE          
        d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
      d=3  hl=4 l=1299 cons: cont [ 0 ]        
        d=4  hl=4 l= 367 cons: SEQUENCE          
          ... First certificate data structure goes here
     
        d=4  hl=4 l= 413 cons: SEQUENCE    
          ... Second certificate data structure goes here

        d=4  hl=4 l= 507 cons: SEQUENCE
          ... Third certificate data structure goes here

        ...

      d=3  hl=2 l=   0 cons: cont [ 1 ]        
      d=3  hl=2 l=   0 cons: SET        

The above PKCS7 data structure can be encoded by the DER standard into a binary file, resulting a certificate PKCS7 binary file.

The certificate PKCS7 binary file can be further encoded by the Base64 standard, and wrapped by the PEM standard into a text file, resulting a certificate PKCS7 text file.

The PKCS7 file format can be used to store a single certificate. It is more commonly used to store a signing chain of certificates.

For more information, see PKCS7 Certificate Chain File chapter.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

PKI Certificate File Formats

 What Is ASN.1 (Abstract Syntax Notation One)

 What Is BER (Basic Encoding Rules)

 BER Encoding Examples

 ASN.1 Type Modifier - Type Tagging

 What Is DER (Distinguished Encoding Rules)

 PKI Certificate Structure in ASN.1 Notations

 PKI Certificate in DER Format

 PKI Certificate in Base64 Format

 PKI Certificate in PEM Format

 PKI Certificate File Viewer and Decoder

 PKI Certificate File ASN.1 Parser

Certificate Wrapped in PKCS7 Formats

 Certificate Wrapped in PKCS12 Formats

 Certificate File Format Summary

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB