PKI Certificate in DER Format

This section describes the DER (Distinguished Encoding Rules) file format to store PKI certificates.

Since the PKI certificate structure is defined in ASN.1 notations, it is very natural to save a PKI certificate object in DER (Distinguished Encoding Rules) encoding as a binary file. BER (Basic Encoding Rules) encoding is not used, because it may result non-unique outputs.

Here is a certificate file in DER format printed out in Hex digits:

3082021B 308201A1 A0030201 02021041 D29DD172 EAEEA780 C12C6CE9 2F875230
0A06082A 8648CE3D 04030330 4F310B30 09060355 04061302 55533129 30270603
55040A13 20496E74 65726E65 74205365 63757269 74792052 65736561 72636820
47726F75 70311530 13060355 0403130C 49535247 20526F6F 74205832 301E170D
32303039 30343030 30303030 5A170D34 30303931 37313630 3030305A 304F310B
30090603 55040613 02555331 29302706 0355040A 1320496E 7465726E 65742053
65637572 69747920 52657365 61726368 2047726F 75703115 30130603 55040313
0C495352 4720526F 6F742058 32307630 1006072A 8648CE3D 02010605 2B810400
22036200 04CD9BD5 9F80830A EC094AF3 164A3E5C CF77ACDE 67050D1D 07B6DC16
FB5A8B14 DBE27160 C4BA4595 11898EEA 06DFF72A 161CA4B9 C5C532E0 03E01E82
18388BD7 45D80A6A 6EE60077 FB02517D 22D80A6E 9A5B77DF F0FA41EC 39DC75CA
68070C1F EAA34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13
0101FF04 05300301 01FF301D 0603551D 0E041604 147C4296 AEDE4B48 3BFA92F8
9E8CCF6D 8BA97237 95300A06 082A8648 CE3D0403 03036800 30650230 7B794E46
5084C244 87461B45 70FF5899 DEF4FDA4 D255A620 2D74D634 BC41A350 5F012756
B4BE2775 06AF122E 75988DFC 0231008B F5776CD4 C865AAE0 0B2CEE14 9D2737A4
F953A551 E42983D7 F890315B 429F0AF5 FEAE0068 E78C490F B66F5B5B 15F2E7

Here is what we should know about a certificate file in DER format.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

PKI Certificate File Formats

 What Is ASN.1 (Abstract Syntax Notation One)

 What Is BER (Basic Encoding Rules)

 BER Encoding Examples

 ASN.1 Type Modifier - Type Tagging

 What Is DER (Distinguished Encoding Rules)

 PKI Certificate Structure in ASN.1 Notations

PKI Certificate in DER Format

 PKI Certificate in Base64 Format

 PKI Certificate in PEM Format

 PKI Certificate File Viewer and Decoder

 PKI Certificate File ASN.1 Parser

 Certificate Wrapped in PKCS7 Formats

 Certificate Wrapped in PKCS12 Formats

 Certificate File Format Summary

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB