PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
What Is PKCS7 File Format
This section describes the PKCS7 File Format, which can be used to store multiple signed and/or encrypted data items, including certificates and CRL (Certificate Revocation List) in a single file.
What Is PKCS7 File Format? PKCS7 file format follows the PKCS #7 (Public-Key Cryptography Standard #7) standard. It can be used to store multiple signed and/or encrypted data items, including certificates and CRL (Certificate Revocation List) in a single file.
PKCS7 file format is specified in RFC 2315 "PKCS #7: Cryptographic Message Syntax Version 1.5" at datatracker.ietf.org/doc/html/rfc2315.
A PKCS7 file is written in ASN.1 (Abstract Syntax Notation One) language. Its top level structure is shown in the example below:
d=0 hl=4 l=1344 cons: SEQUENCE
d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
d=1 hl=4 l=1329 cons: cont [ 0 ]
d=2 hl=4 l=1325 cons: SEQUENCE
d=3 hl=2 l= 1 prim: INTEGER :01
d=3 hl=2 l= 0 cons: SET
d=3 hl=2 l= 11 cons: SEQUENCE
d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
d=3 hl=4 l=1299 cons: cont [ 0 ]
d=4 hl=4 l= 367 cons: SEQUENCE
... First certificate encoded here
d=4 hl=4 l= 413 cons: SEQUENCE
... Second certificate encoded here
d=4 hl=4 l= 507 cons: SEQUENCE
... Third certificate encoded here
...
d=3 hl=2 l= 0 cons: cont [ 1 ]
d=3 hl=2 l= 0 cons: SET
The most common usage of PKCS7 file is to store a CRL or a certificate chain.
Commonly used file extensions for PKCS7 files are *.p7b, *.p7c, and *.p7r based on tools used to create them.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain
ASN.1 Data Structure of PKCS7 File