Certificate File Formats 6.4 Flashcards
X.509 v3 Digital Certificates
X.509 is a standard format for public key certificates, digital documents that securely associate cryptographic key pairs with identities such as websites, individuals, or organizations.
Distinguished Encoding Rules (DER)
Designed to transfer syntax for data structures. Specifically designed for X.509 certificates. Binary format, very common, used across many platforms. Often used with Java certificates. Can only carry a single certificate.
.der
Privacy-Enhanced Mail (PEM)
This is commonly received from a Certificate Authority (CA). It’s supported by many different apps, on many different OS’s. It’s in ASCII. PEM encoding can carry multiple certificates.
.pem
.cer
.crt
Public Key Cryptography Standards # 12 (PKCS# 12)
Personal Information Exchange Syntax Standard. Developed by RSA security and is an RFC standard. It uses a .p12 container to store many X.509 certificates. Often used to xfer private and public key pair. The container can be password protected.
.pfx
.p12 (alternative file extension of fpx)
Certificate (CER)
It’s a certificate file. It’s primarily a Windows X.509 file. It can be encoded as binary DER or ASCII PEM formats. It usually contains a public key. Private keys use .pfx. File extension can only be interchanged if the encoding is identical.
.cer .crt .pfx .pem .der
Public Key Cryptography Standards # 7 (PKCS# 7)
Associated with a .p7b file. Stored in Base 64 ASCII. Private keys are not included with this. You will see this supported by Windows, Java Tomcat, and others.
.p7b
.p7c
KEY
Can be used for both public and private PKCS # 8. Can be encoded as binary DER or ASCII PEM.
.key