Certificate File Formats 6.4

Question 1

X.509 v3 Digital Certificates

Answer 1

X.509 is a standard format for public key certificates, digital documents that securely associate cryptographic key pairs with identities such as websites, individuals, or organizations.

Question 2

Distinguished Encoding Rules (DER)

Answer 2

Designed to transfer syntax for data structures. Specifically designed for X.509 certificates. Binary format, very common, used across many platforms. Often used with Java certificates. Can only carry a single certificate.

.der

Question 3

Privacy-Enhanced Mail (PEM)

Answer 3

This is commonly received from a Certificate Authority (CA). It’s supported by many different apps, on many different OS’s. It’s in ASCII. PEM encoding can carry multiple certificates.

.pem
.cer
.crt

Question 4

Public Key Cryptography Standards # 12 (PKCS# 12)

Answer 4

Personal Information Exchange Syntax Standard. Developed by RSA security and is an RFC standard. It uses a .p12 container to store many X.509 certificates. Often used to xfer private and public key pair. The container can be password protected.

.pfx
.p12 (alternative file extension of fpx)

Question 5

Certificate (CER)

Answer 5

It’s a certificate file. It’s primarily a Windows X.509 file. It can be encoded as binary DER or ASCII PEM formats. It usually contains a public key. Private keys use .pfx. File extension can only be interchanged if the encoding is identical.

.cer
.crt
.pfx
.pem
.der

Question 6

Public Key Cryptography Standards # 7 (PKCS# 7)

Answer 6

Associated with a .p7b file. Stored in Base 64 ASCII. Private keys are not included with this. You will see this supported by Windows, Java Tomcat, and others.

.p7b
.p7c

Question 7

KEY

Answer 7

Can be used for both public and private PKCS # 8. Can be encoded as binary DER or ASCII PEM.

.key