PKCS stands for public-key cryptography standards. It is a series of standards developed by the RSA lab and other security system developers to Promote the Development of public key cryptography. PKCS has published 15 standards. Commonly used:
PKCS #7 cryptographic message syntax Standard
PKCS #10 certification request Standard
PKCS #12 Personal Information Exchange syntax Standard
X.509 is a common certificate format. All certificates comply with ITU-T X509 International Standards for Public Key Infrastructure (PKI.
PKCS #7 common suffixes:. p7b. p7c. SPC
PKCS #12 common suffixes include. p12. pfx
The suffix of X.509 DER encoding (ASCII) is. Der. Cer. CRT.
The suffix of X.509 Pam encoding (base64) is. pem. Cer. CRT.
In OpenSSL toolset, you can use-outform-inform to specify der or Pam format. For example:
OpenSSL X509-in CERT. pem-inform PEM-out cert. Der-outform der
To convert PEM to PKCS #12 in OpenSSL, refer to the command:
OpenSSL PKCS12-export-in CERT. pem-out cert. p12-inkey key. pem
For the conversion from PKCS #12 to PEM in OpenSSL, refer:
OpenSSL PKCS12-in CERT. p12-out key. pem
OpenSSL X509-in key. pem-text-out cert. pem
Http://blog.csdn.net/tsimgsong/archive/2007/12/19/1954404.aspx
Http://zxjgoodboy.blog.sohu.com/71003540.html
The certificate file with the CER suffix has two types of encoding: Der binary encoding or base64 encoding (that is,. pem)
P7b is generally a certificate chain, which includes one or more certificates.
Pfx refers to the certificates and corresponding private keys stored in PKCS #12 format.
In security programming, there are several typical password exchange information file formats:
Der-encoded certificate:. CER,. CRT
PEM-encoded message:. pem
PKCS #12 Personal Information Exchange:. pfx,. p12
PKCS #10 certification request:. p10
PKCS #7 Cert Request Response:. p7r
PKCS #7 binary message:. p7b
. Cer/. CRT is used to store certificates. It is in binary format and does not contain private keys.
The difference between. PEM and CRT/CER is that it is represented in ASCII.
Pfx/P12 is used to store the Personal Certificate/private key. It usually includes a password, which is in the binary mode.
P10 is a certificate request
P7r is the CA's reply to the certificate request and is only used for Import
P7b displays the certificate chain in a tree. It also supports a single certificate without the private key.
Http://5233studio.bokee.com/3264715.html
OpenSSL: pkcs7 3 signed-data content encoding and decoding --
The signed content type consists of any type of content and digital signature. Any type of content can be signed by any number of signers at the same time.
The process of generating signature data is as follows:
1. For each Signatory, he uses the message digest algorithm to calculate the digest value.
2. For each signatory, the message digest and related information are encrypted with their own private key.
3. For each signer, add the encrypted message digest and other specific information of the signer to the signer_info value. The certificate and CRL of each signatory are also collected in this step.
4. Put the information digest algorithm of all signer_info values and content of all signers into the Sign value.