Format |
Name |
Description |
PKCS #7 |
Cryptographic Message Syntax Standard |
A PKCS #7 file can be used to store certificates, which is a signeddata structure without data (just). The file name extension is usually. p7b,. p7c |
PKCS #8 |
Private-key Information Syntax Standard. |
Used to carry private certificate keypairs (encrypted or unencrypted). |
PKCS #12 |
Personal information Exchange Syntax Standard. |
Defines a file format commonly used to store private keys with accompanying public key certificates, protected and a pass word-based symmetric key. It is the successor to PFX from Microsoft. |
DER |
Distinguished Encoding Rules |
A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in x.690. |
Pem |
Privacy Enhanced Mail |
BASE64 encoded DER certificates or keys, with additional header and footer lines.
The PEM private key format uses the header and footer lines: -----BEGIN RSA PRIVATE KEY----- -----End RSA PRIVATE KEY-----
The PEM public key format uses the header and footer lines: -----BEGIN Public KEY----- -----End Public KEY-----
The PEM certificate uses the header and footer lines: -----BEGIN Certificate----- -----End Certificate----- |
RSA public Key file (pkcs#1)
The RSA public key PEM file was specific for RSA keys.
It starts and ends with the tags:
-----BEGIN RSA Public Key-----
BASE64 encoded DATA
-----End RSA Public Key-----
Within The Base64 encoded data the following DER structure is present:
Rsapublickey:: = SEQUENCE {
modulus integer, --n
publicexponent integer --e
}
Public Key file (pkcs#8)
Because RSA is isn't used exclusively inside X509 and Ssl/tls, a more generic key format was available in the form of pkcs#8, That is identifies the type of public key and contains the relevant data.
It starts and ends with the tags:
-----BEGIN Public Key-----
BASE64 encoded the DATA-----end public
Key-----
Within The Base64 encoded data the following DER structure is present:
Publickeyinfo:: = SEQUENCE {
algorithm algorithmidentifier,
publickey BIT STRING
}
Algorithmidentifier:: = SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters any DEFINED by algorithm OPTIONAL
}
So for a RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a rsapublickey as the PublicKey key data bitstring. RSA Private Key file (pkcs#1)
The RSA private key PEM file is specific for RSA keys.
It starts and ends with the tags:
-----BEGIN RSA Private key-----
BASE64 encoded DATA
-----End RSA Private key-----
Within The Base64 encoded data the following DER structure is present:
Rsaprivatekey:: = SEQUENCE {
version version,
modulus INTEGER, --n
publicexponent Integer,-- e
privateexponent Integer,-- D
prime1 Integer,-- p
prime2 Integer,-- q
exponent1 integer, --D mod (p-1)
exponent2 Integer,-- D MoD (q-1)
Coefficient INTEGER, --(Inverse of Q) mod p
otherprimeinfos otherprimeinfos OPTIONAL
}
Private Key file (pkcs#8)
Because RSA is isn't used exclusively inside X509 and Ssl/tls, a more generic key format was available in the form of pkcs#8, that identifies the type of private key and contains the relevant data.
The unencrypted PKCS#8 encoded data starts and ends with the tags:
-----BEGIN Private Key-----
BASE64 encoded DATA
-----End Private Key-----
Within The Base64 encoded data the following DER structure is present:
Privatekeyinfo:: = SEQUENCE {
version version,
algorithm algorithmidentifier,
privatekey BIT STRING
}
algorithmidentifier:: = SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters Any DEFINED by algorithm OPTIONAL
}
So for a RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a rsaprivatekey as the Privatekey key data Bitstri Ng.
The encrypted PKCS#8 encoded data start and ends with the tags:
-----BEGIN ENCRYPTED Private key-----
BASE64 encoded DATA
-----End ENCRYPTED Private key-----
Within The Base64 encoded data the following DER structure is present:
Encryptedprivatekeyinfo:: = SEQUENCE {
encryptionalgorithm encryptionalgorithmidentifier,
EncryptedData EncryptedData
}
encryptionalgorithmidentifier:: = Algorithmidentifier
EncryptedData:: = Octet STRING
The EncryptedData octet STRING is a pkcs#8 privatekeyinfo (in the above).
Https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem