Skip to content

Instantly share code, notes, and snippets.

@hallojoe

hallojoe/certificate-formats.md

Last active August 28, 2023 06:50
Show Gist options
  • Save hallojoe/6ceb5b0c362006eb0b4ad2501ecdcc99 to your computer and use it in GitHub Desktop.
Save hallojoe/6ceb5b0c362006eb0b4ad2501ecdcc99 to your computer and use it in GitHub Desktop.
Download ZIP
Certificate formats
Raw
certificate-formats.md

Certificate formats

Certificate formats are used to store digital certificates, which are cryptographic files that contain information about an entity (such as a website or an individual) and their corresponding public key. These certificates are used in various security protocols like SSL/TLS to establish secure connections and verify the authenticity of the parties involved. Different formats are used to store certificates and their associated private keys, and they vary in terms of their structure and supported encryption algorithms. Let's go through some of the common certificate formats:

These formats serve different purposes based on whether you need to store certificates, private keys, or other related cryptographic data, and whether you prioritize human-readability or compactness. The choice of format often depends on the system or application you are working with.

PEM (Privacy-Enhanced Mail) .pem, .crt, .cer

PEM is a widely used format that can contain both certificates and private keys. It uses a Base64 encoding with delimiters (-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to separate different sections of the file. It's human-readable and is often used for certificates, both self-signed and CA-issued, and public keys.

DER (Distinguished Encoding Rules) .der, .cer

DER is a binary format that uses a more compact encoding compared to PEM. It's not as human-readable as PEM but is more efficient for storage and transmission. DER-encoded certificates are often used in situations where space is a concern.

PFX/P12 (Personal Information Exchange) .pfx, .p12

PFX is a format that is used to store both the certificate and the private key in a single encrypted file. This format is often used in Windows environments and can also include intermediate certificates. PFX files are password-protected and are used for secure storage and transport of certificates.

PKCS#7/P7B .p7b, .p7c

PKCS#7 is a format used for storing certificates, certificate chains, and other related data. It can include certificates, CRLs (Certificate Revocation Lists), and signatures. It's not used to store private keys.

PKCS#8 .p8

PKCS#8 is a format used to store private keys separately from certificates. It allows private keys to be encrypted with a passphrase, enhancing security.

CRL (Certificate Revocation List) .crl

CRLs are not certificates but rather lists that contain information about revoked certificates. They are used to check if a certificate has been revoked by its issuing Certificate Authority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment