Re: certificate storage format

[Jakob Bohm]

On 11/28/2011 8:33 AM, prabhu kalyan rout wrote:

Hi,
my question is how many certificate storage formats are available and
what are they?

just like del pks12

Fortunately, because X.509 certificates are all based on the same standard
(ITU-T standard X.509), there are actually very few formats in circulation:

Certificate alone (without the secret private key of the owner):

1. BER-encoded (usually the DER subset) binary form, usually with file
extension .crt, .pcs or similar.

2. S/MIME: Base64 encoding of #1, with a text line above and below that
says "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

Certificate and some related certificates (like that of the CA) together in
one file, but still without the secret private key of the owner:

3. Concatenated BER-encoded (rare): Simply #1 of each certificate
concatenated into one big file.

4. Concatenated S/MIME: Simply #2 of each certificate concatenated
into one big text file.

5. BER encoded PKCS#7 "envelope" with no message in it, but still
with the "supplemental" list of certificates in it.

The secret private key on its own, possibly with the public key, but not
the certificate:

6. BER-encoded (usually the DER-subset) PKCS#? format, possibly
PKCS#8-encrypted.  This format cab be used by OpenSSL and some
other software.

7. S/MIME: Base64 encoding of #6, with different text lines above/below
than #2.

8. Classic OpenSSL-variant, BER-encoded very similar but not quite
the same as #6

9. Classic OpenSSL-variant, S/MIME-encoded: Base64 encoding of
#6 with (almost?) the same text lines as #7

10. Microsoft .pvk format (used by historic AuthentiCode tools only):
The MS CryptoAPI private key structure PRIVATEKEYBLOB optionally
encrypted with a straight password-derived key.

The certificate and the private key together in one file, optionally with
related certificates (like that of the CA) included:

11. Concatenated BER-encoded (rare): Simply #1 of each certificate
and #6 or #8 of the private key concatenated into one big file.

12. Concatenated S/MIME: Simply #2 of each certificate and
#7 or #9 of the private key concatenated into one big text file.

13. PKCS#12 format, often with file extension .p12 or .pfx.

Anyone have any other formats to add to this list?


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org