PEM
- tags
- Security
Summary #
Privacy-Enhanced Mail (PEM) is a de facto file format for storing and sending cryptography keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.” While the original standards were never broadly adopted and were supplanted by PGP(Pretty Good Privacy) and S/MIME(Secure/Multipurpose internet Mail Extensions), the textual encoding they defined became very popular. The PEM format was eventually formalized by the IETF in RFC 7468. wikipedia
- PEM (originally “Privacy Enhanced Mail”) is the most common format for X509 certificates, CSR, and cryptographic keys
- PEM files are usually seen with the extensions .crt, .pem, .cer, and .key (for private keys), but you may also see them with different extensions.
openssl x509 -in CERTIFICATE.pem -text -noout openssl x509 -outform der -in CERTIFICATE.pem -out CERTIFICATE.der
Format #
—–BEGIN PRIVATE KEY—– base64 encoded data —–END PRIVATE KEY—–
—–BEGIN CERTIFICATE—– … base64 encoding of the DER encoded certificate with line endings and padding with equals signs … —–END CERTIFICATE—–
- Example
—–BEGIN EC PRIVATE KEY—– MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQglcjiAt/7M3uLon55OLAu EOdT1NZMUp8FXU0a37JgiJqgBwYFK4EEAAqhRANCAASwsT6+MbEUxY3pLU2brH4p TKBr57yNQnPRsJTYJ0gaKk1n0nkG6p6E9KxofEA1tyCzEv9B+GzD6FTGBb657H15 —–END EC PRIVATE KEY—– ref
PEM also defines a one-line header, consisting of —–BEGIN, a label, and —–, and a one-line footer, consisting of —–END, a label, and —–. The label determines the type of message encoded. Common labels include
CERTIFICATE,
CERTIFICATE REQUEST,
PUBLIC KEY
PRIVATE KEY and
X509 CRL.
Types of file extensions that store PEM format #
- “.csr”
- “.pem”
- “.key”