tls - What are the differences between .pem, .csr, .key, .crt and other such file extensions? - Cryptography Stack Exchange

Supprimer Rendre public Rendre privé

690 shaares
3 liens privés

690 shaares · 3 liens privés

Filtres

Liens par page

20 50 100

tls - What are the differences between .pem, .csr, .key, .crt and other such file extensions? - Cryptography Stack Exchange

Notes for openssl

Private key :

# Add a password to a PEM private key file
openssl rsa -aes256 -in unprotected.pem -out protected.pem -passout "pass:toto"
# Read a PEM private key file with password
openssl rsa -in  password.pem -passin "pass:toto"
openssl rsa -in  password.pem -passin "file:password.txt"

Certificate :

# Read a certificate PEM file
openssl x509 -in certificate.pem
# Fingerprint for the certificate
openssl x509 -noout -in certificate.pem -sha256 -fingerprint
# Certificate chain
openssl x509 -noout -subject -issuer -in  certificate.pem

Verify certificate

# sign fil with private key
openssl dgst -sha256 -sign tstpri.pem -out tst.sig fil
# verify the signature with matching public key
openssl dgst -sha256 -verify tstpub.pem -signature tst.sig fil

File extensions can be (very) loosely seen as a type system.

.pem

a base64 encoding with header and footer lines. 
The contents of the PEM are detailed in the header and footer line 
[Examples](https://stackoverflow.com/questions/5215771/how-can-i-check-if-the-certificate-file-i-have-is-in-pem-format)
 CRT
 -----BEGIN CERTIFICATE-----
 -----END CERTIFICATE-----
 PEM
 -----BEGIN RSA PRIVATE KEY-----
 -----END RSA PRIVATE KEY----

.der

as PEM this is binary encoding method, conversion : 
openssl x509 -in example.pem -out example.der -outform DER

.key

can be any kind of key, but usually it is the private key.
OpenSSL can wrap private keys for all algorithms (RSA, DSA, EC) in a generic and standard PKCS#8 structure 
the encoding could be PEM or DER, both can protect the key with password-based

.crt or .cer

stands simply for certificate, usually an X509v3 certificate, 
the encoding could be PEM or DER
a certificate contains the public key, but it contains much more information (most importantly the signature by the Certificate Authority over the data and public key, of course).

.csr or .req or sometimes .p10

stands for Certificate Signing Request as defined in PKCS#10; 
the encoding could be PEM or DER
it contains information such as the public key and common name required by a Certificate Authority to create and sign a certificate for the requester,

.p12 or .pfx

is a PKCS#12 defined key store, commonly password protected. 
It can contain trusted certificates, private key(s) and their certificate chain(s), but also other information such as secret keys and (
p12 is usually binary / DER encoded.

.crl

is a Certificate Revocation List which is defined within the X.509v3 certificate specifications, and this is usually DER encoded as well.

certificate

Wed May 4 11:06:46 2022 * · permalien

https://crypto.stackexchange.com/questions/43697/what-are-the-differences-between-pem-csr-key-crt-and-other-such-file-exte

Filtres

Liens par page

20 50 100