PKCS7 certificate

PKCS7 certificate (or PKCS #7 certificate) is a file format based on the PKCS #7 cryptographic message standard defined in RFC 2315. It stores X.509 certificates, or possibly a certificate revocation list.

Format
A PKCS7 certificate is serialized using either PEM or DER format.

The format is distinct from PEM encoded certificate and DER encoded certificate formats, even though those names are accurate descriptions of it.

.spc files sometimes use a different format, in which the DER data is base64-encoded (raw base64, not PEM), and then the base64 text is written to the file encoded in either ASCII or UTF-16.

Identification
PEM-formatted files have a line that reads " " or " ".

Reportedly, the line " " has sometimes been used instead, but this collides with PEM encoded certificate format, and should be considered incorrect.

Examples
To view the contents of a PEM-formatted PKS7 certificate, using OpenSSL: openssl pkcs7 -noout -text -print_certs -in example.p7b

To view the contents of a DER-formatted PKS7 certificate: openssl pkcs7 -inform der -noout -text -print_certs -in example.p7b

Software

 * OpenSSL

Links

 * RFC 2315: PKCS #7: Cryptographic Message Syntax
 * Wikipedia: PKCS

Editors' notes
The PKCS #7 RFC defines six content types, but none of them are for certificate storage, so this is a slightly mysterious format. It's probably a degenerate form of the "signed data" type, with certificates but no data.