PKCS7 certificate

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(Created page with "{{FormatInfo |formattype=electronic |subcat=Security |extensions={{ext|p7b}}, {{ext|p7c}}, {{ext|spc}}, {{ext|pem}} }} '''PKCS7 certificate''' (or '''PKCS #7 certificate''') i...")
 
m (Software)
 
(4 intermediate revisions by one user not shown)
Line 4: Line 4:
 
|extensions={{ext|p7b}}, {{ext|p7c}}, {{ext|spc}}, {{ext|pem}}
 
|extensions={{ext|p7b}}, {{ext|p7c}}, {{ext|spc}}, {{ext|pem}}
 
}}
 
}}
'''PKCS7 certificate''' (or '''PKCS #7 certificate''') is a file format based on the [[PKCS7|PKCS #7]] cryptographic message standard defined in RFC 2315. It stores [[X.509 certificate|X.509 certificates]], or possibly a certificate revocation list.
+
'''PKCS7 certificate''' (or '''PKCS #7 certificate''') is a degenerate form of the [[PKCS7|PKCS #7]] cryptographic message standard defined in RFC 2315. It stores only [[X.509 certificate|X.509 certificates]] (or possibly a certificate revocation list), with no encrypted data.
  
 
== Format ==
 
== Format ==
Line 14: Line 14:
  
 
== Identification ==
 
== Identification ==
PEM-formatted files have a line that reads "<code>-----BEGIN PKCS7-----</code>" or "<code>-----BEGIN PKCS #7 SIGNED DATA-----</code>".
+
PEM-formatted files have a line that reads "<code>-----BEGIN PKCS7-----</code>" or "<code>-----BEGIN PKCS #7 SIGNED DATA-----</code>". However, this does not distinguish them from other PKCS7 data types.
  
Reportedly, the line "<code>-----BEGIN CERTIFICATE-----</code>" has sometimes been used instead, but this collides with [[PEM encoded certificate]] format, and should be considered incorrect.
+
Reportedly, the line "<code>-----BEGIN CERTIFICATE-----</code>" has sometimes been used instead, though this could cause it to be confused with [[PEM encoded certificate]] format.
  
 
== Examples ==
 
== Examples ==
To view the contents of a PEM-formatted PKS7 certificate, using OpenSSL:
+
To view the contents of a PEM-formatted PKCS7 certificate, using OpenSSL:
 
   openssl pkcs7 -noout -text -print_certs -in example.p7b
 
   openssl pkcs7 -noout -text -print_certs -in example.p7b
  
To view the contents of a DER-formatted PKS7 certificate:
+
To view the contents of a DER-formatted PKCS7 certificate:
 
   openssl pkcs7 -inform der -noout -text -print_certs -in example.p7b
 
   openssl pkcs7 -inform der -noout -text -print_certs -in example.p7b
  
 
== Software ==
 
== Software ==
* [http://www.openssl.org/ OpenSSL]
+
* [[OpenSSL]]
  
 
== Links ==
 
== Links ==
 
* RFC 2315: PKCS #7: Cryptographic Message Syntax
 
* RFC 2315: PKCS #7: Cryptographic Message Syntax
 
* [[Wikipedia:PKCS|Wikipedia: PKCS]]
 
* [[Wikipedia:PKCS|Wikipedia: PKCS]]
 
== Editors' notes ==
 
The PKCS #7 RFC defines six content types, but none of them are for certificate storage, so this is a slightly mysterious format. It's probably a degenerate form of the "signed data" type, with certificates but no data.
 

Latest revision as of 22:15, 2 February 2016

File Format
Name PKCS7 certificate
Ontology
Extension(s) .p7b, .p7c, .spc, .pem

PKCS7 certificate (or PKCS #7 certificate) is a degenerate form of the PKCS #7 cryptographic message standard defined in RFC 2315. It stores only X.509 certificates (or possibly a certificate revocation list), with no encrypted data.

Contents

[edit] Format

A PKCS7 certificate is serialized using either PEM or DER format.

The format is distinct from PEM encoded certificate and DER encoded certificate formats, even though those names are accurate descriptions of it.

.spc files sometimes use a different format, in which the DER data is base64-encoded (raw base64, not PEM), and then the base64 text is written to the file encoded in either ASCII or UTF-16.

[edit] Identification

PEM-formatted files have a line that reads "-----BEGIN PKCS7-----" or "-----BEGIN PKCS #7 SIGNED DATA-----". However, this does not distinguish them from other PKCS7 data types.

Reportedly, the line "-----BEGIN CERTIFICATE-----" has sometimes been used instead, though this could cause it to be confused with PEM encoded certificate format.

[edit] Examples

To view the contents of a PEM-formatted PKCS7 certificate, using OpenSSL:

 openssl pkcs7 -noout -text -print_certs -in example.p7b

To view the contents of a DER-formatted PKCS7 certificate:

 openssl pkcs7 -inform der -noout -text -print_certs -in example.p7b

[edit] Software

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox