Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Certificates extension

Here are the most used file formats to store X509 certificates, cryptographic keys or cryptographic operations results:

DER

Used to encode X509 certificates with ASN.1 notation
Usual extensions: .der, .cer, .crt, .cert

PEM

Can contain private keys, public keys and X509 certificates. PEM format is base64 encoded DER to which are added ASCII headers.
Usual extensions: .pem, .cer, .crt, .cert

PFX

A Microsoft specification, ancestor of PKCS#12. It is not used anymore excepted in old products (Netscape 4.03 and former ones).
Note though that Microsoft still uses the .pfx extension to designate files in PKCS#12 format. It can be confusing.

PKCS#7

This specification is part of RSA's Public-Key Cryptography Standards.
PKCS#7 describes the syntax of data that has been subject to cryptographic operations such as electronic signature or encryption. It is recursivity-compatible: encryption of signed data for example. The version 1.5 is specified in RFC 2315. The Cryptographic Message Syntax (CMS, RFC 2630) specification, used by S/MIME 3, comes from PKCS#7.
PKCS#7 files usual extensions: .p7b, .p7s (signed data), .p7m (enciphered data)

PKCS#12

This specification is part of RSA's Public-Key Cryptography Standards. It is used to store private keys, public keys and certificate safely in terms of confidentiality and integrity (either with password - in most cases - or via asymmetric cryptography - more scarce and not used by general public products). Data is stored in binary format.

It is the commonly used format to store a certificate and its private key in a file protected with a password (confidentiality and integrity). This format is used by Mozilla and Internet Explorer/Outlook to import and export a certificate and its private key.
PKCS#12 files usual extensions: .p12, .pfx (Microsoft uses this extension to designate PKCS#12 files; see PFX section)

PVK

It is the proprietary format used by Microsoft to store signature private keys in several of its products. The associated public keys are stored in .spc files.

Useful links