Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Privacy-Enhanced Mail
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Format== Many cryptography standards use [[Abstract Syntax Notation One|ASN.1]] to define their data structures, and [[X.690#DER encoding|Distinguished Encoding Rules]] (DER) to serialize those structures.<ref>{{Cite IETF|rfc=7468|section=1|title=Textual Encodings of PKIX, PKCS, and CMS Structures|last=Sean|first=Leonard|last2=Simon|first2=Josefsson|date=April 2015||language=en|access-date=2017-03-06}}</ref> Because DER produces [[Binary file|binary]] output, it can be challenging to transmit the resulting files through systems, like electronic mail, that only support ASCII. The PEM format solves this problem by encoding the binary data using [[Base64encoded|base64]]. PEM also defines a one-line header, consisting of {{code|-----BEGIN }}, a label, and {{code|-----}}, and a one-line footer, consisting of {{code|-----END }}, a label, and {{code|-----}}. The label determines the type of message encoded. Common labels include {{code|CERTIFICATE}}, {{code|CERTIFICATE REQUEST}}, {{code|PRIVATE KEY}} and {{code|X509 CRL}}. <syntaxhighlight lang="pem"> -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- </syntaxhighlight> PEM data is commonly stored in files with a ".pem" suffix, a ".cer" or ".crt" suffix (for certificates), or a ".key" suffix (for public or private keys).<ref>{{Cite web|url=http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/|title=DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them|website=www.gtopia.org|date=4 February 2010 |archive-url=https://web.archive.org/web/20190804070022/http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/|access-date=2020-02-04|archive-date=2019-08-04}}</ref> The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a ".pem" file. In particular PEM refers to the header and [[base64]] wrapper for a binary format contained within, but does not specify any type or format for the binary data, so that a PEM file may contain "almost anything base64 encoded and wrapped with BEGIN and END lines".<ref>{{Cite web|url=https://stackoverflow.com/questions/5355046/where-is-the-pem-file-format-specified|title=Where is the PEM file format specified?}}</ref> ===Examples=== * An operating system might provide a PEM file containing a list of trusted [[CA certificate]]s, each of which in its own BEGIN/END sections; * A web server might be configured with a "chain" file containing an end-entity certificate plus a list of intermediate certificates, each of which in its own BEGIN/END sections.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)