It is the binary format. A way to encode ASN.1 syntax in binary.
The first byte in the file should be a
0 character (U+0030)
Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files
/etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM.
The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
It is like the following container format, where
??? is the actual name of key, for instance
This is a PEM formatted file containing just the private-key of a specific certificate and is merely a conventional name and not a standardized one. In Apache installs, this frequently resides in
The rights on these files are very important, and some programs will refuse to load these certificates if they are set wrong.
A .pem (or rarely .der) formatted file with a different extension, one that is recognized by Windows Explorer as a certificate, which .pem is not.
- PKCS#1 RSAPublicKey* (PEM header:
BEGIN RSA PUBLIC KEY)
- X.509 SubjectPublicKeyInfo** (PEM header:
BEGIN PUBLIC KEY)
- PKCS#8 EncryptedPrivateKeyInfo** (PEM header:
BEGIN ENCRYPTED PRIVATE KEY)
- PKCS#12 (PFX) with PKCS-8ShroudedKeyBag
- PKCS#1 RSAPrivateKey** (PEM header:
BEGIN RSA PRIVATE KEY)
- PKCS#8 PrivateKeyInfo* (PEM header:
BEGIN PRIVATE KEY)
- JSON Web Key (JWK) Plaintext RSA Private Key
You may refer to some Command
This operation requires a password, this will generate a
traditional format, which is