PKCS7 certificate
PKCS7 certificate (or PKCS #7 certificate) is a degenerate form of the PKCS #7 cryptographic message standard defined in RFC 2315. It stores only X.509 certificates (or possibly a certificate revocation list), with no encrypted data.
Contents |
Format
A PKCS7 certificate is serialized using either PEM or DER format.
The format is distinct from PEM encoded certificate and DER encoded certificate formats, even though those names are accurate descriptions of it.
.spc files sometimes use a different format, in which the DER data is base64-encoded (raw base64, not PEM), and then the base64 text is written to the file encoded in either ASCII or UTF-16.
Identification
PEM-formatted files have a line that reads "-----BEGIN PKCS7-----
" or "-----BEGIN PKCS #7 SIGNED DATA-----
".
Reportedly, the line "-----BEGIN CERTIFICATE-----
" has sometimes been used instead, though this could cause it to be confused with PEM encoded certificate format.
Examples
To view the contents of a PEM-formatted PKCS7 certificate, using OpenSSL:
openssl pkcs7 -noout -text -print_certs -in example.p7b
To view the contents of a DER-formatted PKCS7 certificate:
openssl pkcs7 -inform der -noout -text -print_certs -in example.p7b
Software
Links
- RFC 2315: PKCS #7: Cryptographic Message Syntax
- Wikipedia: PKCS