Geek asks and answers

What are the different types of certificates, formats in cryptography

We are adding server certificate confirmation to the SSL handshake for one of our customers. Being very new to cryptography and the world of C, I thought that I would first understand my ideas about these things, and then start with implementation.

So, I looked for a lot of views mainly on the concept of certificates, but I could not better understand my concepts. Actually this added more confusion. :)

Here are some things that I almost don't understand: 1. What is the base64 format? Is it the same as DER? 2. Does the PEM file always contain base64 content? 3. What is the format used by the Windows certificate store? Is it binary?

Can someone please help me here. It would be very grateful if these things were cleared for me.

+5
source share
1 answer

The structure of the X.509 certificate is determined using ASN.1 . Here is an excerpt from defining the general structure of an X.509 certificate :

Certificate  ::=  SEQUENCE  {
    tbsCertificate       TBSCertificate,
    signatureAlgorithm   AlgorithmIdentifier,
    signatureValue       BIT STRING  }

TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    extensions      [3]  EXPLICIT Extensions OPTIONAL
                         -- If present, version MUST be v3
    }

The value A Certificate(with filled values) is encoded using the Base64 format — a common way of encoding binary sequences into text by reducing the set of bytes used to read ASCII characters (so this representation is longer).

The certificate in PEM format is Base64 encoded for DER encoding a certificate with a string return at the end of each 64-character fragment placed between the delimiters:

-----BEGIN CERTIFICATE-----
MIIB2zCCAUSgAwIBAwIBADANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDEw1OZXRn
...
-----END CERTIFICATE-----

PEM, -----BEGIN RSA PRIVATE KEY----- ( END), .

TLS DER.

, Windows , / DER PEM/Base64.

"" - , DER/base64. , SSL/TLS, - X.509. . Internet X.509 (CRL), , , , .

:

, PKI .

+9

More articles:


All Articles