.pem,.cer和.der之间有什么区别? [英] What are the differences between .pem, .cer and .der?
问题描述
.pem , .cer 和 .der ?
What are the differences between .pem, .cer and .der?
据我所知, .cer 包含公钥。是否有任何开放式框架,我可以使用这个公钥来加密我的数据?
As far as I know, .cer contains public key. Are there any open frameworks that I can use to encrypt my data using this public key?
推荐答案
。 pem , .cer 和 .der 是通常包含X.509 v3证书。
.pem, .cer and .der are all file extensions for files that usually contain a X.509 v3 certificate.
DER是对构成证书的数据进行编码的方法。 DER本身可以表示任何类型的数据,但通常它描述编码证书或CMS容器。证书的结构使用ASN.1数据表示语言来描述。 BER和DER是由ASN.1描述的数据的二进制编码方法。
DER is the method of encoding the data that makes up the certificate. DER itself could represent any kind of data, but usually it describes an encoded certificate or a CMS container. The structure of a certificate is described using the ASN.1 data representation language. BER and DER are binary encoding methods for data described by ASN.1.
PEM是一种将二进制数据编码为字符串(ASCII装甲)的方法。它包含一个标题和一个脚注行(指定编码的数据类型,如果数据链接在一起,则显示begin / end),中间的数据是基础64数据。在它编码证书的情况下,它将简单地包含DER证书的基本64编码。 PEM代表隐私增强邮件;邮件不能包含未编码的二进制值,例如DER。
PEM is a method of encoding binary data as a string (ASCII armor). It contains a header and a footer line (specifying the type of data that is encoded and showing begin/end if the data is chained together) and the data in the middle is the base 64 data. In the case that it encodes a certificate it would simply contain the base 64 encoding of the DER certificate. PEM stands for Privacy Enhanced Mail; mail cannot contain unencoded binary values such as DER.
.cer 它通常是DER编码数据,但Windows也可以接受PEM编码数据。您需要查看内容(例如,使用posix系统上的文件实用程序)以查看文件中的内容是100%确定。
.cer just stands for certificate. It is normally DER encoded data, but Windows may also accept PEM encoded data. You need to take a look at the content (e.g. using the file utility on posix systems) to see what is within the file to be 100% sure.
要使用证书中包含的公钥 在证书中),您应该使用解析X.509证书并执行RSA加密的任何库。您可以使用检测/处理PEM编码的工具,或者您可以先通过剥离PEM编码将证书转换为DER。
To use the public key contained in the certificate (and signed by the signature in the certificate) you should use any library that parses X.509 certificates and performs RSA encryption. You could use a tool that detects/handles PEM encoding or you could first convert the certificate to DER by stripping off the PEM encoding.
这篇关于.pem,.cer和.der之间有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
