Where is the PEM file format specified?

by

For quite a long time, there was no formal specification of the PEM format with regards to cryptographic exchange of information. PEM is the textual encoding, but what is actually being encoded depends on the context. In April 2015, the IETF approved RFC 7468, which finally documents how various implementations exchange data using PEM textual encoding. The following list, taken directly from the RFC, describes the PEM format used for the following scenarios:

  1. Certificates, Certificate Revocation Lists (CRLs), and Subject
    Public Key Info structures in the Internet X.509 Public Key
    Infrastructure Certificate and Certificate Revocation List (CRL)
    Profile [RFC5280].
  2. PKCS #10: Certification Request Syntax [RFC2986].
  3. PKCS #7: Cryptographic Message Syntax [RFC2315].
  4. Cryptographic Message Syntax [RFC5652].
  5. PKCS #8: Private-Key Information Syntax [RFC5208], renamed to One
    Asymmetric Key in Asymmetric Key Package [RFC5958], and Encrypted
    Private-Key Information Syntax in the same documents.
  6. Attribute Certificates in An Internet Attribute Certificate
    Profile for Authorization [RFC5755].

According to this RFC, for the above scenarios you can expect the following labels to be within the BEGIN header and END footer. Figure 4 of the RFC has more detail, including corresponding ASN.1 types.

That’s not the full story, though. The RFC was written by looking at existing implementations and documenting what they did. The RFC wasn’t written first, nor was it written based on some existing authoritative documentation. So if you end up in a situation where you want to inter-operate with some implementation, you may have to look into the implementation’s source code to figure out what they support.

For example, OpenSSL defines these BEGIN and END markers in crypto/pem/pem.h. Here is an excerpt from the header file with all the BEGIN and END labels that they support.

# define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
# define PEM_STRING_X509         "CERTIFICATE"
# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
# define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
# define PEM_STRING_X509_CRL     "X509 CRL"
# define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
# define PEM_STRING_PUBLIC       "PUBLIC KEY"
# define PEM_STRING_RSA          "RSA PRIVATE KEY"
# define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
# define PEM_STRING_DSA          "DSA PRIVATE KEY"
# define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
# define PEM_STRING_PKCS7        "PKCS7"
# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
# define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
# define PEM_STRING_PKCS8INF     "PRIVATE KEY"
# define PEM_STRING_DHPARAMS     "DH PARAMETERS"
# define PEM_STRING_DHXPARAMS    "X9.42 DH PARAMETERS"
# define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
# define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
# define PEM_STRING_PARAMETERS   "PARAMETERS"
# define PEM_STRING_CMS          "CMS"

These labels are a start, but you still have to look into how the implementation encodes the data between the labels. There’s not one correct answer for everything.

More Related Contents:

  1. Fundamental difference between Hashing and Encryption algorithms
  2. Is “double hashing” a password less secure than just hashing it once?
  3. Using openssl to get the certificate from a server
  4. Non-random salt for password hashes
  5. Where do you store your salt strings?
  6. Why is using a Non-Random IV with CBC Mode a vulnerability?
  7. How are software license keys generated?
  8. How to properly do private key management
  9. Convert .pfx to .cer
  10. What is the most secure seed for random number generation?
  11. SSL Error: unable to get local issuer certificate
  12. RSA signature size?
  13. How can I hash passwords in postgresql?
  14. What is the clash rate for md5? [closed]
  15. What is token-based authentication?
  16. Are HTTPS headers encrypted?
  17. How can I sign a file using RSA and SHA256 with .NET?
  18. Java equivalent of an OpenSSL AES CBC encryption
  19. How secure is a HTTP POST?
  20. Payment Processors – What do I need to know if I want to accept credit cards on my website? [closed]
  21. Declaring Spring Bean in Parent Context vs Child Context
  22. Is it secure to submit from a HTTP form to HTTPS?
  23. How to prevent arbitrary client apps from using anonymous web API?
  24. Is HTTP header Referer sent when going to a http page from a https page?
  25. What is the appropriate way to manage API secrets within a Google Apps script?
  26. SSO with CAS or OAuth?
  27. Best practices for server-side handling of JWT tokens [closed]
  28. How do I secure REST API calls?
  29. What are best practices for securing the admin section of a website? [closed]
  30. Has Hardware Lock Elision gone forever due to Spectre Mitigation?

Leave a Comment