Difference between revisions of "Privacy-Enhanced Mail (.PEM)"

This article is a Draft. Help us to complete it.

pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.^[1]

PEM or DER or PFX

ssh-keygen -m PEM -t rsa -f your_new_rsa_key.pem

Read certificate:

openssl x509 -in certificate.pem -text
keytool -printcert -file certificate.pem

PKCS7 chain in DER format. These files also may be named with a .p7b extension

Related terms

• X.509
• ssh-keygen
• openssl
• .crt (Core FTP)
• .key (Core FTP)
• Let's Encrypt request certificate: certbot certonly
• Nginx ssl_certificate directive

See also

• OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange, /etc/ssl/openssl.cnf, OpenSSL v3
• OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF
• SSH: ssh, TLS, .ppk, .pem, .crt, .pub, ED25519, Key exchange method (KEX), public key, private key, ssh -Q kex, IAMUserSSHKeys, known_hosts, ssh tunnel, Dropbear
• CA, FreeIPA, PKI, OpenCA, Wildcard certificate, certtool, certbot (Let's Encrypt), certinfo (Cloudflare), ACME, Boulder, cfssl (Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN), openssl ca, Self signed certificate, CSR, keytool, ACM, KMS, aws acm, IdenTrust, multirootca, cert-manager