PKCS 7

In cryptography, "PKCS #7: Cryptographic Message Syntax" (a.k.a. "CMS") is a standard syntax for storing signed and/or encrypted data. PKCS #7 is one of the family of standards called Public-Key Cryptography Standards (PKCS) created by RSA Laboratories. The latest version, 1.5, is available as RFC 2315.[1]

PKCS #7
Filename extension
.p7b
Developed byRSA Security
Latest release
1.5
(1 March 1998 (1998-03-01))
Type of formatArchive file format
Container forX.509 public key certificates, X.509 CRLs

An update to PKCS #7 is described in RFC 2630.[2]

PKCS #7 files may be stored both as raw DER format or as PEM format. PEM format is the same as DER format but wrapped inside Base64 encoding and sandwiched in between -----BEGIN PKCS7----- and -----END PKCS7-----. Windows uses the ".p7b" file name extension[3] for both these encodings.

A typical usage of an PKCS #7 file would be to store certificates and/or certificate revocation lists (CRL).

Here's an example of how to first download a certificate, then wrap it inside a PKCS #7 archive and then read from that archive:

$ echo '' | openssl s_client -connect example.org:443 -host example.org 2>/dev/null | openssl x509 > example.org.cer 2>/dev/null

$ openssl crl2pkcs7 -nocrl -certfile example.org.cer -out example.org.cer.pem.p7b

$ openssl pkcs7 -in example.org.cer.pem.p7b -noout -print_certs
subject=C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, OU = Technology, CN = www.example.org issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA

References
  1. RFC 2315 - Public-Key Cryptography Standards (PKCS) #7: Cryptographic Message Syntax Specification Version 1.5, March 1998
  2. RFC 2630 - Cryptographic Message Syntax, June 1999
  3. https://extension.nirsoft.net/p7b
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.