PEM, if I remember correctly is the Base64 encoding of the ASN.1 representation of the string (I'm to lazy to go look this up for sure). The is done solely so it can be handled as text. You could use Base32, Hex (Base16), or uuencode, but Base64 is the accepted format in most cases. When a message or key material is Base64 encoded a simple header and footer is included to delineate the data from the rest of the text surrounding it (as in an email). Just cut the string at those points and move forward.
Hopefully, this is helpful. Or at least not as confusing as X.509. :-)
73,
Shawn[EMAIL PROTECTED] wrote:
Thank you for such a clear answer.
The only point that is still not very clear in my mind is the PEM / DER conversion. The OpenSSL doc says about certificates conversion "The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines added", which is what I thought I could do with keys. Does it mean it is true for entire certificate files but not for simple keys ?
Regards,
Cedric
-----Message d'origine----- De: Shawn Masters [mailto:[EMAIL PROTECTED] Date: vendredi 1 ao�t 2003 14:17 �: [EMAIL PROTECTED] Objet: Re: Key file and certificates
Yes, you are wrong. :-) This seems to be the biggest hurdle for
people to actually use PK. The keys are in general a collection of Integers. Some of these are extremely large and can only be handled easily in binary form. Now the way that these encoded depends heavily on some choices made (Endianess, length encoding, etc.).
I believe all of the formats you have listed use ASN.1 coding. This
is often referred to as the binary version of XML by the younger crowd, but it is much more powerful IMHO (also much older). It defines unambiguous ways of encoding things like Integers, and forming collections of them for things like keys.
You can find everything you need to understand this at the RSA lab
site where they have documents on the different formats and a starter guide on ASN.1. Then Wei has given you a very powerful/versatile set of tools to work with these formats. Some of them already have code for handling, but the rest shouldn't be very hard to conjure up. In general, once you understand the basic format and how crypto++ offers fundamental tools you should be able to read most of those formats in just a handful of lines of code.
If you want something that already has most of the higher level functions done for you, look at OpenSSL.
73, Shawn
[EMAIL PROTECTED] wrote:
Hi, me again
I would to know which key file and certificates formats are supported by CryptoPP, amoung PKCS12, PKCS7, PEM, CER, and all their little friends. Searching through the ML archive did not really answer me.
Two particular questions : 1. Am I wrong if I consider I can create a PEM file just by
Base64-encoding
a key generated by RSAES_OAEP_SHA_Decryptor::DEREncode, and then adding correct header and footer ?
2. I am particularly interested in using PKCS12 (.PFX) files ; in case it
is
not supported, are there available implementations that could be used with CryptoPP ?
Regards,
