Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Regarding: PKCS7, X509 and DER

Tags:

openssl

I am novice to the "World of cryptography". I started working with OPENSSL. I need some information and basically I do have some doubts. I have a DER format file. I read the file using following command, "openssl x509 -inform DER -in filename.der -text" I got what I supposed to be.

Following things I wanted to know:

  1. What is the difference between PKCS7, DER and X509 ? (My understanding is, DER is format, X509 is certificate, and PKCS7 is the standard)

  2. I wrote a test file which accepts the DER file and outputs the version, serial number, Subject, Validity date before and Validity date after, But I am unable to get certificate verified. Following is the API Used.

    int i = X509_verify(X509 *x509 , X509_get_pubkey(X509 *x509)); But 'i' value is 'i' < 0(zero) This is why I am getting "Signature verification problems". How to overcome this?

  3. In My test file I am unable to read the "Signature Algorithm", "Subject Public Key Info", "X509v3 extensions" and "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"

Please give some inputs.

Thanks in Advance. openSid

like image 647
Sid Avatar asked Dec 17 '22 01:12

Sid

1 Answers

PKCS#7 is a cryptography standard published by RSA Security in 1993 that deals with data that has cryptography applied to it. Its a standard for how to package data securely. PKCS#7 references the X.509 standard, as the source for certificate formatting.

X.509 is a wide ranging security standards document published in 1998 which includes amongst other things, certificate file formats.

X.509 specifies that certificates should be encoded using the Distinguished Encoding Rules of the ASN.1 (documented in the X.208 and now X.608) standard, first published in 1984.

So, DER says how to encode some strings and numeric source data into a binary format, X.509 says which data needs to go into a digital certificate, and PKCS#7 says how that certificate should be used, to digitally sign a message.

Privacy Enhanced Mail - some kind of tool released before OpenSSL - needed to pass PKCS#7 "wrapped" data around in email messages that at the time were exchanged on systems that only supported 7 bit ASCII characters - "PEM" created the standard of using Base64 to encoded the X.509 certificates required by PKCS#7, and storing the base64 inside -----BEGIN ???----- -----END ???----- where ??? can be a RSA PRIVATE KEY, PSA PUBLIC KEY, CERTIFICATE etc.

like image 163
Chris Becke Avatar answered May 03 '23 21:05

Chris Becke
Sign in to Comment

Related questions

heartbleed - Revoke or re-key SSL certificate? [closed]
Testing X509 Certificate Expiry date with C
Is the SSL now obsolete?
EIdOSSLUnderlyingCryptoError Exception
Digital Sign PDF File with PHP and laravel
PBKDF2 implementation in OpenSSL
Boost Asio and OpenSSL 1.1.0
How can we connect with a website? Getting SSL error 1409442E
Convert PFX to PEM with Key INCLUDING INTERMEDIATE certificates
Create RS256 JWT in bash
Apple Sign In "invalid_client", signing JWT for authentication using PHP and openSSL
Mac M1 Homebrew Perl Carton Net::SSLeay is loading libcrypto in an unsafe way
Python RSA Decryption Using OpenSSL Generated Keys
How to Read the certificates file from the PKCS7.p7b certificate file using openssl?
Are OpenSSL byte sequences in little endian or big endian order?
How to update OpenSSL on windows 7?
Linking issues using OpenSSL in Ubuntu
How do I create a self-signed certificate in OpenSSL programatically (i.e., not with the 'openssl' CLI command)?
How to translate pem public key into openssl RSA* structure
ssl_read() in TLS/SSL with TCP stream not returning the whole buffer written by BIO_write()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!