preface
Der extensions
DER is an encoding method that can itself represent any type of data, but is commonly used to encode certificates. The structure of the certificate is described using ASN.1 (a data description language). Both BER and DER are binary encoding methods.
The pem extensions
PEM is a way to encode binary data as a string. It contains header and footer, which specify the start and end of data, with base64 data in between. If the data is a certificate, the DER certificate is simply encoded. PEM stands for Privacy Enhanced Mail; PEM format is as follows:
-----BEGIN <whatever>-----
data
-----END <whatever>----
Copy the code
Whatever can be private keys, public keys, X509 certificates, for example
-----BEGIN CERTIFICATE-----
... base 64 encoding of the DER encoded certificate
with line endings and padding with equals signs ...
-----END CERTIFICATE-----
Copy the code
-----BEGIN PRIVATE KEY-----
base 64 encoding of the private key
-----END PRIVATE KEY-----
Copy the code
A PEM file may also contain a complete certificate chain, starting with a leaf/ending certificate service, followed by the certificate that signed it, usually up to the root certificate (which is not usually included). So if the certificate is missing, you will also check the first certificate first.
Cer extensions
Cer is a certificate. It is usually in DER encoding format, but Windows also accepts PEM format.
With practice
To take a look at the exported certificate, click the security lock in the browser address bar -> Certificates —-> Details -> Copy to file
conclusion
- DER is an encoding method, usually used to encode the contents of a certificate, which is called binary.
- A PEM has a header, data, and tail. Usually, the header and tail indicate the data subject. The data is base64; Pem stores public keys, private keys, certificates, and a complete certificate chain.
- Cer is a certificate, usually in DER format.
What are the differences between .pem, .cer and .der?
Does .pem file contain both private and public keys?