Privacy-Enhanced Mail: Difference between revisions
Content deleted Content added
tidy up ref |
Fernaodias (talk | contribs) m Turned paragraph into "Examples" subsection. |
||
| (30 intermediate revisions by 25 users not shown) | |||
| Line 1: | Line 1: | ||
{{short description|Family of file formats associated with RFC 1421}} |
|||
{{Security protocol}} |
{{Security protocol}} |
||
'''Privacy-Enhanced Mail''' ('''PEM''') is a [[de facto]] file format for storing and sending cryptographic [[Key (cryptography)|keys]], [[Public key certificate|certificates]], and other data, based on a set of 1993 [[Internet Engineering Task Force|IETF]] standards defining "privacy-enhanced mail." While the original standards were never broadly adopted |
'''Privacy-Enhanced Mail''' ('''PEM''') is a [[de facto]] file format for storing and sending cryptographic [[Key (cryptography)|keys]], [[Public key certificate|certificates]], and other data, based on a set of 1993 [[Internet Engineering Task Force|IETF]] standards defining "privacy-enhanced mail." While the original standards were never broadly adopted and were supplanted by [[Pretty Good Privacy|PGP]] and [[S/MIME]], the textual encoding they defined became very popular. The PEM format was eventually formalized by the IETF in [[rfc:7468|RFC 7468]].<ref>{{cite journal |last=Johnson |first=Mike |date=1995-10-01 |title=Cryptology in Cyberspace |journal=Cryptologia |volume=19 |issue=4 |pages=392–396 |doi=10.1080/0161-119591884042 |issn=0161-1194 |s2cid=41770450}}</ref> |
||
==Format== |
|||
Many cryptography standards use [[Abstract Syntax Notation One|ASN.1]] to define their data structures, and [[X.690#DER encoding|Distinguished Encoding Rules]] (DER) to serialize those structures.<ref>{{Cite IETF|rfc=7468|section=1|title=Textual Encodings of PKIX, PKCS, and CMS Structures|last=Sean|first=Leonard|last2=Simon|first2=Josefsson|date=April 2015||language=en|access-date=2017-03-06}}</ref> Because DER produces [[Binary file|binary]] output, it can be challenging to transmit the resulting files through systems, like electronic mail, that only support ASCII |
Many cryptography standards use [[Abstract Syntax Notation One|ASN.1]] to define their data structures, and [[X.690#DER encoding|Distinguished Encoding Rules]] (DER) to serialize those structures.<ref>{{Cite IETF|rfc=7468|section=1|title=Textual Encodings of PKIX, PKCS, and CMS Structures|last=Sean|first=Leonard|last2=Simon|first2=Josefsson|date=April 2015||language=en|access-date=2017-03-06}}</ref> Because DER produces [[Binary file|binary]] output, it can be challenging to transmit the resulting files through systems, like electronic mail, that only support ASCII. |
||
The PEM format solves this problem by encoding the binary data using [[Base64encoded|base64]]. PEM also defines a one-line header, consisting of {{code|-----BEGIN }}, a label, and {{code|-----}}, and a one-line footer, consisting of {{code|-----END }}, a label, and {{code|-----}}. The label determines the type of message encoded. Common labels include {{code|CERTIFICATE}}, {{code|CERTIFICATE REQUEST}}, {{code|PRIVATE KEY}} and {{code|X509 CRL}}. |
|||
| ⚫ | PEM data is commonly stored in files with a ".pem" suffix, a ".cer" or ".crt" suffix (for certificates), or a ".key" suffix (for public or private keys).<ref>{{Cite web|url= |
||
<syntaxhighlight lang="pem"> |
|||
A PEM file may contain multiple instances. For instance, an operating system might provide a file containing a list of trusted [[CA certificate]]s, or a web server might be configured with a "chain" file containing an end-entity certificate plus a list of intermediate certificates. |
|||
| ⚫ | |||
-----END PRIVATE KEY----- |
|||
| ⚫ | |||
</syntaxhighlight> |
|||
A PEM-encoded certificate: |
|||
| ⚫ | |||
| ⚫ | PEM data is commonly stored in files with a ".pem" suffix, a ".cer" or ".crt" suffix (for certificates), or a ".key" suffix (for public or private keys).<ref>{{Cite web|url=http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/|title=DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them|website=www.gtopia.org|archive-url=https://web.archive.org/web/20190804070022/http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/|access-date=2020-02-04|archive-date=2019-08-04}}</ref> The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a ".pem" file. In particular PEM refers to the header and base64 wrapper for a binary format contained within, but does not specify any type or format for the binary data, so that a PEM file may contain "almost anything base64 encoded and wrapped with BEGIN and END lines".<ref>{{Cite web|url=https://stackoverflow.com/questions/5355046/where-is-the-pem-file-format-specified|title=Where is the PEM file format specified?}}</ref> |
||
MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G |
|||
A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y |
|||
| ⚫ | |||
aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 |
|||
* An operating system might provide a PEM file containing a list of trusted [[CA certificate]]s, each of which in its own BEGIN/END sections; |
|||
ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw |
|||
* A web server might be configured with a "chain" file containing an end-entity certificate plus a list of intermediate certificates, each of which in its own BEGIN/END sections. |
|||
CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy |
|||
dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu |
|||
dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB |
|||
BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X |
|||
uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud |
|||
DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG |
|||
SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA |
|||
l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= |
|||
<nowiki>-----</nowiki>END CERTIFICATE----- |
|||
A PEM-encoded [[rfc:2986|certificate signing request]]: |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIICXTCCAUUCAQAwGDEWMBQGA1UEAwwNaGkgd2lraXBlZGlhITCCASIwDQYJKoZI |
|||
hvcNAQEBBQADggEPADCCAQoCggEBAMTwzCYD+iLlDwTu5Y43aQH9q1LF3kgot8I4 |
|||
9ZgbFhDmCE4YlLhZKO4hieK6z8z+IfZjfapn01rzuzvTHESj5bSSU6AcEsKSOgTQ |
|||
uB+KKn4mgngyBrJwWjr4IZ9XkGsCLAP2/wkyJC2ire6FuTSQ00YGhKf1B3WbIBbn |
|||
5i1rvZXnYxlheWlNSmxx54q4gTwcd/V4nS4BThYA/ypATjHS/gfQ650cOQzRK/Jh |
|||
WfAbfnETYUpD6MCgZAIbaBuYvYpQEGqQ4niTvtSd07RHKnewcPFqJhMV86qN4HQY |
|||
4ZBNzQcF/2aCGHYyRniKznSDNijT2kaAz/L7ORqh+90qH/BLnKsCAwEAAaAAMA0G |
|||
CSqGSIb3DQEBCwUAA4IBAQAqV5g9AZGXEbM97ouTGDJqFNP2QjO9ZK9J3BOUTrFO |
|||
tMUrVWj+ixhC6vXD3o5uVL/fg6OlmK+13gsBpzg2mq72TBrZsNOK4+O0XvltIvSx |
|||
0H5tf1NYwuHxFgHDqgs/fQBOKFTadebJZHbPBtMrqlnenKYJiVb5YSWBZ7JKRCK7 |
|||
VSgwNxxAMnSCNI0xF3EjZ1bjQkM8xGhnwe+n/RAd5Q2pMLIrquMoGMTUYLOq1xSB |
|||
sGTp8iLWbbWPl6gC1hcSMpFsbdyjMCWs+a2R2F8QnahrRfvpgFEndvzA2EvqHIoR |
|||
BHE1ChD7l691PxZP1eKA1I4AzZno5sb6SWyd8+pqY0oG |
|||
<nowiki>-----</nowiki>END CERTIFICATE REQUEST----- |
|||
== Privacy-enhanced mail == |
== Privacy-enhanced mail == |
||
The PEM format was first developed in the privacy-enhanced mail series of [[Request for Comments|RFCs]]: RFC 1421, RFC 1422, RFC 1423, and RFC 1424. These standards assumed prior deployment of a hierarchical [[public key infrastructure]] (PKI) with a single root. Such a PKI was never deployed, due to operational cost and legal liability concerns.{{citation needed|date=May 2017}} These standards were eventually obsoleted by [[Pretty Good Privacy|PGP]] and [[S/MIME]], competing e-mail encryption standards.{{citation needed|date=May 2017}} |
The PEM format was first developed in the privacy-enhanced mail series of [[Request for Comments|RFCs]]: RFC 1421, RFC 1422, RFC 1423, and RFC 1424. These standards assumed prior deployment of a hierarchical [[public key infrastructure]] (PKI) with a single root. Such a PKI was never deployed, due to operational cost and legal liability concerns.{{citation needed|date=May 2017}} These standards were eventually obsoleted by [[Pretty Good Privacy|PGP]] and [[S/MIME]], competing e-mail encryption standards.{{citation needed|date=May 2017}} |
||
== History == |
|||
The initiative to develop Privacy Enhanced Mail began in 1985 on behalf of the PSRG (Privacy and Security Research Group)<ref>{{cite journal |last=Kent |first=S. |date=1993 |title=Internet Privacy Enhanced Mail |journal=Communications of the ACM |volume=36 |issue=8 |pages=48–60 |doi=10.1145/163381.163390 |doi-access=free |s2cid=15759913}}</ref> also known as the Internet Research Task Force. This task force is a subsidiary of the [[Internet Architecture Board]] (IAB) and their efforts have resulted in the Requests for Comment (RFCs) which are suggested Internet guidelines.<ref>{{Cite journal |last=Kent |first=Stephen T. |date=1993-08-01 |title=Internet Privacy Enhanced Mail |url=https://dl.acm.org/doi/10.1145/163381.163390 |journal=Communications of the ACM |volume=36 |issue=8 |pages=48–60 |doi=10.1145/163381.163390 |issn=0001-0782|doi-access=free }}</ref> |
|||
== References == |
== References == |
||
| Line 48: | Line 30: | ||
[[Category:Cryptographic protocols]] |
[[Category:Cryptographic protocols]] |
||
[[Category:Computer file formats]] |
|||
Latest revision as of 12:55, 17 December 2023
| Internet security protocols |
|---|
| Key management |
| Application layer |
| Domain Name System |
| Internet Layer |
Privacy-Enhanced Mail (PEM) is a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail." While the original standards were never broadly adopted and were supplanted by PGP and S/MIME, the textual encoding they defined became very popular. The PEM format was eventually formalized by the IETF in RFC 7468.[1]
Format
[edit]Many cryptography standards use ASN.1 to define their data structures, and Distinguished Encoding Rules (DER) to serialize those structures.[2] Because DER produces binary output, it can be challenging to transmit the resulting files through systems, like electronic mail, that only support ASCII.
The PEM format solves this problem by encoding the binary data using base64. PEM also defines a one-line header, consisting of -----BEGIN, a label, and -----, and a one-line footer, consisting of -----END, a label, and -----. The label determines the type of message encoded. Common labels include CERTIFICATE, CERTIFICATE REQUEST, PRIVATE KEY and X509 CRL.
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
PEM data is commonly stored in files with a ".pem" suffix, a ".cer" or ".crt" suffix (for certificates), or a ".key" suffix (for public or private keys).[3] The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a ".pem" file. In particular PEM refers to the header and base64 wrapper for a binary format contained within, but does not specify any type or format for the binary data, so that a PEM file may contain "almost anything base64 encoded and wrapped with BEGIN and END lines".[4]
Examples
[edit]- An operating system might provide a PEM file containing a list of trusted CA certificates, each of which in its own BEGIN/END sections;
- A web server might be configured with a "chain" file containing an end-entity certificate plus a list of intermediate certificates, each of which in its own BEGIN/END sections.
Privacy-enhanced mail
[edit]The PEM format was first developed in the privacy-enhanced mail series of RFCs: RFC 1421, RFC 1422, RFC 1423, and RFC 1424. These standards assumed prior deployment of a hierarchical public key infrastructure (PKI) with a single root. Such a PKI was never deployed, due to operational cost and legal liability concerns.[citation needed] These standards were eventually obsoleted by PGP and S/MIME, competing e-mail encryption standards.[citation needed]
History
[edit]The initiative to develop Privacy Enhanced Mail began in 1985 on behalf of the PSRG (Privacy and Security Research Group)[5] also known as the Internet Research Task Force. This task force is a subsidiary of the Internet Architecture Board (IAB) and their efforts have resulted in the Requests for Comment (RFCs) which are suggested Internet guidelines.[6]
References
[edit]- ^ Johnson, Mike (1995-10-01). "Cryptology in Cyberspace". Cryptologia. 19 (4): 392–396. doi:10.1080/0161-119591884042. ISSN 0161-1194. S2CID 41770450.
- ^ Sean, Leonard; Simon, Josefsson (April 2015). Textual Encodings of PKIX, PKCS, and CMS Structures. sec. 1. doi:10.17487/RFC7468. RFC 7468. Retrieved 2017-03-06.
- ^ "DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them". www.gtopia.org. Archived from the original on 2019-08-04. Retrieved 2020-02-04.
- ^ "Where is the PEM file format specified?".
- ^ Kent, S. (1993). "Internet Privacy Enhanced Mail". Communications of the ACM. 36 (8): 48–60. doi:10.1145/163381.163390. S2CID 15759913.
- ^ Kent, Stephen T. (1993-08-01). "Internet Privacy Enhanced Mail". Communications of the ACM. 36 (8): 48–60. doi:10.1145/163381.163390. ISSN 0001-0782.