***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/syp-implementation/blob/main/README.md) >

## CompTIA Security+ - Course Material 2022
###### Topic: ``Certificate Formats``
***

Course material for the ``CompTIA Security+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Certificate Formats](#a) <br/><br/>

- [Distinguished Encoding Rules](#b) <br/><br/>
    - [``DER``](#b) <br/><br/>
- [Privacy-Enchanced Mail](#c) <br/><br/>
    - [``PEM``](#c) <br/><br/>
- [Public Key Cryptography Standards #12](#d) <br/><br/>
    - [``PKCS #12``](#d) <br/><br/>
- [Certificate Format](#e) <br/><br/>
    - [``CER``](#e) <br/><br/>
- [Public Key Cryptography Standard #7](#f) <br/><br/>
    - [``PKCS #7``](#f) 
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Certificate Formats
***

The standard used when we are working with digital certificates is called the X.509 standard. It’s a standard format for these digital certificates and allows us to move these certs between different systems and have all of those different systems understand what’s inside of these digital certificates.

There are different ways to transfer these certs however and there are many different file formats that you might find when moving from one system to another, fortunately, there are applications like ``OpenSSL`` that can read different formats or even convert between different formats if we need to.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### Distinguished Encoding Rules - ``DER`` - [Designed to Transfer Syntax for Data Structures] - [Binary Format - Not Human-readable] - [Common Format - Java]
***

One of these formats is the DER format or Distinguished Encoding Rules format - this is a set of rules that allows us to encode many different kinds of data but it’s especially useful for these X.509 certificates. 

It is a binary format, which means that we can’t bring it up in a text editor and read anything that might be in there but it is a very common format that you’ll see when you’re deploying things for applications using Java.

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### Privacy-Enchanced Mail - ``PEM`` - [Base-64 Encoded DER Certificate] - [ASCII Format]
***

One of the challenges with sending a binary file over email is that some email systems might modify the attachment. 

One of the ways that you can prevent this is to encode that binary in base-64 format - this means that it will be something that is readable in an email and you can transfer it simply as text between one device and another.

![image.png](attachment:image.png)

This means that you now have that DER formatted certificate in an ASCII form that you can easily send through email - if you’re trying to transfer information from one place to another, this might be a very easy way to do that. 

This is supported across many different platforms and it’s a very standard way to send certificates from one machine to another. The above is all letters and numbers, which makes it very easy to email and it won’t be modified by the email system and it’s something that you can look at and see exactly when the certificate begins, the certificate information and you’ll know exactly where the end of the certificate might be.

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### Public Key Cryptography Standards #12 - ``PKCS #12`` - [Personal Information Exchange Syntax Standard] - [Container Format for many Certificates] - [Extended from Microsofts .pfx Format]
***

If you need to transfer multiple certificates at one time you might want to use PKCS #12 - this is the public key cryptography standards number 12 - this is a standard that was created by RSA Security and it is now a standard that you’ll find as an RFC.

This is a container format, so you have a standard format that you can put many certificates inside - this is usually sent as ``.P12`` or ``.PFX`` file and we might commonly use this to transfer a private and public key pair within the same container. 

This also supports the ability to password protect this, which is especially important if you’re transferring a private key.

This is a standard that was extended from a Microsoft format called the ``.pfx`` format or the Personal Information Exchange - these are very similar formats and very often we reference both of these interchangeably.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### Certificate Format - ``CER`` - [Primarily a Windows X.509 File Extension] - [Usually contains a Public Key] - [``.cer``]
***

If managing certificates in the Windows operating system you’re probably using the CER format or the certificate format - this is primarily used in Windows and it does provide flexibility for including binary DER format or the ASCII PEM format. 

This normally contains just the public key because we would probably want to send a private key in a more protected form such as using a password with a ``.pfx`` file. 

If you’re running Windows you’re probably using a lot of these ``.cer`` files and it’s a very common way to import and export certificates in the Windows operating system.

< [Table of Contents](#top) | [References](#references) >
<a id="f"></a>
***
###### Public Key Cryptography Standard #7 - ``PKCS #7`` - [``.p7b``] - [ASCII Format] - [Contains Certificates and Chain Certificates] - [Wide Platform Support]
***

Another certificate type you might find is PKCS number 7 - this is the public key cryptography standards number seven and you’ll commonly see this sent as ``.p7b`` file. 

Like the PEM format, the PKCS number 7 format is also an ASCII file that can be read and easily transferred over email.

It’s common to send certificates and chain certificates using this format but we don’t commonly use private keys in ``.p7b`` file - this is a format that you’ll find support for in Windows, in Java Tomcat and many other operating systems and applications as well.

![image.png](attachment:image.png)

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

J. "Professor" Messer, "CompTIA Security+ (SY0-601) Course Notes," [professormesser.com](https://web.archive.org/web/20220521181010/https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/), September 2021.

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK