SSL Toolkit

Common terms

RFC

"Requests for Comments" stands for technical specifications for the Internet. Each new RFC receives a consecutive number and is no longer adjusted. If specifications are revised, a new RFC with a new number is created.

PEM

PEM is the abbreviation for "Privacy-Enhanced Mail" and describes today a file format based on an IETF standard (RFC 7468).

A PEM text is characterized by the following features:

  • The text is enclosed with a header (e.g. -----BEGIN PRIVATE KEY-----) and footer (e.g. -----END PRIVATE KEY-----).
  • The text itself is encoded with BASE64.

The text itself can contain arbitrary content. Many standards use ASN.1 here to structure the content.

CSR

CSR stands for "Certificate Signing Request" and describes a request to a certification authority to issue a digital certificate. The CSR contains the information contained in the subsequent certificate, such as the public key. A CSR is usually in PEM format.

X509

X509 describes an International Telecommunication Union (ITU) standard for creating digital certificates. The standard was later adopted as RFC 5280.

ASN.1

ASN.1 is a description language for defining data structures that can be used across platforms to de/serialize data.

PKCS

PKCS stands for "Public-Key Cryptography Standards" and describes a collection of various specifications on the subject of asymmetric cryptosystems. Some of these specifications were later adopted as RFC.

PKCS8

Describes the ASN.1 structure of private keys in PEM format. The current specification can be found under RFC 5208.

PKCS7

The PKCS7 standard describes, among other things, the ASN.1 structure for storing signed or encrypted data. PKCS7 can be used, for example, to store several certificates in one file. A PKCS7 is usually in PEM format and is enclosed with a header (e.g. -----BEGIN PKCS7-----) and footer (e.g. -----END PKCS7-----). A typical file extension is .pb7 or .pem.

PKCS10

Describes the ASN.1 structure of a Certificate Signing Request (CSR) in PEM format. The current specification can be found under RFC 2986. It's used primarily in public key infrastructure (PKI) systems to request digital certificates, typically X.509 certificates used for various security purposes, like SSL/TLS certificates for secure web communication.

A PKCS #10 certificate request includes information about the entity requesting the certificate, the public key they want in the certificate, and other relevant details. It's often used when an individual or entity needs a certificate issued by a certificate authority (CA), and they submit a PKCS #10 request to the CA, which then processes it and issues the certificate.

PKCS12

PKCS12 defines a file format for storing multiple cryptographic objects in a single file. Typically, in addition to the certificates themselves, a private key is also stored in a PKCS12 file. The certificates and/or the private key can be protected with a password. A common use case is e.g. S/MIME certificates. A typical file extension is .p12 or .pfx. Specification can be found under RFC 7292.