PEM格式
PEM,即Privacy Enhanced Mail,直译为保密邮件,是一种数字证书、私钥、公钥等的文本表示格式。
想对应的,DER,即Distinguished Encoding Rules,可分辨编码规则,是一种是一种数字证书、私钥、公钥等二进制表示格式。
PEM包含DER格式内容,也可以说是证书/私钥/公钥DER格式的按Bas64编码后,并添加标识的文本内容。
DER = 证书/私钥/公钥 按ASN.1编码 --> 转二进制
PEM = 标识头(---BEGIN XXX---) + DER格式 按Base64编码转文本(按长度64换行) + 标识尾(---END XXX---)
PEM格式于DER格式的关系如下图。
除了明显PEM格式文件的扩展名通常是
.pem,.cer,.crt,.key等多种;
DER格式文件扩展名通常为.der,也可以是.cer,.crt等,主要通过文件内容格式判断(是否文本格式,是否有PEM标识)是PEM还是DER格式。
常见PEM格式示例
PEM格式X.509证书
PEM格式X.509证书:
-----BEGIN CERTIFICATE-----
MIICeDCCAh6gAwIBAgIDCQiGMAoGCCqGSM49BAMCMIGKMQswCQYDVQQGEwJDTjEQ
MA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEfMB0GA1UEChMWd3gt
b3JnMS5jaGFpbm1ha2VyLm9yZzESMBAGA1UECxMJcm9vdC1jZXJ0MSIwIAYDVQQD
ExljYS53eC1vcmcxLmNoYWlubWFrZXIub3JnMB4XDTIyMDYxMDA3MTczNloXDTI3
MDYwOTA3MTczNlowgZExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAw
DgYDVQQHEwdCZWlqaW5nMR8wHQYDVQQKExZ3eC1vcmcxLmNoYWlubWFrZXIub3Jn
MQ8wDQYDVQQLEwZjbGllbnQxLDAqBgNVBAMTI2NsaWVudDEuc2lnbi53eC1vcmcx
LmNoYWlubWFrZXIub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKQK43j7b
gR5l7w6lksM39GPKouVG1APdU2dRSElnGleAwSE6462wcCec/z/X9oLltEH+N7J+
PU6QqNlfdBhdHaNqMGgwDgYDVR0PAQH/BAQDAgbAMCkGA1UdDgQiBCAQI/im5dGN
IruXfy+9prPBpczEAv2pS33Sgf+XZdr8azArBgNVHSMEJDAigCBRi9kSGe5qMbTj
pim5j+50x7ezC5oDQVzXHSLlNIF6czAKBggqhkjOPQQDAgNIADBFAiEApxk8gCH0
uvnkjjO+uI80fWUBmHIkJ2GRIUD1tvyf0FACIDhPPc0j2DjsAg61hlD5682/jwqV
ne776zZIIkR4uZ2r
-----END CERTIFICATE-----
RSA私钥
PEM格式RSA私钥-PKCS#1格式-无加密
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA57b1SHQKXl47qa/35WaX3UNI/UTBIPxcJjJIW84hYBOMDWGw
BQHE1n+l+b9FctQXRIpB/DBPasRvg8YfUSN05Rexv3/s+Z/nIXXlVaatwBV+tCb9
7iqKurYJpMuxJmOhe68ENgFGZkUfAMvByHfPVfzKg2y8gZmsxyfPnZ0dPZpm/xSz
dceNI49iWLFvCARkKEjuO0rjL8tqk3cxY5uTDSov68UEbyhQOYTodLlByY9uwzQO
F74TUWV7ZiEfDoFwaiJi7Q+60wQm9oPS/XeoE97IfA9tEKe7kKmBQZxoI8vyStPU
Q1WEFn+wtcB67pS9dEpTRWBgmQYtLtkq4lcHRQIDAQABAoIBAQCcJrKzaefW4oAo
gTp4sKOk64QTkbLozMg4wWf73jSlr2aRWgSpyyBgQNOUM67UjFNF0DpZfiD23Xwc
/HX8Uv2iqU4StF35dyXmabHr/5BVwuaI90Hmr2qgGq7zDIXMThXz6OTYlBFiODCF
c8qakwr5cory+GMsn2hNKeoC2G9tJAirf+5Bj5xDx5JTwtggUr5NUR37fyeAa2Wh
atqY5cb2k3MEqr6p1zZZ5GLNADvgzXWK+XeDNA/x8AqwHM6ETpljwBd8Rx5EHwjd
6tj7K1oBW43s5lMBe4K0cOgLAGpK48Ck0DZ++8CovqQSQUe7OsIY1MX5ZSrwpKuh
vyjiDMehAoGBAP7rtxozJkhXP899UZsB9q5QuRMLTZruFNFEgjRRsEc+Qr6O25qf
cEzE3yO2EpAmSMS570eK596SvjO6Jd1GM/e/AUnGlOJ3fEOt58ICNWV9V3RdhFwi
Nmmqj3yXhiSsQU695+1NwFViajaXTDjXP/LskJP2hLpolIrkwOanKryZAoGBAOiy
F4zP/RdbhM1CjkyJXHaG8Uru/jimOuKSHhpHnANeNQrMylM4IYH33/GFIIS7hsJg
9ohH5XMnslp1CjbEvjDXuurJx5TFBMFCPy3LppQDKZBLnWyNGBsSDu6/oq+/ozIA
KVTEGlQvqZDQCaxXwvxHFB1w+xlHXAdsY0TVL7+NAoGAVXwEHeQTLWUcv969c+aX
q2LkfU9oCdFW58o6g4L1Qx7M0Qwk9lgLF6NZVKdk2DQOaPIVHH+nO8snvz7oHajC
Go1RyESwfrUk1alGs5d8AnmizyHhFehfKNYKYfSKBlhBWj9yu/A71CY5ie74n4MH
LdZIsWWUotIZJe6KBY7/VNkCgYEAscHaW6dHH+C5wlNlgPItwB21lhib+4qA0TPt
6wVpGOmOe4GVzZzDfBVu7YFVJhBbEYIg0lqZ3S4mARQHiW8iGw2xrEoYPH2E9F03
BjTcO5Vu2tvollPyZjuVTKz4CmnKsReOe0KTGlyOnCFQQmeIfE+P/i2go97vXnxe
GOcCYsECgYEAhB0srmyo49HErxPBzVKN1bVz1GczVtUUVx0tJLhvdM43vTZeXMnl
EstwZWXf3UB5FRsmHSZoBhRmkNzFQ54pM/hlGaGrirgYowMfe5j0Zd0jZBQqpApW
YET1/PeQXaF1V9k8wmmZHuLdgo8tw90x0GVCcmxs3UHlGsEJ0ggnCOk=
-----END RSA PRIVATE KEY-----
PEM格式RSA私钥-PKCS#1格式-加密(密码b'123456')
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,D83C87E7C883DBC9A86058511585F8D1
E0mNN1sAM/uN4jG1TSaxn4gUqaazMXEGB7z0wNNAOKa2VcLJF3HOYg/psZv7xsr3
0b4Au1t1hfxU9Zlzx/Pd1kKdVX7Ex6PohU7Jmldn3p6R9SPqAZOz1S3YPTqPfjqQ
VcbCUW1SHdc9OhmanKxhpQUM3kZ7Q0sC37aIoY+mESiKA/oUKbZ3n72gYeZ96+13
oWQK7ewG+nYHD+xz7InWcf7qA02H9rHbREsvhJ75mWA8w7Lg7lDflFI0nS4eaOkU
uf8rym1+x9F4Yno7acfvkhQanWcHjLl4QoEhADMflfNb9KxkRahaiIzDMrROYeN1
1m9XiDfxYkcmeeR2IKKsTVYZwODoDvVFrB1gmWIpHbuDZms/6lj/SDHAxVRlp0iJ
GA4yiT8HYXjpRoIwp7pAq9nFMMWpK09NKUKijUWF/pgs6YEjrAqRPKZhsih6aw9v
5Jci0kj/02QxYCocM15pzuF6eE+gHthCfNDMU0H5MPZNT5iZUBAxyj0ZPJW6RmVi
R1vde1RRHCy4QRHM62KUMeoNQ4FRhyUK7MuuQLP7FmWHsVIAw/tRsmXT5ss2eNUS
qmWQODdgkvnGrEpxjSqPrwYhRDewB1nmiTJMt+Upe5wBCPzX8YKgJqkMB3/cEeEE
u6lJ+tFNcfXbhRfCqTLG/VgQtxSNwQ6+hYzEaspk984G1stRwsuR6O056N4SyEOJ
fddE/ouue6vlcJtRTZqB8vvbJ7VFIciOpvyUF7JwImj4MZJQ2v0/CEQAAaRC9CNr
tLQbLd/3IN/PqOV9+H6y86hLcKUMl4grEQ1RrOfaRrVWV8siMkAGS5W8zvSIhwgn
28+MWwPI2/vU0NZLcgQyDD/pa1ElwyFRRZ8Mr89jB3B2eMuhsZ3X7UEkH11MHT+7
OIhOJc+B/3nMv0rablYPhO3HBkNBG4IjyanSufCTZusWhg48Vz7V4E35YPCQKJnr
l8rcwklNTfD18F2SOIHU3/qalRoVUWX8m6pvE4xjMHlrNOEOVzI3M3XWyjsCT6i2
vd/kanLcApkAvluy7sfjJzUIsr/GsHP2K01U+b1a0Oj2FxnQT1T7orCt/pl7lNS1
NecJ1/Ipob+7q3DGZymVJRd+TbabKfs5NHJmzYTwI4jYy5bgq+tjLXgwKzPPfzuH
bQKX6aRVYxx50RHeo50Tb3ngigShpzwD1W8gcPmsqJjLYxe/JsgE46tErTXueB8T
MeyqYzcGmwimBazVl218OgbfkP+OV0P8LFCUL334UEiiGx9epznuEbOvDp9Qi4DL
bloMZ5WtS8qm57OYWhamQG8XEyUp51P2n4f5o3m/42TQSiF9rPazP7oayHijuFR1
xEaVe2yoRezsigugTlApZzJ4VF9iTpSrbsvH/77qduX200YDGRnYBMw1fVNvECtN
MrT4vaXwKX/B9c7DN0sI/e2ODTsbYaHN8Oiu/d4Im2lf6CGgQUpW4UbgYtBxHRVt
FiehmIcq8qOfrL/gpTE+xwdp0Jc8kUnZm6BsAAjGs9reL34x6OKsLD550cXAyf6e
he4xqohX0kSXnV4pF5F18WVVfCmKoCzxr8decM8GYVK3uSNAWDrzlx2UXhUo0yga
-----END RSA PRIVATE KEY-----
EC(椭圆曲线)私钥
PEM格式EC(椭圆曲线)私钥-PKCS#1格式-无加密
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILb9XVRPCaPgtmBLTfusYmTDBzACWEIMP7G47ttUSgcZoAoGCCqGSM49
AwEHoUQDQgAEIL5WxHjk/yCczEPlMxcLSSYqsOs4uhGzlq0FQnIx4uJrvDaIq6ht
+tdT2VAnfDTNbyhkJWWfCCpe9meVIQj6hQ==
-----END EC PRIVATE KEY-----
PEM格式EC(椭圆曲线)私钥-PKCS#1格式-加密(密码b'123456')
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,4E0066D4A2184696A17C26228EC877BC
IqonndTo2J7Av5vqR7N9JaM/P+WLN+eKWFRC9MFfv924c+AVvA1ZuPpGE3VVQn9t
KEZQt/kMW3DFaSaqZDR6rNXsjDp0INohCrEzTqRp0Zt8B5zDv0zQ8pRPHJI9E2vz
LwpTV3ANTiFvKPL+R8cscE2VknDoBgxBocJ7m0vJ2ng=
-----END EC PRIVATE KEY-----
PEM格式EC(椭圆曲线)私钥-PKCS#8格式-无加密
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtv1dVE8Jo+C2YEtN
+6xiZMMHMAJYQgw/sbju21RKBxmhRANCAAQgvlbEeOT/IJzMQ+UzFwtJJiqw6zi6
EbOWrQVCcjHi4mu8NoirqG3611PZUCd8NM1vKGQlZZ8IKl72Z5UhCPqF
-----END PRIVATE KEY-----
PEM格式EC(椭圆曲线)私钥-PKCS#8格式-加密(密码b'123456')
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIH0MF8GCSqGSIb3DQEFDTBSMDEGCSqGSIb3DQEFDDAkBBBRZfYgbzli9lpBCQb1
kCHnAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQHEyPD6t4f90hzYVJ
e5gKZASBkMw3IUycIsSHk2NBBM5+cg/B8/u6u66CUtJW9joWCXOo3d3B4TPsT3Bv
O59DWGiIV68UAZYPwx32a2p0vkVOR+ASRaCKBLEgc+Ok16AMsYqV0L1pvzK/torO
WCclp+7i3CQdDCZhoidcJRgAnndveQCub1C1OishpY9XcmsjQSsrkzXM70iOyB2F
wPKBWH5DUw==
-----END ENCRYPTED PRIVATE KEY-----