multiple DER formatted export
Joseph Oreste Bruni
jbruni at me.com
Tue Mar 17 05:20:23 CET 2009
On Mar 16, 2009, at 6:49 PM, Stefan Caunter wrote:
> Apologies for this not being specific to the gnupg list, but could I
> possibly ask if anyone knows if it was ever possible to export
> multiple certs in DER format?
>
> In http://www.intevation.de/roundup/aegypten/msg433 Werner states that
> there is no standard for doing so.
>
> I am sure I used to do this with Windows Internet Explorer 5.x, but
> Windows Certificate Store will no longer export all certs as a .crt
> DER file, only a single cert as cert.der. Firefox as well. OpenSSL
> does not convert pkcs7 bundles to PEM for use on a unix system.
>
> Apple keychain gives me them all as a usable PEM that I can run
> c_rehash on, but this is not surprising. I'm rewriting
> http://lynx.isc.org/current/README.sslcerts and want to recommend more
> than one way to pull a commercially available cert bundle for
> non-commercial software.
>
> Stefan Caunter
> http://caunter.ca/contact.html
I doubt that you were able to export certificates directly in DER
format in Windows without having them in some sort of container format
such as PKCS#12. That is, with more than one certificate per file. PEM
is actually just DER encoded in Base64 and bracketed with BEGIN and
END delimiters. This is why you can have more than one object in a PEM
file.
PKCS#12 also support more than one object per file and it has been the
standard way of transporting certs in Windows. The file extensions
would be either .PFX or .P12.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2557 bytes
Desc: not available
URL: </pipermail/attachments/20090316/1fb269c0/attachment.bin>
More information about the Gnupg-users
mailing list