multiple DER formatted export

Joseph Oreste Bruni jbruni at
Tue Mar 17 05:20:23 CET 2009

On Mar 16, 2009, at 6:49 PM, Stefan Caunter wrote:

> Apologies for this not being specific to the gnupg list, but could I
> possibly ask if anyone knows if it was ever possible to export
> multiple certs in DER format?
> In Werner states that
> there is no standard for doing so.
> I am sure I used to do this with Windows Internet Explorer 5.x, but
> Windows Certificate Store will no longer export all certs as a .crt
> DER file, only a single cert as cert.der. Firefox as well. OpenSSL
> does not convert pkcs7 bundles to PEM for use on a unix system.
> Apple keychain gives me them all as a usable PEM that I can run
> c_rehash on, but this is not surprising. I'm rewriting
> and want to recommend more
> than one way to pull a commercially available cert bundle for
> non-commercial software.
> Stefan Caunter

I doubt that you were able to export certificates directly in DER  
format in Windows without having them in some sort of container format  
such as PKCS#12. That is, with more than one certificate per file. PEM  
is actually just DER encoded in Base64 and bracketed with BEGIN and  
END delimiters. This is why you can have more than one object in a PEM  

PKCS#12 also support more than one object per file and it has been the  
standard way of transporting certs in Windows. The file extensions  
would be either .PFX or .P12.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2557 bytes
Desc: not available
URL: </pipermail/attachments/20090316/1fb269c0/attachment.bin>

More information about the Gnupg-users mailing list