SyntaxFix

[security] What is the difference between a cer, pvk, and pfx file?

What is the difference between a cer, pvk, and pfx file? Also, which files do I keep and which am I expected to give to my counter-parties?

This question is related to security public-key

The answer is

Here are my personal, super-condensed notes, as far as this subject pertains to me currently, for anyone who's interested:

  • Both PKCS12 and PEM can store entire cert chains: public keys, private keys, and root (CA) certs.
  • .pfx == .p12 == "PKCS12"
    • fully encrypted
  • .pem == .cer == .cert == "PEM" (or maybe not... could be binary... see comments...)
    • base-64 (string) encoded X509 cert (binary) with a header and footer
      • base-64 is basically just a string of "A-Za-z0-9+/" used to represent 0-63, 6 bits of binary at a time, in sequence, sometimes with 1 or 2 "=" characters at the very end when there are leftovers ("=" being "filler/junk/ignore/throw away" characters)
      • the header and footer is something like "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" or "-----BEGIN ENCRYPTED PRIVATE KEY-----" and "-----END ENCRYPTED PRIVATE KEY-----"
    • Windows recognizes .cer and .cert as cert files
  • .jks == "Java Key Store"
    • just a Java-specific file format which the API uses
      • .p12 and .pfx files can also be used with the JKS API
  • "Trust Stores" contain public, trusted, root (CA) certs, whereas "Identity/Key Stores" contain private, identity certs; file-wise, however, they are the same.

I actually came across something like this not too long ago... check it out over on msdn (see the first answer)

in summary:

.cer - certificate stored in the X.509 standard format. This certificate contains information about the certificate's owner... along with public and private keys.

.pvk - files are used to store private keys for code signing. You can also create a certificate based on .pvk private key file.

.pfx - stands for personal exchange format. It is used to exchange public and private objects in a single file. A pfx file can be created from .cer file. Can also be used to create a Software Publisher Certificate.

I summarized the info from the page based on the suggestion from the comments.

In Windows platform, these file types are used for certificate information. Normally used for SSL certificate and Public Key Infrastructure (X.509).

  • CER files: CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public key. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), Windows will recognize either of these layout.
  • PVK files: Stands for Private Key. Windows uses PVK files to store private keys for code signing in various Microsoft products. PVK is proprietary format.
  • PFX files Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. The PFX file is also used in various Microsoft products, such as IIS.

for more information visit:Certificate Files: .Cer x .Pvk x .Pfx

Source: Stackoverflow.com

Examples related to security

Monitoring the Full Disclosure mailinglist Two Page Login with Spring Security 3.2.x How to prevent a browser from storing passwords JWT authentication for ASP.NET Web API How to use a client certificate to authenticate and authorize in a Web API Disable-web-security in Chrome 48+ When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? How does Content Security Policy (CSP) work? How to prevent Screen Capture in Android Default SecurityProtocol in .NET 4.5

Examples related to public-key

key_load_public: invalid format Verify host key with pysftp Github permission denied: ssh add agent has no identities git push: permission denied (public key) Heroku 'Permission denied (publickey) fatal: Could not read from remote repository' woes Using scp to copy a file to Amazon EC2 instance? How to ssh connect through python Paramiko with ppk public key Adding a public key to ~/.ssh/authorized_keys does not log me in automatically Permission denied (publickey) when deploying heroku code. fatal: The remote end hung up unexpectedly GitHub: Permission denied (publickey). fatal: The remote end hung up unexpectedly

Tags

Qt4dotnet Mergeinfo Smime Locals Jquery-ui-draggable Transformtovisual Filemaker Cycle Computer-science Stress-testing Exitstatus Xsp Argument-error Datamember Factoring Avahi Opensso Hypervisor Cbitmap Input-type-file Mysql-error-1452 Qt-mobility Decoder Hypercard Applicationdomain Petcare Jmstemplate Image-load Csstidy Heuristics Grails-validation Firefox4 Comparison Imp Database-dump Edit-control Dig Collectioneditor Bbedit Html5-video Library-interposition Apt Groupstyle Icu Cakephp-1.3 Objectdatasource Wsad5.1 Xml-namespaces Rowcount Comobject Params-keyword P4v Data-caching Web-analytics Load Unhandled Sharpffmpeg Jsr82 Microsoft-commerce-server Appfabric-beta-2 Blat Smtpclient Bulk Django-haystack Pdflatex Magnetic-cards Jform-designer Bho Uiprogressview Dynamictype Ruby-openid Onmousedown Couchone Agsxmpp Sourcegear-vault Sql-job Trunk Non-printable Character-encoding Flashback Clique Programdata Webtest Wcf-ria-services Svn-reintegrate Ora-06512 Relay Method-names Qabstracttablemodel Procmail Ploneformgen Linda Documentum6.5 Mediacontroller Multi-table-delete Jdwp Arraycollection Qobject Cfgrid Pdp-11