Privacy-Enhanced Mail
Internet security protocols |
---|
Key management |
|
Application layer |
Domain Name System |
Internet Layer |
Privacy-Enhanced Mail (PEM) is a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail." While the original standards were never broadly adopted and were supplanted by PGP and S/MIME, the textual encoding they defined became very popular. The PEM format was eventually formalized by the IETF in RFC 7468.[1]
Format
Many cryptography standards use
The PEM format solves this problem by encoding the binary data using
-----BEGIN
, a label, and -----
, and a one-line footer, consisting of -----END
, a label, and -----
. The label determines the type of message encoded. Common labels include CERTIFICATE
, CERTIFICATE REQUEST
, PRIVATE KEY
and X509 CRL
.
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
PEM data is commonly stored in files with a ".pem" suffix, a ".cer" or ".crt" suffix (for certificates), or a ".key" suffix (for public or private keys).[3] The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a ".pem" file. In particular PEM refers to the header and base64 wrapper for a binary format contained within, but does not specify any type or format for the binary data, so that a PEM file may contain "almost anything base64 encoded and wrapped with BEGIN and END lines".[4]
Examples
- An operating system might provide a PEM file containing a list of trusted CA certificates, each of which in its own BEGIN/END sections;
- A web server might be configured with a "chain" file containing an end-entity certificate plus a list of intermediate certificates, each of which in its own BEGIN/END sections.
Privacy-enhanced mail
The PEM format was first developed in the privacy-enhanced mail series of RFCs: RFC 1421, RFC 1422, RFC 1423, and RFC 1424. These standards assumed prior deployment of a hierarchical public key infrastructure (PKI) with a single root. Such a PKI was never deployed, due to operational cost and legal liability concerns.[citation needed] These standards were eventually obsoleted by PGP and S/MIME, competing e-mail encryption standards.[citation needed]
History
The initiative to develop Privacy Enhanced Mail began in 1985 on behalf of the PSRG (Privacy and Security Research Group)[5] also known as the Internet Research Task Force. This task force is a subsidiary of the Internet Architecture Board (IAB) and their efforts have resulted in the Requests for Comment (RFCs) which are suggested Internet guidelines.[6]
References
- S2CID 41770450.
- . Retrieved 2017-03-06.
- ^ "DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them". www.gtopia.org. Archived from the original on 2019-08-04. Retrieved 2020-02-04.
- ^ "Where is the PEM file format specified?".
- S2CID 15759913.
- ISSN 0001-0782.