Note on certificate formats:
Encodings (also used as extensions)
- .DER = The DER extension is
used for binary DER encoded certificates. These files may also bear
the CER or the CRT extension.
- .PEM = The PEM extension is
used for different types of X.509v3 files which contain ASCII
(Base64) armored data prefixed with a "—– BEGIN …” line.
Common Extensions
- .CRT = The CRT extension is
used for certificates. The certificates may be encoded as binary
DER or as ASCII PEM. The CER and CRT extensions are nearly
synonymous. Most common among *nix systems
- CER = alternate form of .crt
(Microsoft Convention) You can use MS to convert .crt to .cer (.both DER
encoded .cer, or base64[PEM] encoded .cer) The .cer
file extension is also recognized by IE as a command to run a MS
cryptoAPI command (specifically rundll32.exe
cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing
and/or viewing certificate contents.
- .KEY = The KEY extension is
used both for public and private PKCS#8 keys. The keys may be
encoded as binary DER or as ASCII PEM.
The only time CRT and CER can safely be interchanged is when the
encoding type can be identical. (ie PEM encoded CRT = PEM encoded CER) Generate a key:
1) Create private key: openssl genpkey -engine gost -algorithm gost2001 -pkeyopt paramset:A
-out test.key
2) Generate certificate request openssl req -engine gost -new -key test.key -out test.p10
3) Generate self-signed certificate (in pem format) openssl x509 -req -in test.p10 -engine gost -signkey test.key -out test.pem
4) Convert into pem openssl x509 -in test.pem -inform pem -out test.crt -outform der
Get info on certificate:
openssl x509 -engine gost -in test.crt -noout -text -nameopt utf8,sep_multiline
Dates of start and end of the certificate validity: openssl x509 -engine gost -in test.crt -noout -startdate openssl x509 -engine gost -in test.crt -noout -dates
encrypt data using gost
mime format: /opt/cryptopack2/bin/openssl smime -encrypt -gost89 -in $1 -binary
-out $1.enc test.crt
plain binary: openssl smime -encrypt -engine gost -in data.zip -binary -outform der test.crt
plain base64: openssl smime -encrypt -engine gost -in data.zip -binary -outform der test.crt | base64 | tr -d "\n"
|