Portecle, DER and PEM files, and PEM encodings for private key files

July 29, 2024

DER (Distinguished Encoding Rules) files:

• results in a truly binary representation of the encoded data

PEM (Privacy Enhanced Mai) files:

• essentially base64 encoded versions of the DER encoded data (a format to send these in an encoding of printable characters)
• usually generated by OpenSSL and composed of a header, the base64 encoded data, and a footer
• format
  • a line consisting of 5 hyphens, the word BEGIN, one or a few (space-separated) words defining the type of data, and 5 hyphens
  • an optional (and rare) rfc822-style header, terminated by an empty line
  • base64 of the data, broken into lines of 64 characters (except the last); some programs instead use the (slightly newer) MIME limit of 76 characters
  • a line like the BEGIN line but with END instead

RSA Private Key file (PKCS#1):

• starts with -----BEGIN RSA PRIVATE KEY-----
• essentially just the key object from PKCS#8, but without the version or algorithm identifier in front
• contains CRT parameters

RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
    "prime1NTEGER,  --",
    "prime2NTEGER,  --",
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

Private Key file (PKCS#8):

• starts with -----BEGIN PRIVATE KEY -----
• this is a more generic key format that identifies the type of public key and contains the relevant data
  • useful because RSA is not used exclusively inside X509 and SSL/TLS
• does not contain CRT parameters (more headers, but smaller size)
• OpenSSL version 3.0.0 and later use this format by default

PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      BIT STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}

Practical observations:

• for public keys
  • we use the head certificate from the PFX file when deploying on servers (there are three certificates in the certificate chain)
• for private keys
  • we use PKCS#8 encoding, which is marked by -----BEGIN PRIVATE KEY-----

References:

• https://github.com/scop/portecle
• https://stackoverflow.com/questions/20065304/differences-between-begin-rsa-private-key-and-begin-private-key
• https://web.archive.org/web/20140819203300/https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem
• https://stackoverflow.com/questions/48958304/pkcs1-and-pkcs8-format-for-rsa-private-key