Skip to Content

Understanding PEM and DER File Formats

By: Author David Cao

Posted on Last updated:

2 Comments

Categories SSL

Understanding the differences between PEM and DER file formats is important for handling SSL/TLS certificates, as they are two of the most commonly used formats for storing these certificates and keys.

Here’s an overview of each format:

PEM Format

  1. Text-Based Format:
    • PEM (Privacy Enhanced Mail) is a Base64 encoded format used for certificates and keys. It’s encapsulated with ASCII text headers and footers.
    • Example Headers/Footers:
      • For certificates:
        -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
      • For private keys:
        -----BEGIN PRIVATE KEY-----and -----END PRIVATE KEY-----
  2. Readability and Editability:Since PEM files are text-based, they can be opened and read in a text editor.
  3. Usage:Widely used in web servers like Apache and nginx for SSL/TLS configurations. Preferred format for OpenSSL and many other applications.
  4. Versatility:PEM files can contain certificates, private keys, public keys, and even certificate chains.
  5. Security:The private key portion in a PEM file must be kept secure.

DER Format

  1. Binary Format:DER (Distinguished Encoding Rules) is a binary format for storing the same information as PEM but without the text headers and footers. More compact and not human-readable.
  2. Usage:Commonly used in Java-based environments and some Windows applications. Typically found with .der or .cer file extensions.
  3. Compatibility:While not as universally compatible as PEM, DER is still widely supported, especially in environments that require binary formats.
  4. Conversion:DER files can be converted to PEM and vice versa, typically using tools like OpenSSL.
  5. Content Limitation:A DER file generally contains only one certificate or one key, unlike PEM which can contain multiple items in the same file.

Comparing PEM and DER

  • Format: PEM is ASCII text; DER is binary.
  • Compatibility: PEM is more universally accepted across different systems and software.
  • Usability: PEM files can be easily edited with a text editor; DER requires specific tools for viewing or editing.
  • Content: PEM can hold multiple certificates and keys in one file; DER is usually limited to one item per file.

Conversion Between PEM and DER

You can convert between PEM and DER using OpenSSL. For example:

  • PEM to DER:openssl x509 -outform der -in certificate.pem -out certificate.der
  • DER to PEM:openssl x509 -inform der -in certificate.der -out certificate.pem

In summary, the choice between PEM and DER often depends on the requirements of the system or application you are working with.

PEM’s text-based, human-readable format makes it more versatile for a wide range of uses, while DER’s binary format is preferred in environments that necessitate a more compact form

By Author David Cao

Posted on Last updated:

Categories SSL

CharlyMarks

Thursday 15th of February 2024

What a shame. "Understanding PEM and DER File Formats" is the title, but if you don't explain how those formats are, it's difficult to understand. Some bibliography references could help. It's good that you describe some tools, that's also true.

David Cao

Monday 19th of February 2024

Please kindly check this. Format: PEM is ASCII text; DER is binary. Since PEM files are text-based, they can be opened and read in a text editor. DER (Distinguished Encoding Rules) is a binary format for storing the same information as PEM but without the text headers and footers. More compact and not human-readable.