Cryptography - PKCS (Public Key Cryptography Standards)


PKCS #X (Public Key Cryptography Standards) are a group of public-key cryptography standards devised and published by RSA Security Inc, starting in the early 1990s.

They defined the file format of key material (keystore)

File Extension

The file extensions are:

  • pkX for the binary format
  • PEM when they are encapsulated


PKCS are binary format. They may be wrapped into a PEM format being transformed as human text with a base64 encoding (transformation .

Therefore, you have a PEM with a content that is encoded as base64 PKCS format.



PKCS#7 does not include the private key, it is commonly used for certificate dissemination (e.g. as the response to a PKCS#10 certificate request, as a means to distribute S/MIME certs used to encrypt messages, or to validate signed messages etc).

It is important to remember that it is only for certificates which are by definition public items.

You cannot convert from PKCS#7 to PKCS#12 without additional data (the private key part) because PKCS#7 doesn't have all of the data.


From old PKCS12 base64 pem (from dkim for instance) to new Pkcs8 format

openssl pkcs8 \
   -topk8 \ # Output PKCS8 file
   -inform PEM \
   -outform PEM \
   -nocrypt \
   -in pkcs12.pem \
   -out pkcs8.pem




see PKCS

Powered by ComboStrap