IETF Logo Mail Archive

Re: PEM file format rfc draft request

pgut001@cs.auckland.ac.nz (Peter Gutmann) Wed, 15 November 2006 13:42 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GkL1h-0000h6-KB for pkix-archive@lists.ietf.org; Wed, 15 Nov 2006 08:42:05 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GkL1g-0005UZ-7g for pkix-archive@lists.ietf.org; Wed, 15 Nov 2006 08:42:05 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id kAFCLmLP076425; Wed, 15 Nov 2006 05:21:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id kAFCLmb3076424; Wed, 15 Nov 2006 05:21:48 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from chico.itss.auckland.ac.nz (chico.itss.auckland.ac.nz [130.216.190.12]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id kAFCLkdI076415 for <ietf-pkix@imc.org>; Wed, 15 Nov 2006 05:21:47 -0700 (MST) (envelope-from pgut001@cs.auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1]) by chico.itss.auckland.ac.nz (Postfix) with ESMTP id 1A12B34B45; Thu, 16 Nov 2006 01:21:41 +1300 (NZDT)
Received: from chico.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpb.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18852-16; Thu, 16 Nov 2006 01:21:40 +1300 (NZDT)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by chico.itss.auckland.ac.nz (Postfix) with ESMTP id B840E34453; Thu, 16 Nov 2006 01:21:39 +1300 (NZDT)
Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id CE6BE37742; Thu, 16 Nov 2006 01:21:37 +1300 (NZDT)
Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1GkJly-0002Yw-00; Thu, 16 Nov 2006 01:21:46 +1300
From: pgut001@cs.auckland.ac.nz
To: Dieter.Bratko@iaik.tugraz.at, ron.ogle@thomson.net
Subject: Re: PEM file format rfc draft request
Cc: ietf-pkix@imc.org
In-Reply-To: <01c401c707f9$3ac61660$6d981b81@iaik.tugraz.at>
Message-Id: <E1GkJly-0002Yw-00@medusa01.cs.auckland.ac.nz>
Date: Thu, 16 Nov 2006 01:21:46 +1300
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.5 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2

"Dieter Bratko" <Dieter.Bratko@iaik.tugraz.at> writes:

>For that reason a standard giving some recommendations for the usage of PEM
>headers would be very useful. It should not only cover keys, but also
>certificates, crls, requests,... (for instance, some applications use -----
>BEGIN CERTIFICATE REQUEST-----. and some use -----BEGIN NEW CERTIFICATE
>REQUEST-----, and some may use  -----BEGIN PKCS10 REQUEST---- or something
>other for encoding a certificate request).

That's why I suggested that a regexp is the only way to handle this.  You also
need to take into account usage in other environments like PGP and SSH, which
also use the PEM format.  From memory my code's workflow is something like:

  look for '----';
  look for either another '-' or a ' ';
  look for 'BEGIN';

This handles the common PEM start.  Then:

  if the remaining text contains 'SSH' it's an SSH public key;
    goto SSH-processing;
  if the remaining text contains 'PGP' it's a PGP public key;
    goto PGP-processing;
  // Default: It's something X.509-ish
  if the remaining text contains 'REQUEST' or 'PKCS10' it's a PKCS #10 cert request;
  if the remainig text contains 'PRIVATE' it's a private key;
  otherwise it's a cert of some form;

This should handle pretty much everything out there.

Peter.

v2.23.0 | Report a Bug | By Email