.pem文件是否包含私钥和公钥？

Question

我想知道如果pem文件包含私钥和公钥？ Pem代表什么？

Answer 1

由于PEM文件不是标准文件，PEM文件可能只包含任何内容，包括公钥和/或私钥。实际上PEM只是意味着文件包含一个base64编码的数据位。通过引用S/MIME之前作为邮件安全标准的旧的隐私增强邮件标准，它被称为PEM文件。这些标准以特定的base64格式指定了各种密钥和消息的格式。例如，请参阅RFC 1421。

通常，PEM文件包含一个base64编码密钥或证书，其格式为-----BEGIN <whatever>-----和-----END <whatever>----。随着时间的推移，对于<whatever>，包括私钥，公钥，X509证书，PKCS7数据，包含多个证书的文件，包含私钥和X509证书的文件，PKCS＃10证书签名请求等等，已经形成了许多可能性...

Answer 2

您可以decode您PEM格式化x509certificate用下面的命令：

openssl x509 -in cert.pem -text -noout 

PEM证书contains只有公钥或私钥只或两者。

---

对于以下example：

-----BEGIN CERTIFICATE----- 
MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G 
A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y 
aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 
ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw 
CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy 
dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu 
dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB 
BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X 
uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud 
DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG 
SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA 
l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= 
-----END CERTIFICATE----- 

您将获得：

Certificate: 
    Data: 
     Version: 3 (0x2) 
     Serial Number: 0 (0x0) 
    Signature Algorithm: ecdsa-with-SHA256 
     Issuer: C = BE, O = GnuTLS, OU = GnuTLS certificate authority, ST = Leuven, CN = GnuTLS certificate authority 
     Validity 
      Not Before: May 23 20:38:21 2011 GMT 
      Not After : Dec 22 07:41:51 2012 GMT 
     Subject: C = BE, O = GnuTLS, OU = GnuTLS certificate authority, ST = Leuven, CN = GnuTLS certificate authority 
     Subject Public Key Info: 
      Public Key Algorithm: id-ecPublicKey 
       Public-Key: (256 bit) 
       pub: 
        04:52:d8:8d:23:8a:e3:67:d7:86:36:b1:20:0b:09: 
        7d:c8:c9:ba:a2:20:95:2f:c5:4a:63:fa:83:5f:ce: 
        78:2f:8f:f3:62:ca:fd:b7:f7:80:56:9d:6e:17:b9: 
        0e:11:4c:48:b2:c0:af:3b:59:17:16:30:68:09:07: 
        99:17:fe:dd:a7 
       ASN1 OID: prime256v1 
       NIST CURVE: P-256 
     X509v3 extensions: 
      X509v3 Basic Constraints: critical 
       CA:TRUE 
      X509v3 Key Usage: critical 
       Certificate Sign, CRL Sign 
      X509v3 Subject Key Identifier: 
       F0:B4:81:FE:98:12:BF:B5:28:B9:64:40:03:CB:CC:1F:66:4E:28:03 
    Signature Algorithm: ecdsa-with-SHA256 
     30:45:02:20:31:ae:c0:3d:4a:3f:21:be:85:17:fc:f0:c7:b2: 
     31:07:2a:38:56:43:d1:36:d5:95:e1:7e:52:c0:06:43:87:a7: 
     02:21:00:97:8c:0e:b8:3c:0a:41:af:ae:a5:cf:06:7e:d5:c4: 
     d8:2f:ff:e2:62:80:34:10:ba:22:dd:35:81:46:93:22:9a 

了解Public Key Algorithm和Signature Algorithm部分之间的差异读this（两者都是公共的）。