Why File Formats Matter in Cryptography
When working with encryption tools and digital certificates, you'll encounter various file extensions that might seem confusing at first. Understanding these formats is essential because they serve different purposes in the cryptographic ecosystem.
Different file formats store different types of cryptographic information, such as private keys, public keys, certificates, or signed data. Using the wrong format can lead to compatibility issues or security problems.
Security Alert
The Importance of File Format Knowledge
Recognizing cryptographic file formats helps you:
- Avoid accidentally sharing private key material
- Ensure compatibility with different applications
- Troubleshoot issues when keys or certificates don't work
- Properly secure sensitive cryptographic material
Common Cryptographic File Extensions
Let's explore the most common file extensions you'll encounter when working with encryption and digital certificates.
| Extension | Format Name | Description | Common Use |
|---|---|---|---|
| .asc | ASCII-Armored | Text-based (human-readable) PGP format | PGP keys, signatures, encrypted messages |
| .gpg | GnuPG | Binary PGP format | Encrypted files, keys |
| .pem | Privacy Enhanced Mail | Base64-encoded X.509 certificates or keys | SSL/TLS certificates, HTTPS, S/MIME |
| .der | Distinguished Encoding Rules | Binary X.509 certificate format | X.509 certificates, Java environments |
| .p12, .pfx | PKCS#12 | Personal Information Exchange | Certificate + private key bundles |
| .crt, .cert | Certificate | Can be either PEM or DER format | Public certificates |
| .key | Key file | Private key (various formats) | SSL/TLS private keys |
| .csr | Certificate Signing Request | Request for a certificate | Obtaining certificates from CAs |
| .sig | Signature | Detached digital signature | Verifying file authenticity |
| .jks | Java KeyStore | Java-specific key store format | Java applications |
PGP-Specific File Formats
OpenPGP, the technology behind Secure Mail Client, uses several file formats that you should recognize:
ASCII-Armored (.asc)
ASCII-armored files are human-readable text files that begin and end with specific headers:
- •Easy to share via email or text
- •Can contain keys, encrypted messages, or signatures
- •Larger file size than binary formats
Binary (.gpg)
Binary PGP files are more compact but not human-readable:
- •More compact file size
- •Used for encrypted files, keys, and signatures
- •Not suitable for direct email inclusion
Tip
Converting Between Formats
Secure Mail Client can easily convert between ASCII and binary formats:
- To convert a binary .gpg file to ASCII format:
File > Export > ASCII Armored - To convert an ASCII .asc file to binary:
File > Export > Binary Format
X.509 Certificate Formats
X.509 certificates are used for SSL/TLS connections, S/MIME email encryption, and code signing. These come in several formats:
PEM Format (.pem)
PEM (Privacy Enhanced Mail) is a base64-encoded format with specific headers and footers:
Key Features:
- •Human-readable text format
- •Can contain certificates, private keys, or certificate chains
- •Different header types indicate the content:
- CERTIFICATE: Public certificate
- PRIVATE KEY: Private key
- PUBLIC KEY: Public key
- CSR: Certificate signing request
- •Most widely used for SSL/TLS and web servers
DER Format (.der)
DER (Distinguished Encoding Rules) is a binary format for X.509 certificates:
- •Binary format, not human-readable
- •More compact than PEM
- •Common in Java environments
- •Can be converted to/from PEM
PKCS#12 Format (.p12, .pfx)
PKCS#12 is a binary format that can store certificates and private keys together:
- •Password-protected container format
- •Bundles private keys with certificates
- •Used for certificate backup and transfer
- •Common in Windows and web browsers
Understanding File Extensions in Practice
Now let's look at when you'll encounter these file formats in real-world scenarios:
| Scenario | Common File Formats | What You Need to Know |
|---|---|---|
| Sharing your PGP public key | .asc | ASCII-armored format is best for sharing via email or text |
| Backing up your PGP private key | .asc, .gpg | Should be kept secure and password-protected |
| Encrypting a file with PGP | .gpg | Binary format is more efficient for encrypted files |
| Setting up a web server with HTTPS | .pem, .key, .crt | Typically requires the certificate (.crt/.pem) and private key (.key) |
| Importing a certificate to a browser | .p12, .pfx | PKCS#12 format includes both certificate and private key |
| Verifying a downloaded file | .sig, .asc | Signature files allow verification of the original file's authenticity |
| Requesting a certificate from a CA | .csr | Certificate Signing Request is sent to the CA for signing |
Warning
Protecting Private Key Files
Files containing private keys (.key, .p12, .pfx, some .pem files) should always be:
- Protected with strong passwords
- Stored in secure locations
- Not shared via email or messaging
- Backed up securely
Working with Crypto Files in Secure Mail Client
Secure Mail Client provides tools to work with various cryptographic file formats:
Common Operations
Exporting Keys
To export your public key in ASCII format:
- In the key management interface, select your key
- Click "Export"
- Choose "ASCII armored" and "Public key only"
- Save with .asc extension
Importing Certificates
Secure Mail Client can import various certificate formats:
- •PEM (.pem, .crt) - Choose "Import X.509 Certificate"
- •PKCS#12 (.p12, .pfx) - Choose "Import Certificate with Private Key"
- •DER (.der) - Choose "Import X.509 Certificate" with "All Files" filter
Verifying Signatures
To verify a file with a detached signature:
- Click "Verify File"
- Select the original file
- Choose the signature file (.sig or .asc)
- The app will verify the signature with the appropriate public key
Converting Between Formats
Sometimes you may need to convert between different cryptographic formats. Here are some common conversions:
PGP Format Conversions
- →Binary to ASCII-armored:In Secure Mail Client: "Export Key" > "ASCII armored"
- →ASCII-armored to Binary:In Secure Mail Client: "Export Key" > "Binary format"
- →Export public key only:In Secure Mail Client: "Export Key" > "Public key only"
X.509 Format Conversions
- →PEM to DER:In Secure Mail Client: "Certificate Tools" > "Convert Format" > "PEM to DER"
- →DER to PEM:In Secure Mail Client: "Certificate Tools" > "Convert Format" > "DER to PEM"
- →PEM to PKCS#12:In Secure Mail Client: "Certificate Tools" > "Create PKCS#12"
- →PKCS#12 to PEM:In Secure Mail Client: "Certificate Tools" > "Extract from PKCS#12"
Security Alert
Identifying File Contents
Don't rely solely on file extensions to identify cryptographic material. The content and headers provide the true information about what's inside:
- PGP ASCII files have headers like
-----BEGIN PGP PUBLIC KEY BLOCK----- - X.509 PEM files have headers like
-----BEGIN CERTIFICATE----- - Private key PEM files have headers like
-----BEGIN PRIVATE KEY-----
Summary of Key Points
- ASCII formats (.asc, .pem) are human-readable and good for text transmission
- Binary formats (.gpg, .der, .p12) are more compact but not human-readable
- Private key files should be protected with strong passwords and stored securely
- File extensions provide a hint about content, but the actual headers are more reliable
- Different systems may require specific formats, so knowing how to convert between them is valuable
- Secure Mail Client provides tools to work with most common cryptographic file formats
Next Steps
Now that you understand cryptographic file formats:
- Learn how to create your own PGP keys in the next module
- Practice identifying different file types in your own secure communications
- Experiment with exporting your keys in different formats using Secure Mail Client