[openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jun 10 04:47:24 UTC 2015

On Wed, Jun 10, 2015 at 08:48:41AM +0530, Nayna Jain wrote:

> I think I will try with PEM_read_xxx and d2i_, then probably do not have
> to read throu first character as 0x30.

That works, provided you rewind or re-open the file.

> Are all d2i_xxx type of APIs for DER format.

Yes, they decode binary ASN.1 encodings of the relevant structures.
And conversely i2d_... encodes a C structure to ASN.1 (typically
DER) form.
> And if I have to operate on DER formatted certs, do I need to first convert
> it to PEM and then user PEM APIs. or there are DER specific APIs also, I
> didn't find though, unless they are d2i_xxx types.

I don't see why you would need to convert to PEM first, though
there are legitimate reasons to do so when you need to write
configuration files to disk, as PEM is easier to work with as a
configuration format.


More information about the openssl-users mailing list