[openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

Nayna Jain naynjain at in.ibm.com
Thu Jun 11 00:31:26 UTC 2015


Thanks Victor, I am going to try these..

I have similar concern for private key.
If I have a pem file with private key in that, how do I check if that is

Thanks & Regards,
Nayna Jain

From:	Viktor Dukhovni <openssl-users at dukhovni.org>
To:	openssl-users at openssl.org, openssl-dev at openssl.org
Date:	06/10/2015 10:18 AM
Subject:	Re: [openssl-users] Is there openssl API to verify certificate
            content is DER or PEM format ?
Sent by:	"openssl-users" <openssl-users-bounces at openssl.org>

On Wed, Jun 10, 2015 at 08:48:41AM +0530, Nayna Jain wrote:

> I think I will try with PEM_read_xxx and d2i_, then probably do not have
> to read throu first character as 0x30.

That works, provided you rewind or re-open the file.

> Are all d2i_xxx type of APIs for DER format.

Yes, they decode binary ASN.1 encodings of the relevant structures.
And conversely i2d_... encodes a C structure to ASN.1 (typically
DER) form.
> And if I have to operate on DER formatted certs, do I need to first
> it to PEM and then user PEM APIs. or there are DER specific APIs also, I
> didn't find though, unless they are d2i_xxx types.

I don't see why you would need to convert to PEM first, though
there are legitimate reasons to do so when you need to write
configuration files to disk, as PEM is easier to work with as a
configuration format.

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150611/f43ea838/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150611/f43ea838/attachment.gif>

More information about the openssl-users mailing list