|Developed by||RSA Security|
1 March 1998
|Type of format||Archive file format|
|Container for||X.509 public key certificates, X.509 CRLs|
In cryptography, "PKCS #7: Cryptographic Message Syntax" (a.k.a. "CMS") is a standard syntax for storing signed and/or encrypted data. PKCS #7 is one of the family of standards called Public-Key Cryptography Standards (PKCS) created by RSA Laboratories. The latest version, 1.5, is available as RFC 2315.
PKCS #7 files may be stored both as raw DER format or as PEM format. PEM format is the same as DER format but wrapped inside Base64 encoding and sandwiched in between ‑‑‑‑‑BEGIN PKCS7‑‑‑‑‑ and ‑‑‑‑‑END PKCS7‑‑‑‑‑. Windows uses the ".p7b" file name extension for both these encodings.
A typical use of a PKCS #7 file would be to store certificates and/or certificate revocation lists (CRL).
Here's an example of how to first download a certificate, then wrap it inside a PKCS #7 archive and then read from that archive:
$ echo '' | openssl s_client -connect example.org:443 -host example.org 2>/dev/null | openssl x509 > example.org.cer 2>/dev/null $ openssl crl2pkcs7 -nocrl -certfile example.org.cer -out example.org.cer.pem.p7b $ openssl pkcs7 -in example.org.cer.pem.p7b -noout -print_certs subject=C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, OU = Technology, CN = www.example.org issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
- RFC 2315 - Public-Key Cryptography Standards (PKCS) #7: Cryptographic Message Syntax Specification Version 1.5, March 1998
- RFC 2630 - Cryptographic Message Syntax, June 1999
- RFC 3369 - Cryptographic Message Syntax (CMS), August 2002
- RFC 3852 - Cryptographic Message Syntax (CMS), July 2004
- RFC 5652 - Cryptographic Message Syntax (CMS), September 2009
- ".p7b Extension - List of Windows programs that can open .p7b files".
- Man page for openssl-pkcs7