PKCS#7

PKCS#7 is part of the Public Key Cryptographic Standards. You might have guessed it, but it is the seventh of these standards. Its successor CMS is mostly backwards compatible and therefore other dependant standards may refer to either PKCS#7 or CMS, depending on their own version. Therefore, we sometimes use the PKCS#7 and CMS interchangeably on this site.

This is also the major disadvantage of this format. If an application or user gets a PKCS#7, it is not by itself clear what to do with it. Here are some important use cases:

• S/MIME messages are basically emails with PKCS#7 bodies or attachments.

• SCEP requests and replies are both actually PKCS#7 signed messages.

• EST responses are CMS messages.

Encoding

Common file endings are .p7b (DER encoded), .p7s (a signed message or message signature), and .p7m (a signed and/or encrypted message). The PEM-encoding with label "PKCS7" is also defined, but seldom used.

Tools

In Windows, you can open PKCS#7 messages with a double click and the Crypto-shell extensions will display it for you. However, you can usually only extract certificates and their private keys out of it, and not message contents.

You can convert these files into other formats with tools like OpenSSL.