PKCS#7
PKCS#7 is the Swiss Army Knife in cryptographic data formats and it may contain virtually anything -- encrypted messages, signed messages, signed and encrypted messages, certificates, and private keys
Last updated
Was this helpful?
PKCS#7 is the Swiss Army Knife in cryptographic data formats and it may contain virtually anything -- encrypted messages, signed messages, signed and encrypted messages, certificates, and private keys
Last updated
Was this helpful?
PKCS#7 is part of the Public Key Cryptographic Standards. You might have guessed it, but it is the seventh of these standards. Its successor is mostly backwards compatible and therefore other dependant standards may refer to either PKCS#7 or CMS, depending on their own version. Therefore, we sometimes use the PKCS#7 and CMS interchangeably on this site.
This is also the major disadvantage of this format. If an application or user gets a PKCS#7, it is not by itself clear what to do with it. Here are some important use cases:
S/MIME messages are basically emails with PKCS#7 bodies or attachments.
requests and replies are both actually PKCS#7 signed messages.
EST responses are CMS messages.
Common file endings are .p7b (), .p7s (a signed message or message signature), and .p7m (a signed and/or encrypted message). The with label "PKCS7" is also defined, but seldom used.
In Windows, you can open PKCS#7 messages with a double click and the Crypto-shell extensions will display it for you. However, you can usually only extract certificates and their private keys out of it, and not message contents.
You can convert these files into other formats with tools like OpenSSL.