On Mar 16, 2009, at 6:49 PM, Stefan Caunter wrote:
Apologies for this not being specific to the gnupg list, but could I possibly ask if anyone knows if it was ever possible to export multiple certs in DER format? In http://www.intevation.de/roundup/aegypten/msg433 Werner states that there is no standard for doing so. I am sure I used to do this with Windows Internet Explorer 5.x, but Windows Certificate Store will no longer export all certs as a .crt DER file, only a single cert as cert.der. Firefox as well. OpenSSL does not convert pkcs7 bundles to PEM for use on a unix system. Apple keychain gives me them all as a usable PEM that I can run c_rehash on, but this is not surprising. I'm rewriting http://lynx.isc.org/current/README.sslcerts and want to recommend more than one way to pull a commercially available cert bundle for non-commercial software. Stefan Caunter http://caunter.ca/contact.html
I doubt that you were able to export certificates directly in DER format in Windows without having them in some sort of container format such as PKCS#12. That is, with more than one certificate per file. PEM is actually just DER encoded in Base64 and bracketed with BEGIN and END delimiters. This is why you can have more than one object in a PEM file.
PKCS#12 also support more than one object per file and it has been the standard way of transporting certs in Windows. The file extensions would be either .PFX or .P12.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
