I'd refer you to my video about digital certificate.. You need to specify key usage and extended key usage for code signing.. watch that other video for more info.. thank you.
No problem, good question! DER : is pure binary. Binary files consumes less memory and less processing time. Use this format if you're using a minimal environment. PEM : is a human readable format, encoded as Base64 and widely compatible with most of the application. PKCS #7 : format is widely used and also my favourite/preferred format for certificate bundles. A certificate bundle contains signed certificates along with all issuer certificates. Use this if you're dealing with signed certificates. PKCS #8 : is a format for private keys. This format is secure as it lets you use encryption. PKCS #8 has also become the default format for private keys in OpenSSl 3.x. OpenSSL 1.1.1 and below uses legacy formats (PKCS#1 and SEC1). PKCS #12 : is also binary. It always uses encryption to protect sensitive keys and this format allows a private key to be bundled along with certificates. PKCS #12 is the most secure format. It has also become the default format for java keystores.
In new browsers, subjectAltName extension is required. This means that with the Common Name alone, the browser does not recognize the connection as secure. Is this true?@@CyberHashira
19:45 - PBKDF2 is "Password Based Key Derivation Function 2". Term "Password based Key Derivation Format" is incorrect. I apologize...
A really good series of tutorials on OpenSSL. Thank you.
I'm glad you liked it.. I will be adding few more videos to this series.. It's not complete yet..
Really helpful and informative on OpenSSL and crypto in general. Thank you.
You're welcome
How would you generate a Code Signing certificate?
I'd refer you to my video about digital certificate.. You need to specify key usage and extended key usage for code signing.. watch that other video for more info.. thank you.
I am sorry for a newbie question... But in which scenario should I use each of the key formats? Which one is the default or the most secure?
No problem, good question!
DER : is pure binary. Binary files consumes less memory and less processing time. Use this format if you're using a minimal environment.
PEM : is a human readable format, encoded as Base64 and widely compatible with most of the application.
PKCS #7 : format is widely used and also my favourite/preferred format for certificate bundles. A certificate bundle contains signed certificates along with all issuer certificates. Use this if you're dealing with signed certificates.
PKCS #8 : is a format for private keys. This format is secure as it lets you use encryption. PKCS #8 has also become the default format for private keys in OpenSSl 3.x. OpenSSL 1.1.1 and below uses legacy formats (PKCS#1 and SEC1).
PKCS #12 : is also binary. It always uses encryption to protect sensitive keys and this format allows a private key to be bundled along with certificates. PKCS #12 is the most secure format. It has also become the default format for java keystores.
very very useful
Thank you.
In new browsers, subjectAltName extension is required. This means that with the Common Name alone, the browser does not recognize the connection as secure. Is this true?@@CyberHashira