Relation between .p7b and .spc digital certificate files

certificate digital-signature

My company have just renewed their digital certificate from Thawte. The previous certificate I was using had an 'spc' extension. The new certificate I've been handed ends in a 'p7b'.

Although I can use this p7b file directly for signing, I was just wondering whether there's some way to convert this to an spc file which I can then sign with as I was doing previously.

Is it a recommended practice to use p7b directly for signing? Secondly, what exactly is the relation, if any, between the two types of files?


Those are just two different filename extensions for PKCS #7 files. You can simply rename it from .p7b to .spc.

Unfortunately, I don't believe the PKCS specifications ever specified the filename extensions, MIME types, or "magic numbers" (first 4 bytes) of their file types (and to be fair, their file types are mostly text based, so magic numbers don't really apply), so different implementors have used different filename extensions for the same PKCS-related file types.

[Edit: I previously had written a cheat-sheet off the top of my head here, but I realized later I'd made a mistake. Here's a better cheat sheet from the X.509 article on Wikipedia:]

http://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions

Certificate filename extensions

Common filename extensions for X.509 certificates are:

  • .pem - (Privacy Enhanced Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
  • .cer, .crt, .der - usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
  • .p7b, .p7c - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
  • .p12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)
  • .pfx - PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g, with PFX files generated in IIS)

PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.

PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.

I also saw a link from a relevant Server Fault article to a useful Microsoft support knowledge base article that confirms that you can just rename a .p7b to .spc.

Related

Restoring a disk image with dd
Why doesn't this for loop work?
Good Color Picker Tool that runs in the background? [closed]
How do I create a chart in Excel with dynamic series based on the data content?
How to get IE to open JavaScript as text
How can I get rid of the annoying windows' automatic update needs reboot popup as non-admin?
Is it OK to update my BIOS?
I can't turn Bluetooth on or off
Clone current host OS to a guest virtual machine
Display day of week in Taskbar without impacting Excel
No way my laptop will use nVidia chip instead of integrated graphics
External hard drive doesn't appear in Computer