A PEM file may contain just about anything including a public key, a private key, or both, because a PEM file is not a standard. In effect PEM just means the file contains a base64-encoded bit of data. It is called a PEM file by allusion to the old Privacy-Enhanced Mail standards which preceded S/MIME as a mail security standard. These standards specified the format of various keys and messages in a particular base64 format. See RFC 1421 for example.
Typically a PEM file contains a base64 encoded key or certificate with header and footer lines of the form -----BEGIN <whatever>-----
and -----END <whatever>----
. Over time there have evolved many possibilities for <whatever>
, including private keys, public keys, X509 certificates, PKCS7 data, files containing multiple certificates, files containing both the private key and the X509 certificate, PKCS#10 certificate signing requests, ...
RFC 7468 has been written to document this de facto format.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…