PEM is the abbreviation for Privacy Enhanced Mail and describes a text-based format for cryptographic keys, certificates, certificate signing requests, and other data used in a public key infrastructure .
The PEM format is designed to be safe for inclusion in plain text documents as emails, that are using ASCII or any other ASCII based character encoding such as Unicode.
Most cryptographic standards use the binary DER format for storing structured data like key certificates. Binary data however is harder to integrate in plain text messages or storage formats. The PEM format is addressing this issue by using Base64 encoding to embed the binary data to the text. Very distinct BEGIN and END headers allow to easily determine PEM encoded information.
When opening PEM formatted data in a text editor, you will see something similar to this:
Depending on the encoded data, the above
[TYPE] may be
CERTIFICATE REQUEST and alike.
Various file suffixes are used for PEM
files. The most common ones are
.ca-bundle, or just
A single PEM file may contain multiple certificates. For example, a certificate authority bundle (CA bundle) usually is a chain of intermediate certificates up to the root certificate of the certificate authority (CA). Opening such a file in a text editor may show several
blocks copied after each other.