DER and PEM are formats used in X509 and other certificates to store Public, Private Keys and other related information. OpenSSL provides a lot of features for manipulating PEM and DER certificates. We can use OpenSSL to convert DER to PEM format and vice versa.
Convert DER Format To PEM Format For RSA Key
We may have an RSA Key in DER format and we want to convert it into DER format. We will use the verbrsa with the following options.
-informinput format-outformoutput format-ininput-outthe output which is converted format.
$ openssl rsa -inform DER -outform PEM -in mykey.der -out mykey.pem
Convert PEM Format To DER Format For RSA Key
In this step, we will do the reverse and convert PEM formatted RSA Key to the DER format with the following command.
$ openssl rsa -inform PEM -outform DER -text -in mykey.pem -out mykey.der
Convert DER Format To PEM Format For X509
X509 Certificates are popular especially in web sites and Operating systems. X509 certificates also stored in DER or PEM format. We can use OpenSSL to convert an X509 certificate from DER format to PEM format with the following command.
$ openssl x509 -inform DER -outform PEM -text -in mykey.der -out mykey.pem
Convert PEM Format To DER Format For X509
We can convert X509 certificate from PEM format to DER format with the following command.
$ openssl x509 -inform PEM -outform DER -text -in mykey.pem -out mykey.der
I think there is a typo on the last line:
openssl x509 -inform PEM -outform DER -text -in mykey.pem -out mykey.der
should be
openssl x509 -inform PEM -outform DER -in mykey.pem -out mykey.der
to produce binary (non-text) DER format.
“-text” command prints input on screen. Output doesn’t change whether or not “-text” is provided (as DER format is always binary).