NODE 734 — TERMINAL RELAY

▸ PEM vs DER — Two Formats, One Certificate

DER (Distinguished Encoding Rules): The raw binary form of a certificate. It's a sequence of TLV (Tag-Length-Value) triplets encoding the ASN.1 data structure. DER is what gets signed — you can't put a signature on base64 text.

PEM (Privacy-Enhanced Mail): The DER binary is base64-encoded and wrapped with header/footer lines. PEM exists because early email systems (and configuration files) couldn't reliably transmit binary data. The convention stuck — today almost every TLS library accepts PEM format by default.

▸ Concrete Example — A Real Certificate Decoded

Here's a PEM certificate. Below it is the decoded ASN.1 structure:

Let's decode this with openssl x509 -in cert.pem -text -noout:

Each field in the output corresponds to an element in the ASN.1 schema. The signature at the bottom is a separate RSA-encrypted hash — it's computed over the tbsCertificate (the "To Be Signed" part), not the whole file.

▸ ASN.1 — The Grammar of Certificates

ASN.1 (Abstract Syntax Notation One) is a language for describing structured data. Every PEM certificate encodes an ASN.1 structure that looks roughly like this:

Each field gets encoded as TLV (Tag-Length-Value) bytes. The tag tells you what type it is (INTEGER = 0x02, BIT STRING = 0x03, OCTET STRING = 0x04, SEQUENCE = 0x30), the length tells you how many bytes follow, and the value is the data itself. This is what makes DER self-describing — you can parse it without any external schema.

▸ Chain of Trust — Root CA → Intermediate → Leaf

Your browser doesn't trust every certificate it sees. Instead, it builds a chain of trust from the server's certificate up to a root CA that your OS already trusts:

The leaf certificate is what the server sends. The intermediate CA is sent alongside it. The root CA — the anchor of trust — is already in your browser or OS. If every signature in the chain verifies, and none of the certificates have expired or been revoked, the connection is trusted. This is what happens every time you visit an HTTPS website.

Subject Alternative Names (SANs): Modern certificates don't just use the Common Name (CN) for domain matching — they use the SAN extension. A single certificate can list multiple domains: example.com, www.example.com, *.example.com. If the domain you're visiting doesn't match any SAN, the browser shows a scary warning.

▸ Difficulty Levels

▸ Real-World Applications

• Every HTTPS website: The padlock 🔒 in your browser is backed by an X.509 certificate chain. ~200 million active certificates on the web today (thanks largely to Let's Encrypt's free automated issuance)
• Email signing (S/MIME): Digitally sign and encrypt emails using X.509 certificates. Used by governments, enterprises, and anyone who needs verifiable email identities
• Code signing: Microsoft Authenticode, Apple Developer ID, and Android APK signing all use X.509 certificates to prove software hasn't been tampered with
• Document signing: PDF signatures (PAdES), XML signatures (XAdES), and CAdES all use X.509 as the identity layer
• Government IDs: ePassports, national ID cards, and PIV cards (US government) use X.509 certificates with embedded chips
• IoT device identity: Many IoT protocols use client certificates to authenticate devices to cloud backends — your smart thermostat has a certificate

▸ History — X.509 Since 1988

• 1988: The ITU-T publishes X.509, part of the X.500 directory services standard. Originally designed for directory authentication, not the web.
• 1993 (v2): Adds directory access control. Still pre-internet-scale.
• 1996 (v3): The big one. Adds extensions — the ability to add custom fields like Subject Alternative Names, Key Usage, and Basic Constraints. This is what made X.509 usable for HTTPS.
• 1999: TLS 1.0 (and SSL 3.0 before it) adopts X.509v3 for server authentication. The web finally has a trust infrastructure.
• 2000s: Commercial CAs (VeriSign, Thawte, Entrust) dominate. Certificates cost $100–$1000/year. HTTPS is optional and expensive.
• 2015: Let's Encrypt launches — free, automated, open. Certificates go from expensive luxuries to free commodities. HTTPS adoption explodes from ~30% to >95%.
• 2020s: Certificate Transparency becomes mandatory (all CAs must log every certificate). 90-day certificate lifetimes become the norm. Post-quantum certificate standards are being developed.

▸ Key Terms

• PEM: Base64-encoded DER with header/footer delimiters. The most common format for certificates in configuration files and web servers.
• DER: Raw binary ASN.1 encoding (TLV format). What CAs actually sign. Smaller than PEM, but not human-readable.
• ASN.1: The schema language that defines the certificate structure. Think of it as JSON Schema for 1988.
• CA (Certificate Authority): A trusted organization that issues certificates. Examples: Let's Encrypt, DigiCert, GlobalSign, IdenTrust.
• SAN (Subject Alternative Name): The extension that lists which domains a certificate is valid for. Replaced the CN field for domain validation.
• Chain of Trust: The path from a leaf certificate through intermediates to a trusted root. If any link is broken, the certificate is untrusted.