.pem文件是否包含私钥和公钥?

PEM文件可能几乎包含任何内容，包括公钥，私钥或两者，因为PEM文件不是标准文件.实际上，PEM仅表示文件包含base64编码的数据位.它被称为PEM文件，因为它引用了S/MIME作为邮件安全标准之前的旧的Privacy-Enhanced Mail标准.这些标准以特定的base64格式指定了各种密钥和消息的格式.例如，请参见 RFC 1421 .

A PEM file may contain just about anything including a public key, a private key, or both, because a PEM file is not a standard. In effect PEM just means the file contains a base64-encoded bit of data. It is called a PEM file by allusion to the old Privacy-Enhanced Mail standards which preceded S/MIME as a mail security standard. These standards specified the format of various keys and messages in a particular base64 format. See RFC 1421 for example.

通常，PEM文件包含base64编码的密钥或证书，其标题行和页脚行的格式为-----BEGIN <whatever>-----和-----END <whatever>----.随着时间的流逝，<whatever>的发展可能性很多，包括私钥，公钥，X509证书，PKCS7数据，包含多个证书的文件，同时包含私钥和X509证书的文件，PKCS#10证书签名请求等.

Typically a PEM file contains a base64 encoded key or certificate with header and footer lines of the form -----BEGIN <whatever>----- and -----END <whatever>----. Over time there have evolved many possibilities for <whatever>, including private keys, public keys, X509 certificates, PKCS7 data, files containing multiple certificates, files containing both the private key and the X509 certificate, PKCS#10 certificate signing requests, ...

RFC 7468 已被记录为这种实际格式.

RFC 7468 has been written to document this de facto format.