Basic certificate and key format, which represents pure certificate and key data in binary ASN.1 notation.
Certificates and keys are stored separately.
Some implementations encode the DER format to base64 text encoding (and sometimes even with UTF16), but this is not standard-compliant.
PEM:
Certificate and private key format, which includes base64-encoded DER data and optional text headers , enclosed into special begin and end marks.
Private keys can be encrypted using DES (tripleDES) agorithm.
Certificate and key can be saved to one file.
The file can even contain several certificates and keys.
PEM format is used by OpenSSL package.
PFX (PKCS#12):
Binary file format, which allows storing of one or more certificates and associated private keys in one file in encrypted form.
The keys are encrypted with password. Microsoft's implementation of PFX loader doesn't support TripleDES encryption, so you need to care about this issue when you save the certificate for further use with Microsoft software.
SPC, PKCS#7:
Binary file format, which allows storing of certificates only (no private keys).
Several certificates can be saved in one file.
Private keys are usually saved to a separate file in DER or PVK format.
Some implementations encode the PKCS#7 format to base64 text encoding (and sometimes even with UTF16), but this is not standard-compliant.
PVK:
Binary file format for storing private keys with password-based encryption.
NET (PKCS#8):
Binary file format for storing private keys with optional encryption.
MS:
Binary format for key management, used by CryptoAPI (MSPUBLICKEYBLOB and MSPRIVATEKEYBLOB).
