Hi friends and seniors ,
I am going to make a kdm dcp ....using dcpomatic. The theatre guys have sent me 3 files. One is .crt , second is chain .crt and third is .pem file.
Please explain more about them and its individual use.
Which one has to be used to generate KDM ?
Thanks in advance
More Info of .pem and .crt files
-
scorpio81
- Posts: 116
- Joined: Mon May 09, 2016 7:19 am
Re: More Info of .pem and .crt files
Hi!
What are the names of these certificate files?
What are the names of these certificate files?
-
Carsten
- Posts: 2665
- Joined: Tue Apr 15, 2014 9:11 pm
- Location: Germany
Re: More Info of .pem and .crt files
You only need the PEM file. I advise to read the manual carefully about encryption.
- Carsten
- Carsten
-
kmeh7
- Posts: 75
- Joined: Tue Jun 28, 2016 6:05 am
Re: More Info of .pem and .crt files
Hi
They gave 3 files as their server certificate. I used .pem file , made a dcp and succesfully tested a dcp with kdm at the theatre ( kudos dcpomatic ) .
My question is what are the othet two files. ?? It has some .crt extension.
All 3 files are attached. I had to zip it cos i uploaded via mobile.
Thanks in advance.
Kmeh7
They gave 3 files as their server certificate. I used .pem file , made a dcp and succesfully tested a dcp with kdm at the theatre ( kudos dcpomatic ) .
My question is what are the othet two files. ?? It has some .crt extension.
All 3 files are attached. I had to zip it cos i uploaded via mobile.
Thanks in advance.
Kmeh7
You do not have the required permissions to view the files attached to this post.
-
scorpio81
- Posts: 116
- Joined: Mon May 09, 2016 7:19 am
Re: More Info of .pem and .crt files
These 3 files are:
cert_chain_Dolby256-CAT862-624330.pem - this is certificate chain in following order: leaf, intermediate, root. All Base64-encoded. You can use this file with DCP-o-matic, it will use only leaf certificate.
cert_Dolby256-CAT862-624330.der.crt - this is DER-encoded leaf certificate.
cert_Dolby256-CAT862-624330.pem.crt - this is Base64-encoded leaf certificate. Actually it's the only certificate you need to generate KDM but don't forget to delete .crt extension.
cert_chain_Dolby256-CAT862-624330.pem - this is certificate chain in following order: leaf, intermediate, root. All Base64-encoded. You can use this file with DCP-o-matic, it will use only leaf certificate.
cert_Dolby256-CAT862-624330.der.crt - this is DER-encoded leaf certificate.
cert_Dolby256-CAT862-624330.pem.crt - this is Base64-encoded leaf certificate. Actually it's the only certificate you need to generate KDM but don't forget to delete .crt extension.
-
Carsten
- Posts: 2665
- Joined: Tue Apr 15, 2014 9:11 pm
- Location: Germany
Re: More Info of .pem and .crt files
This is copied from a Doremi document. As said, for KDM/DKDM creation, all you need is the single (leaf) device certificate in .pem form.
----
Certificates overview
Certificates are also referrred to as certs, .pem or X509.
PEM versus CRT
These 2 extensions designate the same certificates.
The .CRT files may be binaries or ASCII / the .PEM files are ASCII
It is possible to open a .CRT file on Windows™ with a double click / not a .PEM file
CHAIN
The CHAIN certificates are more complete
They contain all certificates from the root (certificate of the highest certification authority),
diwn to the one from the authority issuing the certificate for the given hardware (Doremi in the case of a Cinema server) through certificates of all midscale organisations.
Some Wrapping software need the CHAIN certs (Cinecert) / others no (DMS2000)
Some companies (Fox) require using the CHAIN certificates to generate KDM’s
Doremi certificates are all now .PEM
PEM definition: acronym of Privacy Enhanced Mail. It’s a safe mail standard (since RFC 1421 to 1424).
MPEG / SHA1 / SHA256
MPEG certificates are for Mpeg encoding (not anymore used in any serious D-Cinema encoding.
SHA1 is now obsolete (Mpeg cert is in fact a Sha1 based encoding)
SHA256 is the certificate now required for KDM generation for JPEG2000 content.
Its security level for SHA256 is much higher than Sha1.
----
Some manufacturers supply even more certificates, e.g. for signing the servers or projectors log reports.
I think most drop the MPEG certs now because no one is creating encrypted MPEG Interop DCPs anymore. Most servers are still able to play MPEG-Interop , both encrypted and unencrypted.
- Carsten
----
Certificates overview
Certificates are also referrred to as certs, .pem or X509.
PEM versus CRT
These 2 extensions designate the same certificates.
The .CRT files may be binaries or ASCII / the .PEM files are ASCII
It is possible to open a .CRT file on Windows™ with a double click / not a .PEM file
CHAIN
The CHAIN certificates are more complete
They contain all certificates from the root (certificate of the highest certification authority),
diwn to the one from the authority issuing the certificate for the given hardware (Doremi in the case of a Cinema server) through certificates of all midscale organisations.
Some Wrapping software need the CHAIN certs (Cinecert) / others no (DMS2000)
Some companies (Fox) require using the CHAIN certificates to generate KDM’s
Doremi certificates are all now .PEM
PEM definition: acronym of Privacy Enhanced Mail. It’s a safe mail standard (since RFC 1421 to 1424).
MPEG / SHA1 / SHA256
MPEG certificates are for Mpeg encoding (not anymore used in any serious D-Cinema encoding.
SHA1 is now obsolete (Mpeg cert is in fact a Sha1 based encoding)
SHA256 is the certificate now required for KDM generation for JPEG2000 content.
Its security level for SHA256 is much higher than Sha1.
----
Some manufacturers supply even more certificates, e.g. for signing the servers or projectors log reports.
I think most drop the MPEG certs now because no one is creating encrypted MPEG Interop DCPs anymore. Most servers are still able to play MPEG-Interop , both encrypted and unencrypted.
- Carsten
-
scorpio81
- Posts: 116
- Joined: Mon May 09, 2016 7:19 am
Re: More Info of .pem and .crt files
The .pem cert can be opened on Windows by changing its extension to .crt (or .cer).
It is ASCII because of Base64 encoding. When decoded it becomes binary.
It is ASCII because of Base64 encoding. When decoded it becomes binary.