Appendix 6: Encoding and Decoding with Hexadecimal, Binary, and Base64
Applies To: Windows Server 2003 with SP1
In many cases, data that must be inserted in a certificate or certificate request must be converted from a human-readable format into a computer-readable format. The most important formats to understand when working with X.509 certificates are hexadecimal, binary, and Base64. Since it is time-consuming to perform data conversions manually, this capability is natively provided with certutil.exe.
As mentioned previously, certutil.exe comes in two versions. In the following table, V1 represents the Windows 2000 version and V2 represents the Windows Server 2003 version.
| From | To Hexadecimal | To Binary | To Base64 |
|---|---|---|---|
Hexadecimal |
n/a |
V1: -decodehex V2: -decodehex |
n/a |
Binary |
V1: n/a V2: -encodehex |
n/a |
V1: -encode V2: -encode |
Base64 |
n/a |
V1: -decode V2: -decode |
n/a |
The table illustrates that you cannot convert data directly from Base64 into hexidecimal, and vice versa. However, you can use binary as an intermediate format to perform this kind of conversion. The reqdccert.vbs script in Appendix 2: Sample Scripts leverages the conversion capabilities of certutil.exe to perform the work on behalf of the administrator, without requiring programming knowledge. For example, to convert an ASN.1 BLOB into a Base64 format (which is required for the certreq.exe INF instruction file), the script uses certutil.exe to automate the following commands.
certutil –decodehex <dcname>.asn <dcname>.bin
certutil –encode <dcname>.bin <dcname>.b64