Appendix A. Public Key Cryptography Standards
The Public-Key Cryptography Standards or PKCS are specifications produced by RSA Laboratories in cooperation with secure system developers. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS series specifications have become widely referenced and implemented. Contributions from this series have become part of many formal and de facto standards, including ANSI X9 documents, PKIX, SET, S/MIME, and SSL.
PKCS specifications often use ASN.1 to specify the syntax of digital content. To minimize errors due to typographical mistakes, specifications typically include ASN.1 description as a separate ASCII file. These files, as well as the specifications themselves can be obtained from http://www.rsasecurity.com/rsalabs/pkcs/index.html.
Table A-1 summarizes the most commonly used PKCS series specifications.
| PKCS Specification | Brief Description |
|---|---|
| PKCS #1: RSA Cryptography Standard | Contains recommendations for the implementation of public-key cryptography based on the RSA algorithm. It covers cryptographic primitives, encryption schemes, signature schemes, and ASN.1 syntax for representing keys and for identifying the schemes. |
| PKCS #3: Diffie-Hellman Key Agreement Standard | Describes a method for implementing Diffie-Hellman key agreement. The intended application of this standard is in protocols for establishing secure communications. |
| PKCS #5: Password-Based Cryptography Standard | Provides recommendations for the implementation of password-based cryptography, covering key derivation functions, encryption schemes, and message authentication schemes. |
| PKCS #6: Extended-Certificate Syntax Standard | Describes syntax for extended certificates, consisting of a certificate and a set of attributes, collectively signed by the issuer of the certificate. The intended application of this standard is to extend the certification process beyond just the public key to certify other information about the given entity. |
| PKCS #7: Cryptographic Message Syntax Standard | This standard describes general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes. |
| PKCS #8: Private-Key Information Syntax Standard | Describes syntax for private-key information, including a private key for some public-key algorithms and a set of attributes. The standard also describes syntax for encrypted private keys. |
| PKCS #9: Selected Attribute Types | Defines selected attribute types for use in PKCS #6 Extended Certificates, PKCS #7 Digitally-Signed messages, PKCS #8 Private-Key Information, and PKCS #10 Certificate Signing Requests. |
| PKCS #10: Certification Request Syntax Standard | Describes syntax for a request for certification of a public key, a name, and possibly a set of attributes. |
| PKCS #11: Cryptographic Token Interface Standard | Specifies an API, called Cryptoki (pronounced crypto-key), to devices which hold cryptographic information and perform cryptographic functions. |
| PKCS #12: Personal Information Exchange Syntax Standard | Specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, and so on. |
| Source:
http://www.rsasecurity.com/rsalabs/pkcs/index.html Notes: PKCS #2 and PKCS #4 have been incorporated into PKCS #1. An overview of PKCS specifications can be found in an online document available at ftp://ftp.rsasecurity.com/pub/pkcs/ascii/overview.asc. | |