PKCS
Encyclopedia
In cryptography
, PKCS refers to a group of public-key cryptography
standards devised and published by RSA Security
.
RSA Data Security Inc
(founded in 1982) was assigned the licensing rights for the patent
(which expired in 2000) on the RSA asymmetric key algorithm
and acquired the licensing rights to several other key patents as well (the Schnorr
patent, for example). As such, RSA Security and its research division, RSA Labs, had an interest in promoting and facilitating the use of public-key techniques. To that end, they developed (from the early 1990s onwards) the PKCS standards. They retained control over them, announcing that they would make changes/improvements as they deemed necessary, and so the PKCS standards were not, in a significant sense, actual industry standards, despite the name. Some, but not all, have in recent years begun to move into "standards track" processes with one or more of the relevant standards organization
s (notably, the IETF PKIX working group).
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, PKCS refers to a group of public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
standards devised and published by RSA Security
RSA Security
RSA, the security division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
.
RSA Data Security Inc
RSA Security
RSA, the security division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
(founded in 1982) was assigned the licensing rights for the patent
Patent
A patent is a form of intellectual property. It consists of a set of exclusive rights granted by a sovereign state to an inventor or their assignee for a limited period of time in exchange for the public disclosure of an invention....
(which expired in 2000) on the RSA asymmetric key algorithm
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
and acquired the licensing rights to several other key patents as well (the Schnorr
Schnorr signature
In cryptography, a Schnorr signature is a digital signature produced by the Schnorr signature algorithm. Its security is based on the intractability of certain discrete logarithm problems. It is considered the simplest digital signature scheme to be provably secure in a random oracle model . It is...
patent, for example). As such, RSA Security and its research division, RSA Labs, had an interest in promoting and facilitating the use of public-key techniques. To that end, they developed (from the early 1990s onwards) the PKCS standards. They retained control over them, announcing that they would make changes/improvements as they deemed necessary, and so the PKCS standards were not, in a significant sense, actual industry standards, despite the name. Some, but not all, have in recent years begun to move into "standards track" processes with one or more of the relevant standards organization
Standards organization
A standards organization, standards body, standards developing organization , or standards setting organization is any organization whose primary activities are developing, coordinating, promulgating, revising, amending, reissuing, interpreting, or otherwise producing technical standards that are...
s (notably, the IETF PKIX working group).
| Version | Name | Comments | |
|---|---|---|---|
| PKCS #1 PKCS1 In cryptography, PKCS#1 is the first of a family of standards called Public-Key Cryptography Standards , published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography... |
2.1 | RSA Cryptography Standard | See RFC 3447. Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. |
| PKCS #2 | - | Withdrawn | No longer active . Covered RSA encryption of message digests; subsequently merged into PKCS #1. |
| PKCS #3 | 1.4 | Diffie–Hellman Key Agreement Standard | A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. |
| PKCS #4 | - | Withdrawn | No longer active . Covered RSA key syntax; subsequently merged into PKCS #1. |
| PKCS #5 | 2.0 | Password-based Encryption Standard | See RFC 2898 and PBKDF2 PBKDF2 PBKDF2 is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898... . |
| PKCS #6 | 1.5 | Extended-Certificate Syntax Standard | Defines extensions to the old v1 X.509 X.509 In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation... certificate specification. Obsoleted by v3 of the same. |
| PKCS #7 Cryptographic Message Syntax The Cryptographic Message Syntax is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data.... |
1.5 | Cryptographic Message Syntax Standard | See RFC 2315. Used to sign and/or encrypt messages under a PKI Public key infrastructure Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate... . Used also for certificate dissemination (for instance as a response to a PKCS#10 message). Formed the basis for S/MIME S/MIME S/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc... , which is based on RFC 5652, an updated Cryptographic Message Syntax Standard Cryptographic Message Syntax The Cryptographic Message Syntax is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data.... (CMS). Often used for single sign-on Single sign-on Single sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them... . |
| PKCS #8 | 1.2 | Private-Key Information Syntax Standard | See RFC 5208. Used to carry private certificate keypairs (encrypted or unencrypted). |
| PKCS #9 | 2.0 | Selected Attribute Types | See RFC 2985. Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests. |
| PKCS #10 | 1.7 | Certification Request Standard | See RFC 2986. Format of messages sent to a certification authority to request certification of a public key. See certificate signing request Certificate signing request In public key infrastructure systems, a certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate... . |
| PKCS #11 PKCS11 In cryptography, PKCS #11 is one of the family of standards called Public-Key Cryptography Standards , published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules and smart cards... |
2.20 | Cryptographic Token Interface | Also known as "Cryptoki". An API defining a generic interface to cryptographic tokens (see also Hardware Security Module Hardware Security Module A hardware security module is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications... ). Often used in single sign-on Single sign-on Single sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them... , Public-key cryptography Public-key cryptography Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private... and disk encryption Disk encryption Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem... systems. |
| PKCS #12 PKCS12 In cryptography, PKCS #12 is one of the family of standards called Public-Key Cryptography Standards , published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key, and is... |
1.0 | Personal Information Exchange Syntax Standard | Defines a file format commonly used to store private keys with accompanying public key certificate Public key certificate In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth... s, protected with a password-based symmetric key. PFX is a predecessor to PKCS#12. This container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password. Usable as a format for the Java key store and to establish client authentication certificates in Mozilla Firefox. Usable by Apache Tomcat Apache Tomcat Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation... , but not by Apache HTTP Server Apache HTTP Server The Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone... . |
| PKCS #13 | – | Elliptic Curve Cryptography Elliptic curve cryptography Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S... Standard |
(Under development .) |
| PKCS #14 | – | Pseudo-random Number Generation Pseudorandom number generator A pseudorandom number generator , also known as a deterministic random bit generator , is an algorithm for generating a sequence of numbers that approximates the properties of random numbers... |
(Under development .) |
| PKCS #15 | 1.1 | Cryptographic Token Information Format Standard | Defines a standard allowing users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other API. RSA has relinquished IC-card-related parts of this standard to ISO/IEC 7816-15. |
External links
- RSA Security's page on PKCS
- What is PKCS? (chapter 5.3.3 of PKCS)
- About PKCS (appendix G from
RFC 3447 )