PKCS
From Wikipedia, the free encyclopedia
In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA Security.
RSA Data Security Inc was assigned the licensing rights for the patent (which expired in 2000) on the RSA asymmetric key algorithm and acquired the licensing rights to several other key patents as well (e.g., the Schnorr patent). As such, RSA Security, and its research division, RSA Labs, were interested in promoting and facilitating the use of public-key techniques. To that end, they developed the PKCS standards. They retained control over them, announcing that they would make changes/improvements as they deemed necessary, and so the PKCS standards were not, in a significant sense, actual industry standards, despite the name. Some, but not all, have in recent years begun to move into 'standards track' processes with one or more of the standards organizations (notably, the IETF PKIX working group).
| Version | Name | Comments | |
|---|---|---|---|
| PKCS #1 | 2.1 | RSA Cryptography Standard | See RFC 3447. Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. |
| PKCS #2 | - | Withdrawn | No longer active. Covered RSA encryption of message digests, but was merged into PKCS #1. |
| PKCS #3 | 1.4 | Diffie-Hellman Key Agreement Standard | A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. |
| PKCS #4 | - | Withdrawn | No longer active. Covered RSA key syntax, but was merged into PKCS #1. |
| PKCS #5 | 2.0 | Password-based Encryption Standard | See RFC 2898 and PBKDF2. |
| PKCS #6 | 1.5 | Extended-Certificate Syntax Standard | Defines extensions to the old v1 X.509 certificate specification. Obsoleted by v3 of the same. |
| PKCS #7 | 1.5 | Cryptographic Message Syntax Standard | See RFC 2315. Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS#10 message). Formed the basis for S/MIME, which is now based on RFC 3852, an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. |
| PKCS #8 | 1.2 | Private-Key Information Syntax Standard. | Used to carry private certificate keypairs (encrypted or unencrypted). |
| PKCS #9 | 2.0 | Selected Attribute Types | Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests. |
| PKCS #10 | 1.7 | Certification Request Standard | See RFC 2986. Format of messages sent to a certification authority to request certification of a public key. See certificate signing request. |
| PKCS #11 | 2.20 | Cryptographic Token Interface (Cryptoki) | An API defining a generic interface to cryptographic tokens (see also Hardware Security Module). Often used for single sign-on and smartcard [1]. |
| PKCS #12 | 1.0 | Personal Information Exchange Syntax Standard | Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS#12.
This is a container format that can contain multiple embedded objects, e.g. multiple certificates. Usually protected/encrypted with a password. Can be used as a format for the Java key store. Can be used by Tomcat, but NOT by Apache. |
| PKCS #13 | – | Elliptic Curve Cryptography Standard | (Under development.) |
| PKCS #14 | – | Pseudo-random Number Generation | (Under development.) |
| PKCS #15 | 1.1 | Cryptographic Token Information Format Standard | Defines a standard allowing users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other API. RSA has relinquished IC-card-related parts of this standard to ISO/IEC 7816-15 [2]. |
[edit] See also
[edit] References
- ^ Secude: "White Papers on Smartcard-based Single Sign-on".
- ^ RSA Laboratories: "PKCS #15: Cryptographic Token Information Format Standard".
- Jean-Sébastien Coron, Marc Joye, David Naccache, and Pascal Paillier, New Attacks on PKCS #1 v1.5 Encryption, EUROCRYPT 2000, pp. 69-381. [1].
[edit] External links
- RSA Security's page on PKCS.
- PSS (Probabilistic Signature Scheme).
- PKCS#12 FAQ by Stephen Henson of the OpenSSL team.
