Question 166. What is PKCS?

The Public-Key Cryptography Standards (PKCS) is a set of standards for public-key cryptography, developed by RSA Laboratories in cooperation with an informal consortium, originally including Apple, Microsoft, DEC, Lotus, Sun and MIT. PKCS has been cited by the OIW (OSI Implementors' Workshop) as a method for implementation of OSI standards. PKCS is compatible with PEM (see Question 130) but extends beyond PEM. For example, where PEM can only handle ASCII data, PKCS is designed for binary data as well. PKCS is also compatible with the ITU-T X.509 standard (see Question 165). The published standards are PKCS #1, #3, #5, #6, #7, #8, #9, #10 and #11.

PKCS includes both algorithm-specific and algorithm-independent implementation standards. Algorithms supported include RSA (see Question 8) and Diffie-Hellman key exchange (see Question 24), among many others. However, only RSA and Diffie-Hellman are specifically detailed. It also defines an algorithm-independent syntax for digital signatures (see Question 3), digital envelopes (for encryption, see Question 16), and extended certificates; this enables someone implementing any cryptographic algorithm whatsoever to conform to a standard syntax, and thus achieve interoperability. Documents detailing the PKCS standards can be obtained at RSA Data Security's FTP server (accessible from < http://www.rsa.com/> or via anonymous ftp to <ftp.rsa.com> or by sending e-mail to <pkcs@rsa.com>).

• PKCS #1 defines mechanisms for encrypting and signing data using RSA public-key cryptosystem.
• PKCS #3 defines a Diffie-Hellman key agreement protocol.
• PKCS #5 describes a method for encrypting a string with a secret key derived from a password.
• PKCS #6 describes a format for extended certificates. An extended certificate consists of a X.509 certificate (see Question 165) together with a set of attributes signed by the issuer of the certificate. PKCS #6 is being phased out in favor of version 3 of X.509.
• PKCS #7 defines a general syntax for messages that include cryptographic enhancements such as digital signatures and encryption.
• PKCS #8 describes a format for private-key information. This information includes a private key for some public-key algorithm, and optionally a set of attributes.
• PKCS #9 defines selected attribute types for use in the other PKCS standards.
• PKCS #10 describes a syntax for certification requests.
• PKCS #11 defines a technology-independent programming interface, called Cryptoki, for cryptographic devices such as smart cards and PCMCIA cards.

It is RSA Laboratories' intention to revise the PKCS documents from time to time to keep track of new developments in cryptography and data security, as well as to transition the documents into open standards development efforts as opportunities arise.