Question 166. What is PKCS?

The Public-Key Cryptography Standards (PKCS) is a set of standards for public-key cryptography, developed by RSA Laboratories in cooperation with an informal consortium, originally including Apple, Microsoft, DEC, Lotus, Sun and MIT. PKCS has been cited by the OIW (OSI Implementors' Workshop) as a method for implementation of OSI standards. PKCS is compatible with PEM (see Question 130) but extends beyond PEM. For example, where PEM can only handle ASCII data, PKCS is designed for binary data as well. PKCS is also compatible with the ITU-T X.509 standard (see Question 165). The published standards are PKCS #1, #3, #5, #6, #7, #8, #9, #10 and #11.

PKCS includes both algorithm-specific and algorithm-independent implementation standards. Algorithms supported include RSA (see Question 8) and Diffie-Hellman key exchange (see Question 24), among many others. However, only RSA and Diffie-Hellman are specifically detailed. It also defines an algorithm-independent syntax for digital signatures (see Question 3), digital envelopes (for encryption, see Question 16), and extended certificates; this enables someone implementing any cryptographic algorithm whatsoever to conform to a standard syntax, and thus achieve interoperability. Documents detailing the PKCS standards can be obtained at RSA Data Security's FTP server (accessible from <> or via anonymous ftp to <> or by sending e-mail to <>).

It is RSA Laboratories' intention to revise the PKCS documents from time to time to keep track of new developments in cryptography and data security, as well as to transition the documents into open standards development efforts as opportunities arise.