PKCS: Public-Key Cryptography Standards

Path: gmdzi!unido!unidui!math.fu-berlin.de!ira.uka.de!
sol.ctr.columbia.edu!spool.mu.edu!snorkelwacker.mit.edu!
bloom-picayune.mit.edu!athena.mit.edu!burt
From: bu...@chirality.rsa.com (Burt Kaliski)
Newsgroups: sci.crypt
Subject: PKCS: Public-Key Cryptography Standards
Message-ID: <BURT.91Jun21152800@chirality.rsa.com>
Date: 21 Jun 91 20:28:00 GMT
Sender: ne...@athena.mit.edu (News system)
Distribution: sci
Organization: RSA Data Security, Inc.
Lines: 109

RSA Data Security, Inc. is pleased to announce PKCS: Public-Key
Cryptography Standards, a suite of standards for public-key
cryptography developed jointly with representatives of industry and
universities. PKCS covers RSA encryption, Diffie-Hellman key
agreement, password-based encryption, extended-certificate syntax,
cryptographic enhancement syntax, and private-key information syntax.
 
As public-key cryptography begins to see wide application and
acceptance one thing is increasingly clear: If it is going to be as
effective as the underlying technology allows it to be, there must be
interoperable standards. Even though vendors may agree on the basic
public-key techniques, compatibility between implementations is by no
means guaranteed. Interoperability requires strict adherence to an
agreed-upon standard format for transferred data. PKCS provides such
a basis for interoperability.
 
The standards presented here evolved from the following broad design
goals: 
 
1.  To maintain compatibility with PEM (the Internet Privacy Enhanced
    Mail standard) wherever possible, at least to the extent of being
    able to share certificates and to translate encrypted and/or
    signed messages back and forth between PEM and PKCS.
 
2.  To extend beyond PEM in being able to handle arbitrary binary
    data (not just ASCII data), to handle a richer set of attributes
    in (extended) certificates, to handle Diffie-Hellman key
    agreement, and to handle a richer set of features in digitally
    signed and enveloped data.
 
3.  To propose a standard suitable for incorporation in future OSI
    (Open Systems Interconnection) standards. The standards here are
    based on the use of OSI standard ASN.1 (Abstract Syntax Notation
    One) and BER (Basic Encoding Rules) to describe and represent
    data.
 
PKCS describes the syntax for messages in an abstract manner, and
gives complete details about algorithms. However, it does not specify
how messages are to be represented, though BER is the logical choice.
Thus PKCS implementations are free to exchange messages in any
manner, depending on character set, record size constraints, and the
like, as long as the abstract meaning of the messages can be
preserved from sender to recipient.
 
The PKCS standards are offered by RSA Data Security to developers of
computer systems employing public-key technology. It is RSA Data
Security's intention to improve and refine the standards in
conjunction with computer system developers, with the goal of
producing standards that most if not all developers adopt.
 
The role of RSA Data Security in the standards-making process is
five-fold:
 
1.  Publish carefully written documents describing the standards.
 
2.  Retain sole decision-making authority on what each standard is.
    This includes arbitrary object identifier choices, etc.
 
3.  Solicit opinions and advice from developers on useful or
    necessary changes and extensions.
 
4.  Publish revised standards when appropriate.
 
5.  Provide implementation guides and/or reference implementations.
 
The PKCS suite includes the following documents, each of which is
available by anonymous ftp from <rsa.com>:
 
     RSA Data Security, Inc. PKCS #1: RSA Encryption Standard.
     Version 1.4, June 1991. (pub/pkcs/pkcs-1.ps)
 
     RSA Data Security, Inc. PKCS #3: Diffie-Hellman Key-Agreement
     Standard. Version 1.3, June 1991. (pub/pkcs/pkcs-3.ps)
 
     RSA Data Security, Inc. PKCS #5: Password-Based Encryption
     Standard. Version 1.4, June 1991. (pub/pkcs/pkcs-5.ps)
 
     RSA Data Security, Inc. PKCS #6: Extended-Certificate Syntax
     Standard. Version 1.4, June 1991. (pub/pkcs/pkcs-6.ps)
 
     RSA Data Security, Inc. PKCS #7: Cryptographic Message Syntax
     Standard. Version 1.4, June 1991. (pub/pkcs/pkcs-7.ps)
 
     RSA Data Security, Inc. PKCS #8: Private-Key Information Syntax
     Standard. Version 1.1, June 1991. (pub/pkcs/pkcs-8.ps)
 
     RSA Data Security, Inc. PKCS #9: Selected Attribute Types.
     Version 1.0, June 1991. (pub/pkcs/pkcs-9.ps)
 
(PKCS #2 and #4 have been superseded by other members of the suite.)
Also available are an overview, examples, and a layman's guide to
ASN.1, BER and DER:
 
     Burton S. Kaliski Jr. An Overview of the PKCS Standards. RSA
     Data Security, Inc., June 1991. (pub/pkcs/overview.ps)
 
     Burton S. Kaliski Jr. Some Examples of the PKCS Standards. RSA
     Data Security, Inc., June 1991. (pub/pkcs/examples.ps)
 
     Burton S. Kaliski Jr. A Layman's Guide to a Subset of ASN.1, BER
     and DER. RSA Data Security, Inc., June 19 1.
     (pub/pkcs/layman.ps)
 
Paper copies can be obtained at a nominal charge from PKCS Editor,
RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA,
94065. Phone: (415) 595-8782.