From: bu...@chirality.rsa.com (Burt Kaliski)
Subject: PKCS: Public-Key Cryptography Standards
Date: 21 Jun 91 20:28:00 GMT
Sender: ne...@athena.mit.edu (News system)
Organization: RSA Data Security, Inc.
RSA Data Security, Inc. is pleased to announce PKCS: Public-Key
Cryptography Standards, a suite of standards for public-key
cryptography developed jointly with representatives of industry and
universities. PKCS covers RSA encryption, Diffie-Hellman key
agreement, password-based encryption, extended-certificate syntax,
cryptographic enhancement syntax, and private-key information syntax.
As public-key cryptography begins to see wide application and
acceptance one thing is increasingly clear: If it is going to be as
effective as the underlying technology allows it to be, there must be
interoperable standards. Even though vendors may agree on the basic
public-key techniques, compatibility between implementations is by no
means guaranteed. Interoperability requires strict adherence to an
agreed-upon standard format for transferred data. PKCS provides such
a basis for interoperability.
The standards presented here evolved from the following broad design
1. To maintain compatibility with PEM (the Internet Privacy Enhanced
Mail standard) wherever possible, at least to the extent of being
able to share certificates and to translate encrypted and/or
signed messages back and forth between PEM and PKCS.
2. To extend beyond PEM in being able to handle arbitrary binary
data (not just ASCII data), to handle a richer set of attributes
in (extended) certificates, to handle Diffie-Hellman key
agreement, and to handle a richer set of features in digitally
signed and enveloped data.
3. To propose a standard suitable for incorporation in future OSI
(Open Systems Interconnection) standards. The standards here are
based on the use of OSI standard ASN.1 (Abstract Syntax Notation
One) and BER (Basic Encoding Rules) to describe and represent
PKCS describes the syntax for messages in an abstract manner, and
gives complete details about algorithms. However, it does not specify
how messages are to be represented, though BER is the logical choice.
Thus PKCS implementations are free to exchange messages in any
manner, depending on character set, record size constraints, and the
like, as long as the abstract meaning of the messages can be
preserved from sender to recipient.
The PKCS standards are offered by RSA Data Security to developers of
computer systems employing public-key technology. It is RSA Data
Security's intention to improve and refine the standards in
conjunction with computer system developers, with the goal of
producing standards that most if not all developers adopt.
The role of RSA Data Security in the standards-making process is
1. Publish carefully written documents describing the standards.
2. Retain sole decision-making authority on what each standard is.
This includes arbitrary object identifier choices, etc.
3. Solicit opinions and advice from developers on useful or
necessary changes and extensions.
4. Publish revised standards when appropriate.
5. Provide implementation guides and/or reference implementations.
The PKCS suite includes the following documents, each of which is
available by anonymous ftp from <rsa.com>:
RSA Data Security, Inc. PKCS #1: RSA Encryption Standard.
Version 1.4, June 1991. (pub/pkcs/pkcs-1.ps)
RSA Data Security, Inc. PKCS #3: Diffie-Hellman Key-Agreement
Standard. Version 1.3, June 1991. (pub/pkcs/pkcs-3.ps)
RSA Data Security, Inc. PKCS #5: Password-Based Encryption
Standard. Version 1.4, June 1991. (pub/pkcs/pkcs-5.ps)
RSA Data Security, Inc. PKCS #6: Extended-Certificate Syntax
Standard. Version 1.4, June 1991. (pub/pkcs/pkcs-6.ps)
RSA Data Security, Inc. PKCS #7: Cryptographic Message Syntax
Standard. Version 1.4, June 1991. (pub/pkcs/pkcs-7.ps)
RSA Data Security, Inc. PKCS #8: Private-Key Information Syntax
Standard. Version 1.1, June 1991. (pub/pkcs/pkcs-8.ps)
RSA Data Security, Inc. PKCS #9: Selected Attribute Types.
Version 1.0, June 1991. (pub/pkcs/pkcs-9.ps)
(PKCS #2 and #4 have been superseded by other members of the suite.)
Also available are an overview, examples, and a layman's guide to
ASN.1, BER and DER:
Burton S. Kaliski Jr. An Overview of the PKCS Standards. RSA
Data Security, Inc., June 1991. (pub/pkcs/overview.ps)
Burton S. Kaliski Jr. Some Examples of the PKCS Standards. RSA
Data Security, Inc., June 1991. (pub/pkcs/examples.ps)
Burton S. Kaliski Jr. A Layman's Guide to a Subset of ASN.1, BER
and DER. RSA Data Security, Inc., June 19 1.
Paper copies can be obtained at a nominal charge from PKCS Editor,
RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA,
94065. Phone: (415) 595-8782.