As public-key cryptography begins to see wide application and acceptance one thing is increasingly clear: If it is going to be as effective as the underlying technology allows it to be, there must be interoperability standards. Even though vendors may agree on the basic public-key techniques, compatibility between implementations is by no means guaranteed. Interoperability requires strict adherence to an agreed-upon standard format for transferred data. The standards described here provide such a basis for interoperability.
RSA calls the standards described here "Public-Key Cryptography Standards," or "PKCS" for short. The standards consist of a number of components, including PKCS #1, #3, #5, #6, #7, #8, #9, #10 and #12. (PKCS #2 and #4 are no longer active; both have been incorporated into the current PKCS #1). For more information on the PKCS standards,consult the RSA Public-Key Cryptography Standards.
The standards presented here evolved from the following broad design goals:
PKCS describes the syntax for messages in an abstract manner, and gives complete details about algorithms. However, it does not specify how messages are to be represented, though BER is the logical choice. Thus PKCS implementations are free to exchange messages in any manner, depending on character set, record size constraints, and the like, as long as the abstract meaning of the messages can be preserved from sender to recipient.
The following is a description of the PKCS packages. Note that the IBM PKCS packages require Java 2 and a cryptographic provider to run. The PKCS packages were tested with the IBM JCE provider.
The pkcs1 package is an implementation of the RSA Encryption Standard as described in PKCS #1 Version 1.5.
The pkcs5 package is an implementation of the PBKDF1 and PBES1 algorithms described in PKCS#5 Version 2.0. PKCS #5 describes a method for encrypting an octet string with a secret key derived from a password (i.e. password-based encryption standard).
The pkcs7 package is an implementation of PKCS #7 Version 1.5. PKCS #7 describes a general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes. The IBM PKCS implementation supports all the content types defined in this standard, such as Data, SignedData, and EnvelopedData.
The pkcs8 package is an implementation of PKCS #8 Version 1.2. PKCS #8 describes a syntax for private-key information. Private-key information includes a private key for some public-key algorithm and a set of attributes.
The pkcs9 package is an implementation of PKCS #9 Version 1.1 (with a number of version 2.0 enhancements). This package includes object representations for the attributes described in the PKCS #9 specifications. PKCS #9 attributes are used in PKCS #7, #8, and #10.
The pkcs10 package is an implementation of PKCS #10 Version 1.0. PKCS #10 describes a syntax for certification requests. A certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification.
The pkcs12 package is an implementation of PKCS #12 Version 1.0. PKCS #12 describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions.
The pkcsutil package provides supporting classes for the various PKCS classes.
The S/MIME package provides supporting classes for the
encoding and decoding of S/MIME messages.
For more information see S/MIME Home.