PKCS
Group of public-key cryptography standards
title: "PKCS" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["cryptography-standards", "public-key-cryptography", "standards-of-the-united-states"] description: "Group of public-key cryptography standards" topic_path: "technology/cryptography" source: "https://en.wikipedia.org/wiki/PKCS" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0
::summary Group of public-key cryptography standards ::
::callout[type=note] public-key cryptography standards ::
Public Key Cryptography Standards (PKCS) are a group of public-key cryptography standards devised and published by RSA Security LLC, starting in the early 1990s. The company published the standards to promote the use of the cryptography techniques for which they had patents, such as the RSA algorithm, the Schnorr signature algorithm and several others. Though not industry standards (because the company retained control over them), some of the standards have begun to move into the "standards track" processes of relevant standards organizations in recent years, such as the IETF and the PKIX working group.
Key Updates (2023–2024):
- Integration of PKCS #7 and PKCS #12 into broader standards like S/MIME and TLS.
- Evolution of PKCS #11 to support newer hardware and cloud services.
- Involvement of PKCS standards in post-quantum cryptography efforts, with NIST's ongoing standardization.
- Growing adoption of PKCS standards in the context of blockchain and digital assets.
::data[format=table title="'''PKCS Standards Summary'''"]
| Version | Name | Comments | PKCS #1 | PKCS #2 | PKCS #3 | PKCS #4 | PKCS #5 | PKCS #6 | PKCS #7 | PKCS #8 | PKCS #9 | PKCS #10 | PKCS #11 | PKCS #12 | PKCS #13 | PKCS #14 | PKCS #15 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2.2 | RSA Cryptography Standard | title = PKCS #1: RSA Cryptography Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-rsa-cryptography-standard.htm | publisher = RSA Laboratories | See . Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. | ||||||||||||
| - | Withdrawn | No longer active . Covered RSA encryption of message digests; subsequently merged into PKCS #1. | |||||||||||||||
| 1.4 | Diffie–Hellman Key Agreement Standard | title = PKCS #3: Diffie-Hellman Key Agreement Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-3-diffie-hellman-key-agreement-standar.htm | publisher = RSA Laboratories | A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. | ||||||||||||
| - | Withdrawn | No longer active . Covered RSA key syntax; subsequently merged into PKCS #1. | |||||||||||||||
| 2.1 | Password-based Encryption Standard | title = PKCS #5: Password-Based Cryptography Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-5-password-based-cryptography-standard.htm | url-status = dead | archive-url = https://web.archive.org/web/20150407110829/https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-5-password-based-cryptography-standard.htm | archive-date = 2015-04-07 | publisher = RSA Laboratories | title = PKCS #5 v2.0: Password-Based Cryptography Standard | url = https://www.foo.be/docs/opensst/ref/pkcs/pkcs-5v2/pkcs5v2-0.pdf | access-date = May 30, 2024 | date = March 25, 1999 | publisher = RSA Laboratories | See and PBKDF2. | ||||
| 1.5 | Extended-Certificate Syntax Standard | title = PKCS #6: Extended-Certificate Syntax Standard | url = https://www.emc.com/emc-plus/rsa-labs/standars-initiatives/pkcs-6-extended-certificate-syntax-standard.htm | publisher = RSA Laboratories | Defines extensions to the old v1 X.509 certificate specification. Obsoleted by v3 of the same. | ||||||||||||
| 1.5 | Cryptographic Message Syntax Standard | title = PKCS #7: Cryptographic Message Syntax Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-7-cryptographic-message-syntax-standar.htm | publisher = RSA Laboratories | See . Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS #10 message). Formed the basis for S/MIME, which is based on , an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. | ||||||||||||
| 1.2 | Private-Key Information Syntax Standard | title = PKCS #8: Private-Key Information Syntax Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-8-private-key-information-syntax-stand.htm | publisher = RSA Laboratories | See . Used to carry private certificate keypairs (encrypted or unencrypted). | ||||||||||||
| 2.0 | Selected Attribute Types | title = PKCS #9: Selected Attribute Types | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-9-selected-attribute-types.htm | publisher = RSA Laboratories | See . Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests. | ||||||||||||
| 1.7 | Certification Request Standard | title = PKCS #10: Certification Request Syntax Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs10-certification-request-syntax-standard.htm | publisher = RSA Laboratories | See . Format of messages sent to a certification authority to request certification of a public key. See certificate signing request. | ||||||||||||
| 3.0 | Cryptographic Token Interface | title = PKCS #11: Cryptographic Token Interface Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm | publisher = RSA Laboratories | Also known as "Cryptoki". An API defining a generic interface to cryptographic tokens (see also hardware security module). Often used in single sign-on, public-key cryptography and disk encryption systems. RSA Security has turned over further development of the PKCS #11 standard to the OASIS PKCS 11 Technical Committee. | ||||||||||||
| 1.1 | Personal Information Exchange Syntax Standard | See . Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS #12. | |||||||||||||||
| – | Elliptic-curve cryptography Standard | (Apparently abandoned, only reference is a proposal from 1998.) | |||||||||||||||
| – | Pseudo-random Number Generation | (Apparently abandoned, no documents exist.) | |||||||||||||||
| 1.1 | Cryptographic Token Information Format Standard | title = PKCS #15: Cryptographic Token Information Format Standard | url = https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-15-cryptographic-token-information-format.htm | publisher = RSA Laboratories | Defines a standard allowing users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other API. RSA has relinquished IC-card-related parts of this standard to ISO/IEC 7816-15. | ||||||||||||
| :: |
References
;General
References
- [http://www.freeotfe.org/docs/Main/pkcs11_support.htm Security Token/Smartcard Support] in [[FreeOTFE]]
::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::