|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
Many of the ANSI X9 standards first
appeared in standards documents published by a cryptographic systems
vendor, and are known as the RSA Data Security, Inc. Public-Key Cryptography
Standards (PKCS) series. The first of these were published before public-key
cryptography was a mainstream technology, and the series is still under
development RSA invites comments and submissions from others.
When vendors refer to products that meet the PKCS #3 or
PKCS #10 standards, they are referring to these documents,
which can be obtained from RSAs web site.402
In practice as an IT professional,
you probably wont need to know the details of the contents of
these standards to get your work done. Still, its useful to be
able to recognize some of the more popular standards like PKCS #1, PKCS
#3 and PKCS #10 when they appear in vendor literature, and know that
that means the products employing these standards are interoperable
with others that also employ the same standards.
The current standards in the PKCS series are, with explanations from RSA403, are:
PKCS #1 RSA Cryptography Standard
Describes the RSA encryption algorithm, syntax for public and private keys used by it, and signature algorithms combining MD2, MD4 and MD5 hashes with RSA encryption.
(Incorporated into #1)
PKCS #3 Diffie-Hellman Key Agreement Standard
Describes the Diffie-Hellman key agreement protocol, with which two parties, without any prior arrangement, can agree on a secret key for message encryption and decryption. The Diffie-Hellman Key Agreement Standard is useful because it enables agreement on the secret key without that key being transmitted from one user to the other and thus being subject to eavesdropping.
(Incorporated into #1)
PKCS #5 Password-Based Cryptography Standard
Describes a method for encrypting octet strings with a secret key derived from a password. It was developed as a means of encrypting private keys for secure transfer from one system to another, using a combination of the DES symmetric algorithm, and MD2 or MD5 hashes.
PKCS #6 Extended-Certificate Syntax Standard
Describes the syntax for an extended digital certificate consisting of an X.509 standard public-key certificate and a set of extended attributes, which is encrypted in a single encryption operation. The extended attributes may include data like the users email address.
PKCS #7 Cryptographic Message Syntax Standard
Describes syntax for data which may have encryption applied to it, such as digital signatures. It allows for encryption of data that has already been encrypted, allowing for signing of pre-encrypted messages. This is the standard which specifies what a digitally signed message consists of.
PKCS #8 Private-Key Information Syntax Standard
Describes syntax for private key information, a set of associated attributes (such as a Certificate Authoritys name) and encrypted (possibly via PKCS #5) private keys.
PKCS #9 Selected Attribute Types
Defines some attribute types that may be used in PKCS #6, #7 and #8.
PKCS #10 Certification Request Syntax Standard
Describes the syntax for requesting a digital certificate, including data such as a distinguished name, public key, etc. which is sent to a CA, who then transforms the provided data into an X.509 public-key certificate or PKCS #6 extended certificate for the requester.
PKCS #11 Cryptographic Token Interface Standard
Describes an API, Cryptoki, used to access devices such as smart cards that hold key information and/or perform cryptographic functions.
PKCS #12 Personal Information Exchange Syntax Standard
Describes a portable format for storing or transporting a users private keys, certificates, miscellaneous secrets, etc.
PKCS #13 Elliptical Curve Cryptography Standard
Describes elliptical curve cryptography (still under development), which is intended to improve on current public-key cryptographic methods by providing a similar degree of security with reduced key sizes.
PKCS #15 Cryptographic Token Information Format Standard
Describes a standard for using cryptographic tokens to identify oneself to multiple standards-aware applications, regardless of the applications specific token interface provider, such as Cryptoki.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.