Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9  4.4  Standards and Protocols

Previous Topic/Section
Previous Page
Pages in Current Topic/Section
Next Page
Next Topic/Section


Many of the ANSI X9 standards first appeared in standards documents published by a cryptographic systems vendor, and are known as the RSA Data Security, Inc. Public-Key Cryptography Standards (PKCS) series. The first of these were published before public-key cryptography was a mainstream technology, and the series is still under development – RSA invites comments and submissions from others. When vendors refer to products that meet the “PKCS #3” or “PKCS #10” standards, they are referring to these documents, which can be obtained from RSA’s web site.402

In practice as an IT professional, you probably won’t need to know the details of the contents of these standards to get your work done. Still, it’s useful to be able to recognize some of the more popular standards like PKCS #1, PKCS #3 and PKCS #10 when they appear in vendor literature, and know that that means the products employing these standards are interoperable with others that also employ the same standards.


The current standards in the PKCS series are, with explanations from RSA
403, are:

PKCS #1 – RSA Cryptography Standard

Describes the RSA encryption algorithm, syntax for public and private keys used by it, and signature algorithms combining MD2, MD4 and MD5 hashes with RSA encryption.


(Incorporated into #1)

PKCS #3 – Diffie-Hellman Key Agreement Standard

Describes the Diffie-Hellman key agreement protocol, with which two parties, without any prior arrangement, can agree on a secret key for message encryption and decryption. The Diffie-Hellman Key Agreement Standard is useful because it enables agreement on the secret key without that key being transmitted from one user to the other and thus being subject to eavesdropping.


(Incorporated into #1)

PKCS #5 – Password-Based Cryptography Standard

Describes a method for encrypting octet strings with a secret key derived from a password. It was developed as a means of encrypting private keys for secure transfer from one system to another, using a combination of the DES symmetric algorithm, and MD2 or MD5 hashes.

PKCS #6 – Extended-Certificate Syntax Standard

Describes the syntax for an extended digital certificate consisting of an X.509 standard public-key certificate and a set of extended attributes, which is encrypted in a single encryption operation. The extended attributes may include data like the user’s email address.

PKCS #7 – Cryptographic Message Syntax Standard

Describes syntax for data which may have encryption applied to it, such as digital signatures. It allows for encryption of data that has already been encrypted, allowing for signing of pre-encrypted messages. This is the standard which specifies what a digitally signed message consists of.

PKCS #8 – Private-Key Information Syntax Standard

Describes syntax for private key information, a set of associated attributes (such as a Certificate Authority’s name) and encrypted (possibly via PKCS #5) private keys.

PKCS #9 – Selected Attribute Types

Defines some attribute types that may be used in PKCS #6, #7 and #8.

PKCS #10 – Certification Request Syntax Standard

Describes the syntax for requesting a digital certificate, including data such as a distinguished name, public key, etc. which is sent to a CA, who then transforms the provided data into an X.509 public-key certificate or PKCS #6 extended certificate for the requester.

PKCS #11 – Cryptographic Token Interface Standard

Describes an API, Cryptoki, used to access devices such as smart cards that hold key information and/or perform cryptographic functions.

PKCS #12 – Personal Information Exchange Syntax Standard

Describes a portable format for storing or transporting a user’s private keys, certificates, miscellaneous secrets, etc.

PKCS #13 – Elliptical Curve Cryptography Standard

Describes elliptical curve cryptography (still under development), which is intended to improve on current public-key cryptographic methods by providing a similar degree of security with reduced key sizes.

PKCS #15 – Cryptographic Token Information Format Standard

Describes a standard for using cryptographic tokens to identify oneself to multiple standards-aware applications, regardless of the application’s specific token interface provider, such as Cryptoki.




Previous Topic/Section
Previous Page
Pages in Current Topic/Section
Next Page
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.