Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
PKCS
open-in-new
<p>Public Key Cryptography Standards (PKCS) are a group of <a href="/facts/Public-key_cryptography/gowoFTxS">public-key cryptography</a> standards devised and published by <a href="/facts/RSA_Security/s8kfo2SF">RSA Security</a> LLC, starting in the early 1990s. The company published the standards to promote the use of the cryptography techniques for which they had <a href="/facts/Patent/LjT2bG3A">patents</a>, such as the <a href="/facts/RSA_algorithm/XTzyfHuq">RSA algorithm</a>, the <a href="/facts/Schnorr_signature/YUqfT85P">Schnorr signature</a> algorithm and several others. Though not <a href="/facts/List_of_computer_standards/hlqw537E">industry standards</a> (because the company retained control over them), some of the standards have begun to move into the "<a href="/facts/Standards_track/LT6VEfhg">standards track</a>" processes of relevant <a href="/facts/Standards_organization/8o7wGeYg">standards organizations</a> in recent years[<i>when?</i>], such as the <a href="/facts/IETF/tIcCsFhX">IETF</a> and the <a href="/facts/PKIX/rs0JuYDd">PKIX</a> working group. </p><p>Key Updates (2023–2024): </p> <ul><li>Integration of <a href="/facts/PKCS_7/fRuXQrR9">PKCS #7</a> and <a href="/facts/PKCS_12/PLwhjewk">PKCS #12</a> into broader standards like S/MIME and TLS.</li> <li>Evolution of <a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a> to support newer hardware and cloud services.</li> <li>Involvement of PKCS standards in post-quantum cryptography efforts, with NIST's ongoing standardization.</li> <li>Growing adoption of PKCS standards in the context of blockchain and digital assets.</li></ul> PKCS Standards Summary<table><tbody><tr><th></th><th>Version</th><th>Name</th><th>Comments</th></tr><tr><th><a href="/facts/PKCS_1/I6JD53RG">PKCS #1</a></th><td>2.2</td><td>RSA Cryptography Standard</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc8017">8017</a>. Defines the mathematical properties and format of RSA public and private keys (<a href="/facts/ASN.1/ryUN7doc">ASN.1</a>-encoded in clear-text), and the basic algorithms and encoding/<a href="/facts/Padding_(cryptography)/okxl18q9">padding</a> schemes for performing RSA encryption, decryption, and producing and verifying signatures.</td></tr><tr><th>PKCS #2</th><td>-</td><td><i>Withdrawn</i></td><td>No longer active as of 2010<a href="https://en.wikipedia.org/w/index.php?title=PKCS&action=edit">[update]</a>. Covered RSA encryption of message digests; subsequently merged into PKCS #1.</td></tr><tr><th>PKCS #3</th><td>1.4</td><td><a href="/facts/Diffie%25E2%2580%2593Hellman_key_exchange/xR4YQcaD">Diffie–Hellman Key Agreement</a> Standard</td><td>A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.</td></tr><tr><th>PKCS #4</th><td>-</td><td><i>Withdrawn</i></td><td>No longer active as of 2010<a href="https://en.wikipedia.org/w/index.php?title=PKCS&action=edit">[update]</a>. Covered RSA key syntax; subsequently merged into PKCS #1.</td></tr><tr><th>PKCS #5</th><td>2.1</td><td>Password-based Encryption Standard</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc8018">8018</a> and <a href="/facts/PBKDF2/nIq55BCh">PBKDF2</a>.</td></tr><tr><th>PKCS #6</th><td>1.5</td><td>Extended-Certificate Syntax Standard</td><td>Defines extensions to the old v1 <a href="/facts/X.509/rs0JuYDd">X.509</a> certificate specification. Obsoleted by v3 of the same.</td></tr><tr><th><a href="/facts/PKCS_7/fRuXQrR9">PKCS #7</a></th><td>1.5</td><td><a href="/facts/Cryptographic_Message_Syntax/IMuBbU9u">Cryptographic Message Syntax</a> Standard</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc2315">2315</a>. Used to sign and/or encrypt messages under a <a href="/facts/Public_key_infrastructure/7fwMLxF4">PKI</a>. Used also for certificate dissemination (for instance as a response to a PKCS #10 message). Formed the basis for <a href="/facts/S%2fMIME/YufdsBt3">S/MIME</a>, which is as of 2010<a href="https://en.wikipedia.org/w/index.php?title=PKCS&action=edit">[update]</a> based on <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc5652">5652</a>, an updated <a href="/facts/Cryptographic_Message_Syntax/IMuBbU9u">Cryptographic Message Syntax Standard</a> (CMS). Often used for <a href="/facts/Single_sign-on/qqqLoB8h">single sign-on</a>.</td></tr><tr><th><a href="/facts/PKCS_8/psr9e3Xe">PKCS #8</a></th><td>1.2</td><td>Private-Key Information Syntax Standard</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc5958">5958</a>. Used to carry private certificate keypairs (encrypted or unencrypted).</td></tr><tr><th>PKCS #9</th><td>2.0</td><td>Selected Attribute Types</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc2985">2985</a>. Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests.</td></tr><tr><th><a href="/facts/PKCS_10/0zvqmz2S">PKCS #10</a></th><td>1.7</td><td>Certification Request Standard</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc2986">2986</a>. Format of messages sent to a <a href="/facts/Certification_authority/WAo8vMTN">certification authority</a> to request certification of a public key. See <a href="/facts/Certificate_signing_request/0zvqmz2S">certificate signing request</a>.</td></tr><tr><th><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></th><td>3.0</td><td>Cryptographic Token Interface</td><td>Also known as "Cryptoki". An <a href="/facts/API/GMlN4vUr">API</a> defining a generic interface to <a href="/facts/Cryptographic_token/0WuyTkFo">cryptographic tokens</a> (see also <a href="/facts/Hardware_security_module/dhpo8qoR">hardware security module</a>). Often used in <a href="/facts/Single_sign-on/qqqLoB8h">single sign-on</a>, <a href="/facts/Public-key_cryptography/gowoFTxS">public-key cryptography</a> and <a href="/facts/Disk_encryption/v7E50jGw">disk encryption</a> systems. RSA Security has turned over further development of the PKCS #11 standard to the <a href="http://www.oasis-open.org/committees/pkcs11/">OASIS PKCS 11 Technical Committee</a>.</td></tr><tr><th><a href="/facts/PKCS_12/PLwhjewk">PKCS #12</a></th><td>1.1</td><td>Personal Information Exchange Syntax Standard</td><td>See <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc7292">7292</a>. Defines a file format commonly used to store <a href="/facts/Private_key/gowoFTxS">private keys</a> with accompanying <a href="/facts/Public_key_certificate/J7aYI4Bx">public key certificates</a>, protected with a password-based <a href="/facts/Symmetric_key/5zfe0b76">symmetric key</a>. PFX is a predecessor to PKCS #12.<p>This container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password. Usable as a format for the <a href="/facts/Java_KeyStore/Nh2pGjfD">Java KeyStore</a> and to establish client authentication certificates in Mozilla Firefox. Usable by <a href="/facts/Apache_Tomcat/psmVfM2B">Apache Tomcat</a>.</p></td></tr><tr><th>PKCS #13</th><td>–</td><td><a href="/facts/Elliptic-curve_cryptography/YbjcXIWk">Elliptic-curve cryptography</a> Standard</td><td><i>(Apparently abandoned, only reference is a proposal from 1998.)</i></td></tr><tr><th>PKCS #14</th><td>–</td><td><a href="/facts/Pseudorandom_number_generator/sIrCxIBq">Pseudo-random Number Generation</a></td><td><i>(Apparently abandoned, no documents exist.)</i></td></tr><tr><th>PKCS #15</th><td>1.1</td><td>Cryptographic Token Information Format Standard</td><td>Defines a standard allowing users of <a href="/facts/Cryptographic_token/0WuyTkFo">cryptographic tokens</a> to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other <a href="/facts/API/GMlN4vUr">API</a>. RSA has relinquished IC-card-related parts of this standard to <a href="/facts/ISO%2fIEC_7816/elBdXa4k">ISO/IEC 7816</a>-15.</td></tr></tbody></table>