Posted by arlene

Without standards and protocols, a juggernaut like PKI would become unmanageable. For a real-life example, look at the U.S. railroad system in its earlier days. Different railroad companies were using different size rails, and different widths between the rails. This made it impossible for a train to make it cross-country, and in some cases, across regions. In the end, it cost millions of dollars to standardize on a particular type of track.

To avoid this type of disaster, a set of standards was developed early on for PKI. The Public-Key Cryptography Standards (PKCS) are standard protocols used for securing the exchange of information through PKI.The list of PKCS standards was created by RSA laboratories, the same group that developed the original RSA encryption standard, along with a consortium of corporations including Microsoft, Sun, and Apple. The list of active PKCS standards (gaps in the sequence below are due to standards that have become inactive since they were originally published) is as follows:

• PKCS #1: RSA Cryptography Standard Outlines the encryption of data using the RSA algorithm. The purpose of the RSA Cryptography Standard is in the development of digital signatures and digital envelopes. PKCS #1 also describes a syntax for RSA public keys and private keys. The public-key syntax is used for certificates, while the private-key syntax is used for encrypting private keys.
• PKCS #3: Diffie-Hellman Key Agreement StandardOutlines the use of the DiffieHellman Key Agreement, a method of sharing a secret key between two parties. The secret key is used to encrypt ongoing data transfer between the two parties. Whitfield Diffie and Martin Hellman developed the Diffie-Hellman algorithm in the 1970s as the first public asymmetric cryptographic system (asymmetric cryptography was invented in the United Kingdom earlier in the same decade, but was classified as a military secret). Diffie-Hellman overcomes the issues of symmetric key systems, because management of the keys is less difficult.
• PKCS #5: Password-based Cryptography StandardA method for encrypting a string with a secret key that is derived from a password. The result of the method is an octet string (a sequence of 8-bit values). PKCS #8 is primarily used for encrypting private keys when they are being transmitted between computers.
• PKCS #6: Extended-certificate Syntax StandardDeals with extended certificates. Extended certificates are made up of the X.509 certificate plus additional attributes. The additional attributes and the X.509 certificate can be verified using a single public-key operation. The issuer that signs the extended certificate is the same as the one that signs the X.509 certificate.
• PKCS #7: Cryptographic Message Syntax StandardThe foundation for Secure/Multipurpose Internet Mail Extensions (S/MIME) standard. Is also compatible with Privacy-Enhanced Mail (PEM) and can be used in several different architectures of key management.
• PKCS #8: Private-key Information Syntax Standard Describes a method of communication for private-key information that includes the use of public-key algorithms and additional attributes (similar to PKCS #6). In this case, the attributes can be a DN or a root CA’s public key.
• PKCS #9: Selected Attribute Types Defines the types of attributes for use in extended certificates (PKCS #6), digitally signed messages (PKCS #7), and private-key information (PKCS #8).
• PKCS #10: Certification Request Syntax Standard Describes a syntax for certification requests. A certification request consists of a DN, a public key, and additional attributes. Certification requests are sent to a CA, which then issues the certificate.
• PKCS #11: Cryptographic Token Interface Standard Specifies an application program interface (API) for token devices that hold encrypted information and perform cryptographic functions, such as Smart Cards and Universal Serial Bus (USB) pigtails.
• PKCS #12: Personal Information Exchange Syntax Standard Specifies a portable format for storing or transporting a user’s private keys and certificates.Ties into both PKCS #8 (communication of private-key information) and PKCS #11 (Cryptographic Token Interface Standard). Portable formats include diskettes, Smart Cards, and Personal Computer Memory Card International Association (PCMCIA) cards. On Microsoft Windows platforms, PKCS #12 format files are generally given the extension .pfx. On other platforms, other extensions may be used, including .pkcsl2. PKCS #12 is the best standard format to use when exchanging private keys and certificates between systems.

PKI standards and protocols are living documents, meaning they are always changing and evolving. Additional standards are proposed every day, but before they are accepted as standards they are put through rigorous testing and scrutiny.

Possibly related posts: (automatically generated)
Cryptography (Public-Key) Standards and Protocols Notice

• Security Facilities in Java
• Java Database, J2EE Framework
• Network and Programming: the .Net framework
• VBScript and JScript continue...
• HTML Coding for different E-mail Reader Platforms
• Client-Side Scripting
• Public key Cryptography, when can be seriously Attack
• VBScript and JScript
• Adding JavaScript to the HTML Form
• Apple Macbook Air Laptop