PKCS : Java Glossary


PKCS (Public-Key Cryptography Standards) A series of standards for digital certificates for code signing, SSL (Secure Sockets Layer) encryption etc.
RSA PKCS Standards
Type Holds Multiple Certificates? Holds Private Keys? Password Required? Notes
PKCS#1 n/a n/a n/a The RSA encryption standard. This standard defines mechanisms for encrypting and signing data using the RSA public key system. Cipher sometimes uses PCKS#1 padding.
PKCS#2 n/a n/a n/a Obsolete. Now part of PKCS#2.
PKCS#3 n/a n/a n/a Defines the Diffie-Hellman key agreement protocol. Allows two parties who have never exchanged anything before to negotiate a common secret key to use for encrypted message exchanges.
PKCS#4 n/a n/a n/a Obsolete. Now part of PKCS#2.
PKCS#5 n/a n/a n/a The password-based encryption standard (PBE (Password Based Encryption) ). This describes a method to generate a Secret Key based on a password.
PKCS#6 n/a n/a n/a The extended-certificate syntax standard. This is currently being phased out in favor of X509 v3.
PKCS#7 The cryptographic message syntax standard. This defines a generic syntax for messages which have cryptography applied to it. Imported by a browser to add to list of trusted certificates or signing authorities. cacerts. is not in this format.
PKCS#8 The private-key information syntax standard. This defines a method to store Private Key Information.
PKCS#9 n/a n/a n/a This defines selected attribute types for use in other PKCS standards. Defines the field names for data in a certificate the signing authority attests to, e.g. facsimileTelephoneNumber, stateOrProvinceName, iSDNAddress, streetAddress, localityName, supportedApplicationContext surname, telephoneNumber, organizationName,teletexTerminalIdentifier physicalDeliveryOfficeName, telexNumber postalAddress, title, postalCode, x121Address, postOfficeBox.
PKCS#10 The certification request syntax standard. This describes a syntax for certification requests.
PKCS#11 / CryptoKi The cryptographic token interface standard. This defines a technology independent programming interface for cryptographic devices such as smartcards.
PKCS#12 The personal information exchange syntax standard. This describes a portable format for storage and transportation of user private keys, certificates etc. Where a developer stores his code signing keys. .keystore is not in this format, though Java also supports PCKS#12 keystore format.
PKCS#13 n/a n/a n/a The elliptic curve cryptography standard. This describes mechanisms to encrypt and sign data using elliptic curve cryptography.
PKCS#14 n/a n/a n/a This covers pseudo random number generation (PRNG). This is currently under active development.
PKCS#15 n/a n/a n/a The cryptographic token information format standard. This describes a standard for the format of cryptographic credentials stored on cryptographic tokens.

Learning More

To use Oracle’s PKCS#11 code, make sure you have sunpkcs11.jar in the ext directory.
Oracle’s Technote Guide on PKCS#11 : available:

keyman: a more user-friendly cacerts manipulator
KeyTool IUI: third party GUI version of keytool
PKCS Standards

This page is posted
on the web at:

Optional Replicator mirror
on local hard disk J:

Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number