PKCS : Java Glossary

RSA (Rivest, Shamir and Adelman) PKCS Standards
PKCS#1	n/a	n/a	n/a	The RSA encryption standard. This standard defines mechanisms for encrypting and signing data using the RSA public key system. Cipher sometimes uses PCKS#1 padding.
PKCS#2	n/a	n/a	n/a	Obsolete. Now part of PKCS#2.
PKCS#3	n/a	n/a	n/a	Defines the Diffie-Hellman key agreement protocol. Allows two parties who have never exchanged anything before to negotiate a common secret key to use for encrypted message exchanges.
PKCS#4	n/a	n/a	n/a	Obsolete. Now part of PKCS#2.
PKCS#5	n/a	n/a	n/a	The password-based encryption standard (PBE (Password Based Encryption)). This describes a method to generate a Secret Key based on a password.
PKCS#6	n/a	n/a	n/a	The extended-certificate syntax standard. This is currently being phased out in favor of X509 v3.
PKCS#7				The cryptographic message syntax standard. This defines a generic syntax for messages which have cryptography applied to it. Imported by a browser to add to list of trusted certificates or signing authorities. cacerts. is not in this format.
PKCS#8				The private-key information syntax standard. This defines a method to store Private Key Information.
PKCS#9	n/a	n/a	n/a	This defines selected attribute types for use in other PKCS standards. Defines the field names for data in a certificate the signing authority attests to, e.g. facsimileTelephoneNumber, stateOrProvinceName, iSDNAddress, streetAddress, localityName, supportedApplicationContext surname, telephoneNumber, organizationName,teletexTerminalIdentifier physicalDeliveryOfficeName, telexNumber postalAddress, title, postalCode, x121Address, postOfficeBox.
PKCS#10				The certification request syntax standard. This describes a syntax for certification requests.
PKCS#11 / CryptoKi				The cryptographic token interface standard. This defines a technology independent programming interface for cryptographic devices such as smartcards.
PKCS#12				The personal information exchange syntax standard. This describes a portable format for storage and transportation of user private keys, certificates etc. Where a developer stores his code signing keys. .keystore is not in this format, though Java also supports PCKS#12 keystore format.
PKCS#13	n/a	n/a	n/a	The elliptic curve cryptography standard. This describes mechanisms to encrypt and sign data using elliptic curve cryptography.
PKCS#14	n/a	n/a	n/a	This covers pseudo random number generation (PRNG). This is currently under active development.
PKCS#15	n/a	n/a	n/a	The cryptographic token information format standard. This describes a standard for the format of cryptographic credentials stored on cryptographic tokens.

RSA (Rivest, Shamir and Adelman) PKCS Standards

Type

Holds Multiple Certificates?

Holds Private Keys?

Password Required?

Notes

PKCS#1

n/a

The RSA encryption standard. This standard defines mechanisms for encrypting and signing data using the RSA public key system. Cipher sometimes uses PCKS#1 padding.

PKCS#2

n/a

Obsolete. Now part of PKCS#2.

PKCS#3

n/a

Defines the Diffie-Hellman key agreement protocol. Allows two parties who have never exchanged anything before to negotiate a common secret key to use for encrypted message exchanges.

PKCS#4

n/a

Obsolete. Now part of PKCS#2.

PKCS#5

n/a

The password-based encryption standard (PBE (Password Based Encryption)). This describes a method to generate a Secret Key based on a password.

PKCS#6

n/a

The extended-certificate syntax standard. This is currently being phased out in favor of X509 v3.

PKCS#7

The cryptographic message syntax standard. This defines a generic syntax for messages which have cryptography applied to it. Imported by a browser to add to list of trusted certificates or signing authorities. cacerts. is not in this format.

PKCS#8

The private-key information syntax standard. This defines a method to store Private Key Information.

PKCS#9

n/a

This defines selected attribute types for use in other PKCS standards. Defines the field names for data in a certificate the signing authority attests to, e.g. facsimileTelephoneNumber, stateOrProvinceName, iSDNAddress, streetAddress, localityName, supportedApplicationContext surname, telephoneNumber, organizationName,teletexTerminalIdentifier physicalDeliveryOfficeName, telexNumber postalAddress, title, postalCode, x121Address, postOfficeBox.

PKCS#10

The certification request syntax standard. This describes a syntax for certification requests.

PKCS#11 / CryptoKi

The cryptographic token interface standard. This defines a technology independent programming interface for cryptographic devices such as smartcards.

PKCS#12

The personal information exchange syntax standard. This describes a portable format for storage and transportation of user private keys, certificates etc. Where a developer stores his code signing keys. .keystore is not in this format, though Java also supports PCKS#12 keystore format.

PKCS#13

n/a

The elliptic curve cryptography standard. This describes mechanisms to encrypt and sign data using elliptic curve cryptography.

PKCS#14

n/a

This covers pseudo random number generation (PRNG). This is currently under active development.

PKCS#15

n/a

The cryptographic token information format standard. This describes a standard for the format of cryptographic credentials stored on cryptographic tokens.

Learning More

sunpkcs11.jar

ext

Oracle’s Technote Guide on PKCS#11 : available:

on the web at Oracle.com
in the current JDK 1.7.0_04 on your local Windows J: drive.

Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green :

. If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that. Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it. If you disagree with something I said, please quote it and cite the web page where you found it, tell me why you think it is wrong, and, if possible, provide some supporting evidence. Threatening to kill me or spouting obscenities has yet to persuade me to change my mind.

	You can get the freshest copy of this page from:	or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
	http://mindprod.com/jgloss/pkcs.html	J:\mindprod\jgloss\pkcs.html
	Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : . If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that. Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it. If you disagree with something I said, please quote it and cite the web page where you found it, tell me why you think it is wrong, and, if possible, provide some supporting evidence. Threatening to kill me or spouting obscenities has yet to persuade me to change my mind.
	Canadian Mind Products
	mindprod.com IP:[65.110.21.43]
view Blog	Your face IP:[38.107.179.212]
Feedback	You are visitor number 15,028.