RSA Laboratories

5.3.3 What is PKCS?

The Public-Key Cryptography Standards (PKCS) are a set of standards for public-key cryptography, developed by RSA Laboratories in cooperation with an informal consortium, originally including Apple, Microsoft, DEC, Lotus, Sun and MIT. The PKCS have been cited by the OIW (OSI Implementers' Workshop) as a method for implementation of OSI standards. The PKCS are designed for binary and ASCII data; PKCS are also compatible with the ITU-T X.509 standard (see Question 5.3.2). The published standards are PKCS #1, #3, #5, #7, #8, #9, #10 #11, #12, and #15; PKCS #13 and #14 are currently being developed.

PKCS includes both algorithm-specific and algorithm-independent implementation standards. Many algorithms are supported, including RSA (see Section 3.1) and Diffie-Hellman key exchange (see Question 3.6.1), however, only the latter two are specifically detailed. PKCS also defines an algorithm-independent syntax for digital signatures, digital envelopes, and extended certificates; this enables someone implementing any cryptographic algorithm whatsoever to conform to a standard syntax, and thus achieve interoperability.

The following are the Public-Key Cryptography Standards (PKCS):

  • PKCS #1 defines mechanisms for encrypting and signing data using the RSA public-key cryptosystem.
  • PKCS #3 defines a Diffie-Hellman key agreement protocol.
  • PKCS #5 describes a method for encrypting a string with a secret key derived from a password.
  • PKCS #6 is being phased out in favor of version 3 of X.509.
  • PKCS #7 defines a general syntax for messages that include
  • cryptographic enhancements such as digital signatures and encryption.
  • PKCS #8 describes a format for private key information. This information includes a private key for some public-key algorithm, and optionally a set of attributes.
  • PKCS #9 defines selected attribute types for use in the other PKCS standards.
  • PKCS #10 describes syntax for certification requests.
  • PKCS #11 defines a technology-independent programming interface, called Cryptoki, for cryptographic devices such as smart cards and PCMCIA cards.
  • PKCS #12 specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc.
  • PKCS #13 is intended to define mechanisms for encrypting and signing data using Elliptic Curve Cryptography.
  • PKCS #14 is currently in development and covers pseudo-random number generation.
  • PKCS #15 is a complement to PKCS #11 giving a standard for the format of cryptographic credentials stored on cryptographic tokens.

It is RSA Laboratories' intention to revise the PKCS documents from time to time to keep track of new developments in cryptography and data security, as well as to transition the documents into open standards development efforts as opportunities arise. Documents detailing the PKCS standards can be obtained at RSA Security's web server, which is accessible from or via anonymous ftp to

Questions and comments can be directed to

Top of the page