# PKCS

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/PKCS
> Markdown URL: https://mediated.wiki/source/PKCS.md
> Source: https://en.wikipedia.org/wiki/PKCS
> Source revision: 1352539979
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Group of public-key cryptography standards

For technical reasons, titles such as "PKCS #1" redirect here. For links to individual articles, see the table below.

This article is about public-key cryptography standards. For the human gene involved in cholesterol metabolism, see [PCSK9](/source/PCSK9).

This article needs to be updated. Please help update this article to reflect recent events or newly available information. (March 2024)

**Public Key Cryptography Standards** (**PKCS**) are a group of [public-key cryptography](/source/Public-key_cryptography) intervendor standards first developed by [RSA Security](/source/RSA_Security), with involvement from [Apple](/source/Apple_Inc.), [Digital](/source/Digital_Equipment_Corporation), [Lotus Development](/source/Lotus_Development), [Microsoft](/source/Microsoft), [MIT](/source/Massachusetts_Institute_of_Technology), [Northern Telecom](/source/Nortel), and [Sun Microsystems](/source/Sun_Microsystems), first published in June 1991.[1]

The PKCS series of standards began development internally at RSA Laboratories in March 1991 with the "broad design goals" of maintaining compatibility with existing [Privacy-Enhanced Mail](/source/Privacy-Enhanced_Mail) (PEM) protocol certificates, allow handling of arbitrary data, adding richer information in certificate attributes, supporting [Diffie-Hellman key exchange](/source/Diffie-Hellman_key_exchange), and creating protocols to be some day incorporated into [International Telecommunication Union](/source/International_Telecommunication_Union) X.200 standards by basing it on existing ITU-T standards such as [ASN.1](/source/ASN.1) and [BER](/source/Basic_Encoding_Rules). [2] PKCS then taken by RSA to the US [National Institute of Standards and Technology](/source/National_Institute_of_Standards_and_Technology)'s Open Systems Interconnection Workshop, an organization created in 1983 by NIST at the request of industry to provide a forum for industry co-operation in computer interconnection protocols. Development of the PKCS protocols was undertaken in the 1991 sessions of the OSI Workshop under the Security Special Interest Group chaired by [Trusted Information Systems](/source/Trusted_Information_Systems). However, PKCS did not appear in the final OSI Workshop yearly publication [3] [4] and was instead published as an OSI working document, the first publicly available version of the protocols.[2] Though not [industry standards](/source/List_of_computer_standards) because the company retained control over them, some of the standards have moved into the "[standards track](/source/Standards_track)" processes of relevant [standards organizations](/source/Standards_organization) since May 1997,[5] such as the [IETF](/source/IETF) and the [PKIX](/source/PKIX) working group.

**Key Updates (2023–2025):**

- Integration of [PKCS #7](/source/PKCS_7) and [PKCS #12](/source/PKCS_12) into broader standards like S/MIME and TLS.

- Evolution of [PKCS #11](/source/PKCS_11) to support newer hardware and cloud services; support for NIST's [ML-DSA](/source/ML-DSA) and [ML-KEM](/source/ML-KEM).

- Involvement of PKCS standards in post-quantum cryptography efforts, with NIST's ongoing standardization.

- Growing adoption of PKCS standards in the context of blockchain and digital assets.

PKCS Standards Summary Version Name Comments PKCS #1 2.2 RSA Cryptography Standard[6] See RFC 8017. Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. PKCS #2 - Withdrawn No longer active. Covered RSA encryption of message digests; subsequently merged into PKCS #1 by PKCS#1 v1.5 in 1993. PKCS #3 1.4 Diffie–Hellman Key Agreement Standard[7] A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. PKCS #4 - Withdrawn No longer active. Covered RSA key syntax; subsequently merged into PKCS #1 by PKCS#1 v1.5 in 1993. PKCS #5 2.1 Password-based Encryption Standard[8][9] See RFC 8018 and PBKDF2. PKCS #6 1.5 Extended-Certificate Syntax Standard[10] Defines extensions to the old v1 X.509 certificate specification. Obsoleted by v3 of the same. PKCS #7 1.5 Cryptographic Message Syntax Standard[11] See RFC 2315. Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS #10 message). Formed the basis for S/MIME, which is as of 2010[update] based on RFC 5652, an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. PKCS #8 2.0 Private-Key Information Syntax Standard[12] See RFC 5958. Used to carry private and public keys (encrypted or unencrypted). PKCS #9 2.0 Selected Attribute Types[13] See RFC 2985. Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests. PKCS #10 1.7 Certification Request Standard[14] See RFC 2986. Format of messages sent to a certification authority to request certification of a public key. See certificate signing request. PKCS #11 3.2 Cryptographic Token Interface[15] Also known as "Cryptoki". An API defining a generic interface to cryptographic tokens (see also hardware security module). Often used in single sign-on, public-key cryptography and disk encryption[16] systems. RSA Security has turned over further development of the PKCS #11 standard to the OASIS PKCS 11 Technical Committee. PKCS #12 1.1 Personal Information Exchange Syntax Standard[17] See RFC 7292. Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS #12. This container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password. Usable as a format for the Java KeyStore and to establish client authentication certificates in Mozilla Firefox. Usable by Apache Tomcat. PKCS #13 – Elliptic-curve cryptography Standard (Apparently abandoned, only reference is a proposal from 1998.) PKCS #14 – Pseudo-random Number Generation (Apparently abandoned, no documents exist.) PKCS #15 1.1 Cryptographic Token Information Format Standard[18] Defines a standard allowing users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other API. RSA has relinquished IC-card-related parts of this standard to ISO/IEC 7816-15.[19]

## See also

- [Cryptographic Message Syntax](/source/Cryptographic_Message_Syntax)

## References

1. **[^](#cite_ref-1)** ["PKCS"](https://web.archive.org/web/19970607025757/http://www.rsa.com/rsalabs/pubs/PKCS/index.html). *rsa.com*. RSA Laboratories. Archived from [the original](http://www.rsa.com/rsalabs/pubs/PKCS/index.html) on June 7, 1997. Retrieved February 24, 2026.

1. ^ [***a***](#cite_ref-overview_2-0) [***b***](#cite_ref-overview_2-1) Kaliski Jr., Burton S. (November 1, 1993). ["An Overview of the PKCS Standards"](https://web.archive.org/web/19970728092142/http://www.rsa.com/rsalabs/pubs/PKCS/ascii/overview.asc). *rsa.com*. RSA Laboratories. Archived from [the original](http://www.rsa.com/rsalabs/pubs/PKCS/ascii/overview.asc) on July 28, 1997. Retrieved March 25, 2026.

1. **[^](#cite_ref-3)** Boland, Tim (December 1991). [*Stable Implementation Agreements for Open Systems Interconnection Protocols Version 5 Edition 1*](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-202p1.pdf) (PDF). Gaithersburg, MD: United States Department of Commerce, Technology Administration, National Institute of Standards and Technology. Retrieved March 25, 2026.

1. **[^](#cite_ref-4)** Boland, Tim (December 1991). [*Stable Implementation Agreements for Open Systems Interconnection Protocols Version 5 Edition 1 \[Part 2\]*](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-202p2.pdf) (PDF). Gaithersburg, MD: United States Department of Commerce, Technology Administration, National Institute of Standards and Technology. Retrieved March 26, 2026.

1. **[^](#cite_ref-5)** ["PKCS #1: RSA Encryption Version 1.5"](https://datatracker.ietf.org/doc/draft-hoffman-pkcs-rsa-encrypt/history/). *ietf.org*. IETF. Retrieved February 24, 2026.

1. **[^](#cite_ref-6)** ["PKCS #1: RSA Cryptography Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-rsa-cryptography-standard.htm). RSA Laboratories.

1. **[^](#cite_ref-7)** ["PKCS #3: Diffie-Hellman Key Agreement Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-3-diffie-hellman-key-agreement-standar.htm). RSA Laboratories.

1. **[^](#cite_ref-8)** ["PKCS #5: Password-Based Cryptography Standard"](https://web.archive.org/web/20150407110829/https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-5-password-based-cryptography-standard.htm). RSA Laboratories. Archived from [the original](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-5-password-based-cryptography-standard.htm) on April 7, 2015.

1. **[^](#cite_ref-9)** ["PKCS #5 v2.0: Password-Based Cryptography Standard"](https://www.foo.be/docs/opensst/ref/pkcs/pkcs-5v2/pkcs5v2-0.pdf) (PDF). RSA Laboratories. March 25, 1999. Retrieved May 30, 2024.

1. **[^](#cite_ref-10)** ["PKCS #6: Extended-Certificate Syntax Standard"](https://www.emc.com/emc-plus/rsa-labs/standars-initiatives/pkcs-6-extended-certificate-syntax-standard.htm). RSA Laboratories.

1. **[^](#cite_ref-11)** ["PKCS #7: Cryptographic Message Syntax Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-7-cryptographic-message-syntax-standar.htm). RSA Laboratories.

1. **[^](#cite_ref-12)** ["PKCS #8: Private-Key Information Syntax Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-8-private-key-information-syntax-stand.htm). RSA Laboratories.

1. **[^](#cite_ref-13)** ["PKCS #9: Selected Attribute Types"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-9-selected-attribute-types.htm). RSA Laboratories.

1. **[^](#cite_ref-14)** ["PKCS #10: Certification Request Syntax Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs10-certification-request-syntax-standard.htm). RSA Laboratories.

1. **[^](#cite_ref-15)** ["PKCS #11: Cryptographic Token Interface Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm). RSA Laboratories.

1. **[^](#cite_ref-16)** [Security Token/Smartcard Support](http://www.freeotfe.org/docs/Main/pkcs11_support.htm) in [FreeOTFE](/source/FreeOTFE)

1. **[^](#cite_ref-17)** ["PKCS #12: Personal Information Exchange Syntax Standard"](https://web.archive.org/web/20140401120450/http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs12-personal-information-exchange-syntax-standard.htm). RSA Laboratories. Archived from [the original](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs12-personal-information-exchange-syntax-standard.htm) on April 1, 2014.

1. **[^](#cite_ref-18)** ["PKCS #15: Cryptographic Token Information Format Standard"](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-15-cryptographic-token-information-format.htm). RSA Laboratories.

1. **[^](#cite_ref-19)** RSA Laboratories: "[PKCS #15: Cryptographic Token Information Format Standard](https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-15-cryptographic-token-information-format.htm)".

**General**

- Jean-Sébastien Coron, Marc Joye, [David Naccache](/source/David_Naccache), and Pascal Paillier (2000). ["New Attacks on PKCS #1 v1.5 Encryption"](https://www.iacr.org/archive/eurocrypt2000/1807/18070374-new.pdf) (PDF). [EUROCRYPT](/source/EUROCRYPT). pp. 369–381.{{[cite web](https://en.wikipedia.org/wiki/Template:Cite_web)}}: CS1 maint: multiple names: authors list ([link](https://en.wikipedia.org/wiki/Category:CS1_maint:_multiple_names:_authors_list))

## External links

- [About PKCS](https://tools.ietf.org/html/rfc3447#page-70) (appendix G from RFC 3447)

- [OASIS PKCS 11 TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11) (technical committee home page)

- [*An Overview of the PKCS Standards: An RSA Laboratories Technical Note*](https://web.archive.org/web/19970728092142/http://www.rsa.com/rsalabs/pubs/PKCS/ascii/overview.asc), November 1993

v t e PKCS PKCS #1 (RSA) PKCS #2 PKCS #3 (DH key exchange) PKCS #4 PKCS #5 (Key derivation from password) PKCS #6 PKCS #7 (Message format) PKCS #8 (Private key format) PKCS #9 PKCS #10 (CSR) PKCS #11 (Hardware library API) PKCS #12 (Private certificate format) PKCS #13 PKCS #14 PKCS #15 (Hardware metadata)

v t e Cryptography General History of cryptography Outline of cryptography Classical cipher Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Secure Hash Algorithms Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Machines Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network Mathematics Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography Category

---
Adapted from the Wikipedia article [PKCS](https://en.wikipedia.org/wiki/PKCS) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/PKCS?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.