PKCS及PKCS 15个标准， Public-Key Cryptography Standards

shyrainxy

已于 2023-11-01 20:13:05 修改

阅读量1.9k

点赞数

分类专栏：安全文章标签： rsa pkcs pki pkcs#1 pkcs#8

于 2021-08-27 20:37:24 首次发布

本文链接：https://blog.csdn.net/shyrainxy/article/details/119959949

版权

安全专栏收录该内容

3 篇文章

订阅专栏

PKCS:Public-Key Cryptography Standards
PKCS是一系列的规范，其中#1是最基础的规范：包含了RSA加密、解密、签名验签等所有的内容，当然也包含了私钥的格式；其它规范在在#1的基础上进一步的规范
如PKCS#8就是讲PKCS#1中关于私钥的格式及存储做了更加深入的规范，这种规范保证了私钥的安全性，其实PKCS#1和PKCS#8的私钥内容是一样的，但是存储格式不一样，PKCS#8的存储格式更加安全，因此往往能用PKCS#8尽量用PKCS#8格式。

一共15个，重点关注如下;

PKCS #1: RSA Cryptography Standard

PKCS #1 v2.1 provides standards for implementing RSA algorithm-based public key cryptographic encryption schemes and digital signature schemes with app
定义了RSA公钥函数的基本格式标准，特别是数字签名。它定义了数字签名如何计算，包括待签名数据和签名本身的格式

PKCS #3: Diffie-Hellman Key Agreement Standard (Outdated)

PKCS #3 v1.4 describes a method for implementing Diffie-Hellman key agreement, whereby two parties can agree upon a secret key that is known only to them. PKCS #3 is superseded by modern treatment of key establishment schemes specified in IEEE 1363a (2003), ANSI 9.42, ANSI X9.44, and ANSI X9.63 etc
Diffie-Hellman密钥协议标准

PKCS #5: Password-Based Cryptography Standard

PKCS #5 provides a general mechanism to achieve an enhanced security for password-based cryptographic primitives, covering key derivation functions, encryption schemes,messageauthentication schemes
基于口令的加密标准；基于口令密码对私钥进行保护

PKCS #7 and RFC 3369: Cryptographic Message Syntax (CMS)

CMS defines the syntax that is used to digitally sign,digest, authenticate, or encrypt arbitrary message content. In particular, CMS describes an encapsulation syntax for data protection.
为使用密码算法的数据规定了通用语法

PKCS #8: Private-Key Information Syntax Standard

The security of the public key cryptosystem is entirely dependent on the protection of the private keys.Generally, the private keys are encrypted with password and stored in some storage medium. It is important to have a standard to store private keys so that one can move private keys from one system to another system without any trouble. 
定义了私钥信息语法（存储可移植等）和加密私钥语法，其中私钥加密使用了PKCS#5标准

PKCS #10: Certification Request Syntax Standar

specifies syntax for certificate request
证书

PKCS #12: Personal Information Exchange Syntax Standard

describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. Machines, applications, browsers, Internet kiosks, and so on,that support this standard will allow a user to import, export, and exercise a single set of personal identity information.
个人信息交换语法标准。定义了个人身份信息（包括私钥、证书、各种秘密和扩展字段）的格式。有助于传输证书及对应的私钥

主要针对rsa：
pkcs1（最基本）----pkcs5（对密钥加密）----pkcs8（在以上基础上安全存储移植等）
主要针对证书：
pkcs7（基本语法）----pkcs12（安全传输）

参考：
https://webpages.uncc.edu/yonwang/papers/pkcs.pdf
https://www.cnblogs.com/jtlgb/p/6762050.html