PKCS : Java Glossary


PKCS (Public-Key Cryptography Standards) A series of standards for digital certificates for code signing, SSL (Secure Sockets Layer) encryption etc.
RSA PKCS Standards
Type Holds Multiple Certificates? Holds Private Keys? Password Required? Notes
PKCS#1 n/a n/a n/a The RSA encryption standard. This standard defines mechanisms for encrypting and signing data using the RSA public key system. Cipher sometimes uses PCKS#1 padding.
PKCS#2 n/a n/a n/a Obsolete. Now part of PKCS#2.
PKCS#3 n/a n/a n/a Defines the Diffie-Hellman key agreement protocol. Allows two parties who have never exchanged anything before to negotiate a common secret key to use for encrypted message exchanges.
PKCS#4 n/a n/a n/a Obsolete. Now part of PKCS#2.
PKCS#5 n/a n/a n/a The password-based encryption standard (PBE (Password Based Encryption) ). This describes a method to generate a Secret Key based on a password.
PKCS#6 n/a n/a n/a The extended-certificate syntax standard. This is currently being phased out in favor of X509 v3.
PKCS#7 The cryptographic message syntax standard. This defines a generic syntax for messages which have cryptography applied to it. Imported by a browser to add to list of trusted certificates or signing authorities. cacerts. is not in this format.
PKCS#8 The private-key information syntax standard. This defines a method to store Private Key Information.
PKCS#9 n/a n/a n/a This defines selected attribute types for use in other PKCS standards. Defines the field names for data in a certificate the signing authority attests to, e.g. facsimileTelephoneNumber, stateOrProvinceName, iSDNAddress, streetAddress, localityName, supportedApplicationContext surname, telephoneNumber, organizationName,teletexTerminalIdentifier physicalDeliveryOfficeName, telexNumber postalAddress, title, postalCode, x121Address, postOfficeBox.
PKCS#10 The certification request syntax standard. This describes a syntax for certification requests.
PKCS#11 / CryptoKi The cryptographic token interface standard. This defines a technology independent programming interface for cryptographic devices such as smartcards.
PKCS#12 The personal information exchange syntax standard. This describes a portable format for storage and transportation of user private keys, certificates etc. Where a developer stores his code signing keys. .keystore is not in this format, though Java also supports PCKS#12 keystore format.
PKCS#13 n/a n/a n/a The elliptic curve cryptography standard. This describes mechanisms to encrypt and sign data using elliptic curve cryptography.
PKCS#14 n/a n/a n/a This covers pseudo random number generation (PRNG). This is currently under active development.
PKCS#15 n/a n/a n/a The cryptographic token information format standard. This describes a standard for the format of cryptographic credentials stored on cryptographic tokens.

Learning More

To use Oracle’s PKCS#11 code, make sure you have sunpkcs11.jar in the ext directory.
keyman: a more user-friendly cacerts manipulator
KeyTool IUI: third party GUI version of keytool
PKCS Standards

This page is posted
on the web at:

Optional Replicator mirror
on local hard disk J:

Canadian Mind Products
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number