이번 포스팅에서는 PKCS에 대해 간단히 알아보려고 한다.
PKCS는 Public Key Cryptography Standards의 약자로 풀이하면 공개 키 암호 표준(?) 정도가 되는 것 같다. PKCS는 일종의 그룹으로 특허가 있는 암호화 기술을 보다 활성화하기 위한 표준을 발표한다. 그런데 그룹에서 발표하는 표준이 일반적인 기업 표준 즉, 전세계적으로 통용되는 표준이 아니기 때문에 최근에는 IETF, PKIX와 같은 그룹에서 프로세스를 만들어서 관리한다. (기존 표준 또한 RFC와 같이 옮겨져서 관리된다. )
지금까지 PKCS에서 발표한 표준은 다음과 같다. (wikipedia 참조)
| Version | Name | Comments | |
|---|---|---|---|
| PKCS #1 | 2.2 | RSA Cryptography Standard | See RFC 8017 Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. |
| PKCS #2 | - | Withdrawn | No longer active as of 2010. Covered RSA encryption of message digests; subsequently merged into PKCS #1. |
| PKCS #3 | 1.4 | Diffie–Hellman Key AgreementStandard | A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. |
| PKCS #4 | - | Withdrawn | No longer active as of 2010. Covered RSA key syntax; subsequently merged into PKCS #1. |
| PKCS #5 | 2.1 | Password-based Encryption Standard | See RFC 8018 and PBKDF2. |
| PKCS #6 | 1.5 | Extended-Certificate Syntax Standard | Defines extensions to the old v1 X.509 certificate specification. Obsoleted by v3 of the same. |
| PKCS #7 | 1.5 | Cryptographic Message SyntaxStandard | See RFC 2315. Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS #10 message). Formed the basis for S/MIME, which is as of 2010 based on RFC 5652 an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. |
| PKCS #8 | 1.2 | Private-Key Information Syntax Standard | See RFC 5958. Used to carry private certificate keypairs (encrypted or unencrypted). |
| PKCS #9 | 2.0 | Selected Attribute Types | See RFC 2985. Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests. |
| PKCS #10 | 1.7 | Certification Request Standard | See RFC 2986. Format of messages sent to a certification authority to request certification of a public key. See certificate signing request certificate signing request. |
| PKCS #11 | 2.40 | Cryptographic Token Interface | Also known as "Cryptoki". An API defining a generic interface to cryptographic tokens (see also hardware security module). Often used in single sign-on, public-key cryptography and disk encryption systems. RSA Security has turned over further development of the PKCS #11 standard to the OASIS PKCS 11 Technical Committee. |
| PKCS #12 | 1.1 | Personal Information Exchange Syntax Standard | See RFC 7292. Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS #12. This container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password. Usable as a format for the Java key store and to establish client authentication certificates in Mozilla Firefox. Usable by Apache Tomcat. |
| PKCS #13 | – | Elliptic Curve CryptographyStandard | (Apparently abandoned, only reference is a proposal from 1998.) |
| PKCS #14 | – | Pseudo-random Number Generation | (Apparently abandoned, no documents exist.) |
| PKCS #15 | 1.1 | Cryptographic Token Information Format Standard | Defines a standard allowing users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other API. RSA has relinquished IC-card-related parts of this standard to ISO/IEC 7816-15. |
참조
'IT > Security' 카테고리의 다른 글
| [Cryptography] Salt (0) | 2019.02.23 |
|---|
댓글