1 / 9

RSA Laboratories’ PKCS Series - a Tutorial

RSA Laboratories’ PKCS Series - a Tutorial. PKCS #12 Magnus Nyström, October, 1999. Personal Information Exchange Syntax Standard. Describes a transfer syntax for personal identity information private keys certificates etc An extension and generalization of PKCS #8

viveca
Download Presentation

RSA Laboratories’ PKCS Series - a Tutorial

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Laboratories’ PKCS Series - a Tutorial PKCS #12 Magnus Nyström, October, 1999

  2. Personal Information Exchange Syntax Standard • Describes a transfer syntax for personal identity information • private keys • certificates • etc • An extension and generalization of PKCS #8 • Personal information may be • confidentiality protected and • integrity protected

  3. Personal Information Exchange Syntax Standard, II • For both types of protections, password-based or public-key based protection is possible • Password-based is by far the most common mode

  4. version authSafe macData (optional) The PFX Type • (PFX = Personal inFormation eXchange) • The authSafe is of type data or signedData (from PKCS #7)(usually data) • The contents is, in turn, a SEQUENCE OF ContentInfo (PKCS #7)

  5. bagID bagValue bagAttributes The SafeBag type • Each contentInfo may be enveloped, encrypted or plain data. The plain data will be a SEQUENCE OF SafeBag: • bagID is an OBJECT IDENTIFIER. • bagAttributes is usually some mnemonics or a cross-reference (e.g. key <-> certificate)

  6. Bag types • There are 6 bag types: • key bag • PKCS #8 shrouded key bag • certificate bag • crl bag • secret bag • safe contents bag (recursive)

  7. Bag types, II • The key bag • Contains values of type PrivateKeyInfo (PKCS #8) • Contains just one key • The shrouded key bag • Contains values of type EncryptedPrivateKeyInfo (PKCS #8) • Contains just one key • The certificate bag • Contains X.509 or SDSI certificates • If corresponding private key is in another bag, the shall be cross-referenced with attributes

  8. Bag types, III • The crl bag • Contains X.509 CRLs • The secret bag • Contains various items which the user regards in need of protection • E.g.: passwords, login information • The safe contents bag • Enables recursion

  9. Wither, PKCS #12? • Version 1.0 was not published until June this year, although drafts where out early in 1997 • No plans for revisions, PKCS #15 likely to make PKCS #12 less important • More information: • http://www.rsasecurity.com/rsalabs/pkcs

More Related