PKCS #8: Private-Key Information Syntax Standard

An RSA Laboratories Technical Note Version 1.2 Revised November 1, 1993

*

1.Scope
This standard describes a syntax for privatekey information. Privatekey informationincludesaprivatekeyforsomepublickeyalgorithmandasetof attributes.Thestandardalsodescribes asyntaxforencryptedprivatekeys.A passwordbasedencryptionalgorithm(e.g.,oneofthosedescribedinPKCS#5) couldbeusedtoencrypttheprivatekeyinformation. Theintentionofincludingasetofattributesistoprovideasimplewayforauser to establish trust in information such as a distinguished name or a toplevel certification authority'spublickey.Whilesuchtrustcouldalsobeestablished withadigitalsignature,encryptionwithasecretkeyknownonlytotheuseris just as effective and possibly easier to implement. A nonexhaustive list of attributesisgiveninPKCS#9.

2.References
PKCS#1 RSA Laboratories. PKCS #1: RSA Encryption Standard. Version 1.5, November 1993. RSA Laboratories. PKCS #5: PasswordBased Encryption Standard. Version 1.5, November1993.

PKCS#5

*Supersedes June 3, 1991 version, which was also published as NIST/OSI Implementors' Workshop

documentSECSIG9123.PKCSdocumentsareavailablebyelectronicmailto<pkcs@rsa.com>.

Copyright 19911993RSALaboratories,adivisionofRSADataSecurity,Inc.Licensetocopy thisdocumentisgrantedprovidedthatitisidentifiedas"RSADataSecurity,Inc.PublicKey CryptographyStandards(PKCS)"inallmaterialmentioningorreferencingthisdocument.

003-903023-120-000-000

Page2
PKCS#9 X.208

ERROR!STYLENOTDEFINED.
RSALaboratories.PKCS#9:SelectedAttributeTypes.Version1.1,November1993. CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1).1988. CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract SyntaxNotationOne(ASN.1).1988. CCITT.RecommendationX.501:TheDirectoryModels.1988. CCITT.RecommendationX.509:TheDirectoryAuthenticationFramework.1988.

X.209

X.501 X.509

3.Definitions
Forthepurposesofthisstandard,thefollowingdefinitionsapply. AlgorithmIdentifier: A type that identifies an algorithm (by object identifier)andanyassociatedparameters.ThistypeisdefinedinX.509. ASN.1:AbstractSyntaxNotationOne,asdefinedinX.208. Attribute:Atypethatcontainsanattributetype(specifiedbyobjectidentifier) andoneormoreattributevalues.ThistypeisdefinedinX.501. BER:BasicEncodingRules,asdefinedinX.209.

4.Symbolsandabbreviations
Nosymbolsorabbreviationsaredefinedinthisstandard.

5.Generaloverview
The next two sections specify privatekey information syntax and encrypted privatekeyinformationsyntax. This standard exports two types: PrivateKeyInfo (Section 6) and EncryptedPrivateKeyInfo(Section7).

7.ENCRYPTEDPRIVATEKEYINFORMATIONSYNTAX

Page3

6.Privatekeyinformationsyntax
Thissectiongivesthesyntaxforprivatekeyinformation. PrivatekeyinformationshallhaveASN.1typePrivateKeyInfo: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } Version ::= INTEGER PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING Attributes ::= SET OF Attribute ThefieldsoftypePrivateKeyInfohavethefollowingmeanings: version is the syntax version number, for compatibility with futurerevisionsofthisstandard.Itshallbe0forthisversionofthe standard. privateKeyAlgorithmidentifiestheprivatekeyalgorithm.One exampleofaprivatekeyalgorithmisPKCS#1'srsaEncryption. privateKeyisanoctetstringwhosecontentsarethevalueofthe private key. The interpretation of the contents is defined in the registrationoftheprivatekeyalgorithm.ForanRSAprivatekey, forexample,thecontentsareaBERencodingofavalueoftype RSAPrivateKey. attributes is a set of attributes. These are the extended information that is encrypted along with the privatekey information.

7.Encryptedprivatekeyinformationsyntax
Thissectiongivesthesyntaxforencryptedprivatekeyinformation.

Page4

ERROR!STYLENOTDEFINED.

Encrypted privatekey information shall have ASN.1 type EncryptedPrivateKeyInfo: EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptedData EncryptedData } EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedData ::= OCTET STRING ThefieldsoftypeEncryptedPrivateKeyInfohavethefollowingmeanings: encryptionAlgorithmidentifiesthealgorithmunderwhichthe privatekeyinformationisencrypted.TwoexamplesarePKCS#5's pbeWithMD2AndDES-CBCandpbeWithMD5AndDES-CBC. encryptedData is the result of encrypting the privatekey information. Theencryptionprocessinvolvesthefollowingtwosteps: 1. 2. The privatekey information is BER encoded, yielding an octet string. Theresultofstep1isencryptedwiththesecretkeytogiveanoctet string,theresultoftheencryptionprocess.

7.ENCRYPTEDPRIVATEKEYINFORMATIONSYNTAX

Page5

Revisionhistory
Version1.0 Version1.0wasdistributedtoparticipantsinRSADataSecurity,Inc.'sPublic KeyCryptographyStandardsmeetingsinFebruaryandMarch1991. Version1.1 Version1.1ispartoftheJune3,1991initialpublicreleaseofPKCS.Version1.1 waspublishedasNIST/OSIImplementors'WorkshopdocumentSECSIG9123. Version1.2 Version 1.2 incorporates several editorial changes, including updates to the referencesandtheadditionofarevisionhistory.

Author'saddress
RSALaboratories 100MarineParkway RedwoodCity,CA94065USA (415)5957703 (415)5954126(fax) pkcs-editor@rsa.com