Documente Academic
Documente Profesional
Documente Cultură
1.Scope
This standard describes a syntax for privatekey information. Privatekey informationincludesaprivatekeyforsomepublickeyalgorithmandasetof attributes.Thestandardalsodescribes asyntaxforencryptedprivatekeys.A passwordbasedencryptionalgorithm(e.g.,oneofthosedescribedinPKCS#5) couldbeusedtoencrypttheprivatekeyinformation. Theintentionofincludingasetofattributesistoprovideasimplewayforauser to establish trust in information such as a distinguished name or a toplevel certification authority'spublickey.Whilesuchtrustcouldalsobeestablished withadigitalsignature,encryptionwithasecretkeyknownonlytotheuseris just as effective and possibly easier to implement. A nonexhaustive list of attributesisgiveninPKCS#9.
2.References
PKCS#1 RSA Laboratories. PKCS #1: RSA Encryption Standard. Version 1.5, November 1993. RSA Laboratories. PKCS #5: PasswordBased Encryption Standard. Version 1.5, November1993.
PKCS#5
*Supersedes June 3, 1991 version, which was also published as NIST/OSI Implementors' Workshop
documentSECSIG9123.PKCSdocumentsareavailablebyelectronicmailto<pkcs@rsa.com>.
Page2
PKCS#9 X.208
ERROR!STYLENOTDEFINED.
RSALaboratories.PKCS#9:SelectedAttributeTypes.Version1.1,November1993. CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1).1988. CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract SyntaxNotationOne(ASN.1).1988. CCITT.RecommendationX.501:TheDirectoryModels.1988. CCITT.RecommendationX.509:TheDirectoryAuthenticationFramework.1988.
X.209
X.501 X.509
3.Definitions
Forthepurposesofthisstandard,thefollowingdefinitionsapply. AlgorithmIdentifier: A type that identifies an algorithm (by object identifier)andanyassociatedparameters.ThistypeisdefinedinX.509. ASN.1:AbstractSyntaxNotationOne,asdefinedinX.208. Attribute:Atypethatcontainsanattributetype(specifiedbyobjectidentifier) andoneormoreattributevalues.ThistypeisdefinedinX.501. BER:BasicEncodingRules,asdefinedinX.209.
4.Symbolsandabbreviations
Nosymbolsorabbreviationsaredefinedinthisstandard.
5.Generaloverview
The next two sections specify privatekey information syntax and encrypted privatekeyinformationsyntax. This standard exports two types: PrivateKeyInfo (Section 6) and EncryptedPrivateKeyInfo(Section7).
7.ENCRYPTEDPRIVATEKEYINFORMATIONSYNTAX
Page3
6.Privatekeyinformationsyntax
Thissectiongivesthesyntaxforprivatekeyinformation. PrivatekeyinformationshallhaveASN.1typePrivateKeyInfo: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } Version ::= INTEGER PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING Attributes ::= SET OF Attribute ThefieldsoftypePrivateKeyInfohavethefollowingmeanings: version is the syntax version number, for compatibility with futurerevisionsofthisstandard.Itshallbe0forthisversionofthe standard. privateKeyAlgorithmidentifiestheprivatekeyalgorithm.One exampleofaprivatekeyalgorithmisPKCS#1'srsaEncryption. privateKeyisanoctetstringwhosecontentsarethevalueofthe private key. The interpretation of the contents is defined in the registrationoftheprivatekeyalgorithm.ForanRSAprivatekey, forexample,thecontentsareaBERencodingofavalueoftype RSAPrivateKey. attributes is a set of attributes. These are the extended information that is encrypted along with the privatekey information.
7.Encryptedprivatekeyinformationsyntax
Thissectiongivesthesyntaxforencryptedprivatekeyinformation.
Page4
ERROR!STYLENOTDEFINED.
Encrypted privatekey information shall have ASN.1 type EncryptedPrivateKeyInfo: EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptedData EncryptedData } EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedData ::= OCTET STRING ThefieldsoftypeEncryptedPrivateKeyInfohavethefollowingmeanings: encryptionAlgorithmidentifiesthealgorithmunderwhichthe privatekeyinformationisencrypted.TwoexamplesarePKCS#5's pbeWithMD2AndDES-CBCandpbeWithMD5AndDES-CBC. encryptedData is the result of encrypting the privatekey information. Theencryptionprocessinvolvesthefollowingtwosteps: 1. 2. The privatekey information is BER encoded, yielding an octet string. Theresultofstep1isencryptedwiththesecretkeytogiveanoctet string,theresultoftheencryptionprocess.
7.ENCRYPTEDPRIVATEKEYINFORMATIONSYNTAX
Page5
Revisionhistory
Version1.0 Version1.0wasdistributedtoparticipantsinRSADataSecurity,Inc.'sPublic KeyCryptographyStandardsmeetingsinFebruaryandMarch1991. Version1.1 Version1.1ispartoftheJune3,1991initialpublicreleaseofPKCS.Version1.1 waspublishedasNIST/OSIImplementors'WorkshopdocumentSECSIG9123. Version1.2 Version 1.2 incorporates several editorial changes, including updates to the referencesandtheadditionofarevisionhistory.
Author'saddress
RSALaboratories 100MarineParkway RedwoodCity,CA94065USA (415)5957703 (415)5954126(fax) pkcs-editor@rsa.com