Re: Call me stupid

Thu, 06 Jul 2000 11:57:58 -0700 

On Thu, Jul 06, 2000 at 02:38:42PM -0400, Gotfried, Colette wrote:
> 
> I think I need some basic help.
> If there is somebody out there who knows the answers to the following simple
> questions, could he take the time to make my life much easier.
> 
> 1- What is PKCS? Does it define the kind of key, the kind of certificate or
> the kind of encoding of the certificate file?

PKCS is Public Key Cryptography Standards.  They're a set
of documents put out by RSA labs.  Each document is numbered
and standardizes formats (often in ASN.1) for different
things.

PKCS#1 deals with RSA encryption and signing formats.
#6 is a certificate standard.
#7 is for signatures.
#11 is for cryptographic hardware (this one's an API standard).
etc.

See RSA's web site for the list and for the individual standards.


> 2- What is PEM exactly? Is it a concept parallel to PKCS?

PEM is Privacy Enhanced Mail, an email security standard.
It defined a number of formats for exchanging cryptographic objects
like PKCS#7 signatures in a way that can pass through traditional
mailers, which only accept ASCII encoding.  So, it's not parallel
to PKCS, it uses PKCS (and other things).

> 3- Is PKCS a standard used by RSA only, or is it universal?

They're usually intended to be universal, although that might not always
be the case in practice.

> 4- Who uses ASN.1 and DER?

ASN.1 is used by all sorts of things.  A lot of genetic sequencing
info is done in ASN.1, as is EDI-type stuff.  DER is, in my
experience, mostly used in cryptography-related ASN.1.  The others
usually use BER or PER.  DER has the advantage that there's only one
legal way to encode something (BER allows more than one), so if
you decode and re-encode some data, it will be the same.
That's needed for crypto apps, otherwise it's hard to
verify a signature.

> 5- Who uses Base64 encoding, and what for? Is it an alternative to DER?

Base64 is a way to encode binary data using only legal seven-bit
ASCII characters.  You can use it to encode anything; it's not
restricted to crypto.


-- 
 Eric Murray www.lne.com/~ericm  ericm at the site lne.com  PGP keyid:E03F65E5
    Security consulting: security models, reviews, protocols, crypto.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to