Page 594 - StudyBook.pdf
P. 594
578 Chapter 10 • Public Key Infrastructure
of public-key algorithms and additional attributes (similar to PKCS #6). In
this case, the attributes can be a DN or a root CA’s public key.
■ PKCS #9: Selected Attribute Types Defines the types of attributes for use
in extended certificates (PKCS #6), digitally signed messages (PKCS #7), and
private-key information (PKCS #8).
■ PKCS #10: Certification Request Syntax Standard Describes a syntax
for certification requests.A certification request consists of a DN, a public key,
and additional attributes. Certification requests are sent to a CA, which then
issues the certificate.
■ PKCS #11: Cryptographic Token Interface Standard Specifies an
application program interface (API) for token devices that hold encrypted
information and perform cryptographic functions, such as Smart Cards and
Universal Serial Bus (USB) pigtails.
■ PKCS #12: Personal Information Exchange Syntax Standard
Specifies a portable format for storing or transporting a user’s private keys and
certificates.Ties into both PKCS #8 (communication of private-key informa-
tion) and PKCS #11 (Cryptographic Token Interface Standard). Portable for-
mats include diskettes, Smart Cards, and Personal Computer Memory Card
International Association (PCMCIA) cards. On Microsoft Windows platforms,
PKCS #12 format files are generally given the extension .pfx. On other plat-
forms, other extensions may be used, including .pkcs12. PKCS #12 is the best
standard format to use when exchanging private keys and certificates between
systems.
PKI standards and protocols are living documents, meaning they are always
changing and evolving.Additional standards are proposed every day, but before they
are accepted as standards they are put through rigorous testing and scrutiny.
TEST DAY TIP
On the day of the test, do not concern yourself too much with what the
different standard numbers are. It is important to understand why they
are in place and what PKCS stands for.
www.syngress.com
