This a short overview/excerpt of the most important standards in the area of cryptography and PKI.
Public Key Cryptography Standards (PKCS)
Are published by http://www.rsa.com.
PKCS #1: | Basic RSA schemes for SSL, S/MIME, PKIX |
PKCS #7: | Cryptographic message syntax: Signed, encrypted message syntax. Enhancements for PEM (Privacy-Enhanced Mail). IETF RFC 2630 (CMS) adds DH. |
PKCS #11: | Cryptographic Token Interface (Cryptoki) Programming interface for smartcards, other devices. |
PKCS #15: | Cryptographic Token Information Format File format for cryptographic data on smartcards, other devices. |
PKCS #3: | Diffie-Hellman Key-Agreement |
PKCS #5: | Password-Based Cryptography |
PKCS #8: | Private-Key Information Syntax |
PKCS #9: | Selected Attribute Types |
PKCS #10: | Certification Request Syntax |
PKCS #12: | Personal Information Exchange Syntax |
IETF (Internet Engineering Task Force)
The IETF publishes the RFCs (until now 3000).
Standard Track consists of 3 steps:
Besides there are Experimental, Informal, Best Current Practice RFCs.
Here are 2 examples for RFCs:a) The definition of MD5 in RCF 1321.
b) The PKIX Working Group established in the fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. The scope of PKIX work has expanded beyond this initial goal. PKIX not only profiles ITU PKI standards, but also develops new standards apropos to the use of X.509-based PKIs in the Internet.
Request For Comments (RFC) of the PKIX group:
ISO = International Organisation for Standardisation
The subcommittee SC 27, working group 1 publishes e.g. the Technical Report
TR 13335: Advices for IT security management.
ITU (International Telecommunication Union)
The department ITU-T (earlier CCITT) published the X.509 Public Key Infrastructure standard and the definition of ASN.1.
IEEE (Institute of Electrical and Electronics Engineers)
Samples:
National Institute of Standards and Technology (NIST)
Samples:
ISIS / MTT (Industrial Signature Interoperability Specification / MailTrusT)
ISIS/MTT is a meta standard concerning PKI, which is built to achieve interoperability. It is based completely on international standards, but tries to meaningfully fill unintentional degrees of freedom (under-specification, differences). The non-optional parts of this standard are a prerequisite for companies which want to make e-government with the German governing bodies.
An purely optional (!) amendment, called "profile", describes the rarely used German specialities for the so called accredited qualified signatures (requirements added on top of the EU law for qualified signatures).
Qualified signatures are legal equivalent to hand-written signatures within the EU (European Union).
A unique testbed is additionally delivered by ISIS / MTT to test interoperability (please refer to www.teletrust.de).