Name of Contact Person: Anthony Nadalin or Maxine Erlund

E-Mail Address: Anthony Nadalin - drsecure@us.ibm.com
Maxine Erlund - maxine.erlund@eng.sun.com

Telephone Number: Anthony Nadalin - (512)838-3823
Maxine Erlund - (408)517-5486

Fax Number: Anthony Nadalin - (512)838-3823
Maxine Erlund - (408)863-3155

Specification Lead: Anthony Nadalin and Ram Marti

E-Mail Address: Anthony Nadalin - drsecure@us.ibm.com
Ram Marti - Ram.Marti@eng.sun.com

Telephone Number: Anthony Nadalin - (512)838-3823
Ram Marti - (408)517-5486

Fax Number: Anthony Nadalin - (512)838-3823
Ram Marti - (408)863-3155

(NOTE that this information has been updated since the original submission.

Initial Expert Group Membership:

IBM _ Anthony Nadalin

Sun - Ram Marti

Critical Path - Hemma Prafullchandra

Section 2: Request

2.1 Please describe the proposed Specification:

This JSR is to define a standard set of APIs for a subset of the Public Key Cryptography Standards (PKCS#1, #5, #7, #8, #9, #10 & #12) and to provide a reference implementation of these.

2.2 What is the target Java platform? (i.e., desktop, server, personal, embedded, card, etc.)

JDK 2 SDK, Standard Edition, V 1.4 and above

2.3 What need of the Java community will be addressed by the proposed specification?

The PKCS family of standards addresses the following need: an agreed-upon standard format for transferred data based on public-key cryptography. PKCS covers several aspects of public-key cryptography, including: RSA encryption, password-based encryption, cryptographic message syntax, private-key information syntax, selected attribute types, certification request syntax, and personal information exchange syntax.

2.4 Why isn't this need met by existing specifications?

JDK 2 SDK, Standard Edition does not provide a standard set of APIs for a subset of the Public Key Cryptography Standards (PKCS#1, #5, #7, #8, #9, #10 & #12).

2.5 Please give a short description of the underlying technology or technologies:

The Public Key Cryptography Standards is a set of de-facto standards that is in wide use in the industry to day. They cover RSA encryption, Diffie-Hellman key agreement, password-based encryption, cryptographic message syntax, private-key information syntax, attribute types, and certification request syntax, as well as selected attributes and personal information format.. Some of these standards have been published as informational RFCs within IET F, e.g. RFC2315.

The editors of the PKCSs have traditionally been RSA Data Security Inc. However, for pkcs#7 the change control has been handed over to the IETF and the revisions are seen in RFC2630.

Encryption (PKCS #1) describes a method for encrypting data using the RSA public-key cryptosystem. Its intended use is in the construction of digital signatures and digital envelopes, as described in PKCS #7.

Password-based encryption (PKCS #5) describes a method for encrypting an octet string with a secret key derived from a password. The result of the method is an octet string. Although password-based encryption can be used to encrypt arbitrary octet strings, its intended primary application to public-key cryptography is for encrypting private keys when transferring them from one computer system to another.

Cryptographic message (PKCS # 7) describes a general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes. The syntax admits recursion, so that, for example, one envelope can be nested inside another, or one party can sign some previously enveloped digital data. It also allows arbitrary attributes, such as signing time, to be authenticated along with the content of a message, and provides for other attributes such as countersignatures to be associated with a signature. A degenerate case of the syntax provides a means for disseminating certificates and certificate-revocation lists.

Private-key information (PKCS #8) describes a syntax for private-key information. Private-key information includes a private key for some public-key algorithm and a set of attributes. Private-key information syntax also describes a syntax for encrypted private keys. A password-based encryption algorithm (e.g., one of those described in PKCS #5) could be used to encrypt the private-key information.

Attribute types (PKCS #9) defines selected attribute types for PKCS #7 digitally signed messages, and PKCS #8 private-key information.

Certification request (PKCS #10) describes a syntax for certification requests. A certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. Certification requests are sent to a certification authority, who transforms the request to an X.509 public-key certificate. (In what form the certification authority returns the newly signed certificate is outside the scope of PKCS #10. A PKCS #7 message is one possibility.)

Personal information exchange (PKCS #12) describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. Machines, applications, browsers, Internet kiosks, and so on, that support this standard will allow a user to import, export, and exercise a single set of personal identity information

2.6 Is there a proposed package name for the API Specification? (i.e., javapi.something, org. something, etc.)

java.security.pkcs1
java.security.pkcs5
java.security.pkcs7
java.security.pkcs8
java.security.pkcs9
java.security.pkcs10
java.security.pkcs12

2.7 Does the proposed specification have any dependencies on specific operating systems, CPUs, or I/O devices that you know of?

NO

2.8 Are there any security issues that cannot be addressed by the current security model?

NO

2.9 Are there any internationalization or localization issues?

NO

2.10 Are there any existing specifications that might be rendered obsolete, deprecated, or in need of revision as a result of this work?

No

2.11 Please describe the anticipated schedule for the development of this specification.

Section 3: Contributions

3.1 Please list any existing documents, specifications, or implementations that describe the technology. Please include links to the documents if they are publicly available.

Documents describing PKCS can be found at http://www.rsa.com/rsalabs/pubs/pkcs

3.2 Explanation of how these items might be used as a starting point for the work.

These documents describe the PKCS technology standards.