Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
RFC 3447

Document Type RFC - Informational (February 2003; Errata)
Obsoleted by RFC 8017
Obsoletes RFC 2437
Was draft-jonsson-pkcs1-v2dot1 (individual in sec area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3447 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Jeffrey Schiller
IESG note Responsible: IESG member
Send notices to (None)
Network Working Group                                         J. Jonsson
Request for Comments: 3447                                    B. Kaliski
Obsoletes: 2437                                         RSA Laboratories
Category: Informational                                    February 2003

     Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
                      Specifications Version 2.1

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This memo represents a republication of PKCS #1 v2.1 from RSA
   Laboratories' Public-Key Cryptography Standards (PKCS) series, and
   change control is retained within the PKCS process.  The body of this
   document is taken directly from the PKCS #1 v2.1 document, with
   certain corrections made during the publication process.

Table of Contents

   1.       Introduction...............................................2
   2.       Notation...................................................3
   3.       Key types..................................................6
      3.1      RSA public key..........................................6
      3.2      RSA private key.........................................7
   4.       Data conversion primitives.................................8
      4.1      I2OSP...................................................9
      4.2      OS2IP...................................................9
   5.       Cryptographic primitives..................................10
      5.1      Encryption and decryption primitives...................10
      5.2      Signature and verification primitives..................12
   6.       Overview of schemes.......................................14
   7.       Encryption schemes........................................15
      7.1      RSAES-OAEP.............................................16
      7.2      RSAES-PKCS1-v1_5.......................................23
   8.       Signature schemes with appendix...........................27
      8.1      RSASSA-PSS.............................................29
      8.2      RSASSA-PKCS1-v1_5......................................32
   9.       Encoding methods for signatures with appendix.............35

Jonsson & Kaliski            Informational                      [Page 1]
RFC 3447        PKCS #1: RSA Cryptography Specifications   February 2003

      9.1      EMSA-PSS...............................................36
      9.2      EMSA-PKCS1-v1_5........................................41
   Appendix A. ASN.1 syntax...........................................44
      A.1      RSA key representation.................................44
      A.2      Scheme identification..................................46
   Appendix B. Supporting techniques..................................52
      B.1      Hash functions.........................................52
      B.2      Mask generation functions..............................54
   Appendix C. ASN.1 module...........................................56
   Appendix D. Intellectual Property Considerations...................63
   Appendix E. Revision history.......................................64
   Appendix F. References.............................................65
   Appendix G. About PKCS.............................................70
   Appendix H. Corrections Made During RFC Publication Process........70
   Security Considerations............................................70
   Acknowledgements...................................................71
   Authors' Addresses.................................................71
   Full Copyright Statement...........................................72

1. Introduction

   This document provides recommendations for the implementation of
   public-key cryptography based on the RSA algorithm [42], covering the
   following aspects:

    * Cryptographic primitives

    * Encryption schemes

    * Signature schemes with appendix

    * ASN.1 syntax for representing keys and for identifying the schemes

   The recommendations are intended for general application within
   computer and communications systems, and as such include a fair
   amount of flexibility.  It is expected that application standards
   based on these specifications may include additional constraints.
   The recommendations are intended to be compatible with the standard
   IEEE-1363-2000 [26] and draft standards currently being developed by
   the ANSI X9F1 [1] and IEEE P1363 [27] working groups.

   This document supersedes PKCS #1 version 2.0 [35][44] but includes
   compatible techniques.
Show full document text