PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Privacy-Enhanced Mail is a set of protocols and mechanisms providing confidentiality and authentication for Internet electronic mail. Relevant mechanisms include the following (see RFC 1423 for details):
PKCS #1 RSA key pair generation (508-1024 bits)
PKCS #1 RSA (508-1024 bits)
DES key generation
DES-CBC
DES-ECB
double-length DES key generation
triple-DES-ECB
MD2 MD5
Variations on this set are certainly possible. For instance, PEM applications which make use only of asymmetric key management do not need the DES-ECB or triple-DES-ECB mechanisms, or the double-length DES key generation mechanism. Similarly, those which make use only of symmetric key management do not need the PKCS #1 RSA or RSA key pair generation mechanisms.
An "authentication-only" version of PEM with asymmetric key management would not need DES-CBC or DES key generation.
It is also possible to consider "exportable" variants of PEM which replace DES-CBC with RC2-CBC, perhaps limited to 40 bits, and limit the RSA key size to 512 bits.