Intro to PKCS #1: RSA Cryptography Standard

As the first post in our PKCS series, we will be looking at PKCS #1. PKCS #1 is the RSA Cryptography Standard and is defined in RFC 3447 ( It defines standards for implementing public and private keys based on the RSA algorithm including cryptographic primitives, encryption schemes, signature schemes, and ASN.1 syntax for representing the keys and identifying the schemes.

A. Cryptographic Primitives

As stated in the RFC, cryptographic primitives are “basic mathematical operations on which cryptographic schemes can be built. Four different types of cryptographic primitives are defined in PKCS #1: encryption, decryption, signature, and verification.

An encryption primitive produces a ciphertext from a plaintext under the control of a public key. A decryption primitive produces a plaintext from a ciphertext under the control of a corresponding private key. PKCS #1 defines one pair of encryption/decryption primitives, specified as RSAEP and RSADP in RFC 3447, with exponentiation being the main mathematical operation used.

A signature primitive produces a signature from a message under the control of a private key. A verification primitive recovers the message from the signature under the control of the corresponding public key. The specific primitives defined for signature and verification in PKCS #1 are RSASP1 and RSAVP1.

B. Encryption and Signature Schemes

As stated in RFC 3447, “a scheme combines cryptographic primitives and other techniques to achieve a particular security goal.” The two types of schemes defined in PKCS #1 are encryption schemes and signature schemes with appendix. The schemes presented in PKCS #1 are limited in that they only present methods to process data with either a public or private key. They do not include any type of recommendations or steps to handle key management.

Both encryption schemes and signature schemes can be applied in many situations. One example given in RFC 3447 regarding an encryption scheme is usage in a key establishment protocol, where the message contains key material that needs to be delivered from party A to party B confidentially. An example given by the RFC for signature scheme usage could be as a signature algorithm for X.509 certificates. Note that signature schemes with appendix (defined in PKCS#1) are different than signature schemes with message recovery.

C. ASN.1 Syntax

The last item which is defined in PKCS #1 is ASN.1 object identifiers for RSA public and private keys and the RSA public and private key structure. The intended applications of these definitions include X.509 certificates, PKCS #8, and PKCS #12.

The wolfSSL embedded SSL library uses the PKCS #1 standard for RSA public and private keys and RSA operations. For example, if you examine the code, you can see how wolfSSL’s RsaKey type (./cyassl/ctaocrypt/rsa.h) matches up to the RSA key definition in PKCS #1.

To learn more about PKCS #1, you can look through RFC 3447, here:

To learn more about the wolfSSL embedded SSL library, you can download a free GPLv2-licensed copy from the yaSSL download page,, or look through the wolfSSL Manual, If you have any additional questions, please contact us at