Home

PKCS5

PKCS #5, Password-Based Cryptography Specification, is a set of standards published by RSA Security as part of the PKCS family. It defines frameworks for constructing cryptographic keys from passwords and using those keys to protect data. The standard has two major versions that reflect evolving cryptographic practice.

PKCS#5 version 1.5 (1993) describes Password-Based Encryption Scheme 1 (PBES1). PBES1 uses a password, a salt,

PKCS#5 version 2.0 (2000) updates the specification and is published in RFC 2898 as PKCS #5: Password-Based

In practice, PKCS#5 is a foundational reference for password-based encryption; modern systems typically rely on PBES2

and
an
iteration
count
to
derive
a
key
with
a
password-based
key
derivation
function
(PBKDF1)
based
on
a
hash
function
such
as
MD2,
MD5,
or
SHA-1.
The
derived
key
is
then
used
with
a
symmetric
cipher,
typically
DES-CBC,
to
encrypt
data.
PKCS#5
also
specifies
a
padding
method
(PKCS#5
padding)
to
align
plaintext
to
the
block
size
of
the
cipher.
Cryptography
Specification
Version
2.0.
It
introduces
Password-Based
Encryption
Scheme
2
(PBES2),
which
separates
key
derivation
from
the
encryption
algorithm.
PBES2
uses
PBKDF2,
an
HMAC-based
key
derivation
function
with
a
salt
and
an
iteration
count,
to
produce
a
cryptographic
key,
which
is
then
used
with
a
selectable
encryption
scheme
(for
example
AES-CBC
or
Triple
DES).
PBES2
greatly
increases
flexibility
and
security
by
supporting
larger
keys
and
modern
ciphers.
with
PBKDF2
and
AES,
while
PKCS#5
padding
remains
a
widely
recognized
padding
method.
Some
sources
use
the
term
PKCS#5
to
refer
to
PKCS#12
or
PKCS#5
v2.0,
contributing
to
occasional
confusion.