PKCS relies primarily on the properties of a matched pair of very large prime numbers. Conventionally one of the numbers is held securely as the private key and the other number is distributed freely as a public key.

Using a cryptography technique defined by Ron Rivest, Adi Shamir and Leonard Adleman (RSA), data encrypted with a private key can only be decrypted by the matching public key and vice versa. The RSA algorithm is intrinsically a slow process and, in practical applications, techniques are used to restrict the size of data that has to be processed.