1042:
190:
175:
technical committee. It is the stated objective of both the PKCS#11 and KMIP committees to align the standards where practicable. For example, the PKCS#11 Sensitive and
Extractable attributes are being added to KMIP version 1.4. There is considerable overlap between members of the two technical
89:, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key", although "PKCS #11" is often used to refer to the API as well as the standard that defines it).
442:"#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 2.40 become OASIS Standards"
484:"#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 3.0 become OASIS Standards"
379:
39:
1022:
852:
145:
441:
705:
247:
to continue the work on the standard within the newly created OASIS PKCS11 Technical
Committee. The following list contains significant revision information:
358:
165:
387:
574:
402:
462:
698:
74:
54:
120:(CA) software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use
1070:
901:
691:
1017:
972:
785:
896:
149:
334:
1012:
567:
483:
1002:
992:
847:
504:
153:
137:
101:
82:
997:
987:
790:
750:
743:
733:
728:
738:
1045:
891:
837:
117:
420:
1075:
1007:
931:
560:
338:
283:
244:
172:
58:
770:
310:
108:
keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
78:
876:
860:
807:
936:
926:
797:
406:
270:
243:
in 1994. In 2013, RSA contributed the latest draft revision of the standard (PKCS#11 2.30) to
141:
62:
871:
528:
171:
The two standards were originally developed independently but are now both governed by an
125:
93:
359:"OASIS Enhances Popular Public-Key Cryptography Standard, PKCS #11, for Mobile and Cloud"
946:
866:
827:
775:
760:
288:
03/2013: OASIS PKCS #11 Technical
Committee Inaugural meetings, works starts on v2.40
1064:
1027:
982:
941:
921:
817:
780:
755:
294:
05/2016: OASIS PKCS #11 v2.40 Errata 01 specifications become approved OASIS errata
977:
822:
812:
802:
765:
714:
383:
236:
215:
46:
168:(KMIP) defines a wire protocol that has similar functionality to the PKCS#11 API.
956:
532:
133:
121:
86:
35:
543:
916:
886:
881:
842:
105:
291:
04/2015: OASIS PKCS #11 v2.40 specifications become approved OASIS standards
906:
300:
07/2023: OASIS PKCS #11 v3.1 specifications become approved OASIS standards
297:
07/2020: OASIS PKCS #11 v3.0 specifications become approved OASIS standards
279:
09/2009: v2.30 draft published for review, but final version never published
204:
951:
911:
200:
282:
12/2012: RSA announce that PKCS #11 management is being transitioned to
57:, and also refers to the programming interface to create and manipulate
664:
659:
654:
649:
639:
538:
129:
17:
832:
634:
629:
624:
619:
614:
609:
604:
599:
594:
97:
583:
240:
687:
556:
92:
The API defines most commonly used cryptographic object types (
183:
156:
contain implementations for use by applications, as well.
463:"#PKCS 11 V2.40 Approved Erratas published by PKCS 11 TC"
380:"CT-KIP: Cryptographic Token Key Initialization Protocol"
211:
853:
Cryptographically secure pseudorandom number generator
73:
The PKCS #11 standard defines a platform-independent
679:
548:
965:
721:
132:(using an extension). It is also used to access
539:PKCS#11: Cryptographic Token Interface Standard
699:
568:
8:
544:OASIS PKCS #11 Technical Committee home page
276:01/2007: amendment 3 (additional mechanisms)
706:
692:
684:
680:
575:
561:
553:
549:
333:Dieter Bong; Tony Cox, eds. (2023-07-23).
505:"Two PKCS #11 OASIS Standards published"
328:
326:
166:Key Management Interoperability Protocol
403:"Re-invigorating the PKCS #11 Standard"
322:
235:The PKCS#11 standard originated from
30:The correct title of this article is
7:
335:"PKCS #11 Specification Version 3.1"
421:"OASIS PKCS 11 TC Public Documents"
25:
55:Public-Key Cryptography Standards
1041:
1040:
188:
269:12/2005: amendments 1 & 2 (
61:(a token where the secret is a
27:Standard in public cryptography
902:Information-theoretic security
203:format but may read better as
144:may use the platform specific
1:
1018:Message authentication code
973:Cryptographic hash function
786:Cryptographic hash function
401:Griffin, Bob (2012-12-26).
1092:
897:Harvest now, decrypt later
29:
1036:
1013:Post-quantum cryptography
683:
590:
552:
535:- The PKCS #11 URI Scheme
251:01/1994: project launched
83:hardware security modules
1003:Quantum key distribution
993:Authenticated encryption
848:Random number generation
266:06/2004: v2.20 published
263:01/2001: v2.11 published
260:12/1999: v2.10 published
257:12/1997: v2.01 published
154:Red Hat Enterprise Linux
998:Public-key cryptography
988:Symmetric-key algorithm
791:Key derivation function
751:Cryptographic primitive
744:Authentication protocol
734:Outline of cryptography
729:History of cryptography
507:. OASIS. 10 August 2023
254:04/1995: v1.0 published
212:converting this section
140:. Software written for
124:uses PKCS #11, such as
1071:Cryptography standards
739:Cryptographic protocol
444:. OASIS. 15 April 2015
361:. OASIS. 26 March 2013
40:technical restrictions
34:. The omission of the
892:End-to-end encryption
838:Cryptojacking malware
486:. OASIS. 22 July 2020
465:. OASIS. 28 June 2016
239:along with its other
118:certificate authority
1008:Quantum cryptography
932:Trusted timestamping
160:Relationship to KMIP
79:cryptographic tokens
59:cryptographic tokens
771:Cryptographic nonce
311:Microsoft CryptoAPI
877:Subliminal channel
861:Pseudorandom noise
808:Key (cryptography)
214:, if appropriate.
148:API instead. Both
1058:
1057:
1054:
1053:
937:Key-based routing
927:Trapdoor function
798:Digital signature
677:
676:
673:
672:
271:one-time password
233:
232:
142:Microsoft Windows
63:cryptographic key
16:(Redirected from
1083:
1044:
1043:
872:Insecure channel
708:
701:
694:
685:
681:
577:
570:
563:
554:
550:
516:
515:
513:
512:
501:
495:
494:
492:
491:
480:
474:
473:
471:
470:
459:
453:
452:
450:
449:
438:
432:
431:
429:
428:
417:
411:
410:
405:. Archived from
398:
392:
391:
386:. Archived from
376:
370:
369:
367:
366:
355:
349:
348:
346:
345:
330:
273:tokens, CT-KIP )
228:
225:
219:
210:You can help by
192:
191:
184:
116:Most commercial
21:
1091:
1090:
1086:
1085:
1084:
1082:
1081:
1080:
1061:
1060:
1059:
1050:
1032:
961:
717:
712:
678:
669:
586:
581:
525:
520:
519:
510:
508:
503:
502:
498:
489:
487:
482:
481:
477:
468:
466:
461:
460:
456:
447:
445:
440:
439:
435:
426:
424:
419:
418:
414:
400:
399:
395:
378:
377:
373:
364:
362:
357:
356:
352:
343:
341:
332:
331:
324:
319:
307:
229:
223:
220:
209:
193:
189:
182:
162:
126:Mozilla Firefox
114:
71:
43:
28:
23:
22:
15:
12:
11:
5:
1089:
1087:
1079:
1078:
1073:
1063:
1062:
1056:
1055:
1052:
1051:
1049:
1048:
1037:
1034:
1033:
1031:
1030:
1025:
1023:Random numbers
1020:
1015:
1010:
1005:
1000:
995:
990:
985:
980:
975:
969:
967:
963:
962:
960:
959:
954:
949:
947:Garlic routing
944:
939:
934:
929:
924:
919:
914:
909:
904:
899:
894:
889:
884:
879:
874:
869:
867:Secure channel
864:
858:
857:
856:
845:
840:
835:
830:
828:Key stretching
825:
820:
815:
810:
805:
800:
795:
794:
793:
788:
778:
776:Cryptovirology
773:
768:
763:
761:Cryptocurrency
758:
753:
748:
747:
746:
736:
731:
725:
723:
719:
718:
713:
711:
710:
703:
696:
688:
675:
674:
671:
670:
668:
667:
662:
657:
652:
647:
642:
637:
632:
627:
622:
617:
612:
607:
602:
597:
591:
588:
587:
582:
580:
579:
572:
565:
557:
547:
546:
541:
536:
524:
523:External links
521:
518:
517:
496:
475:
454:
433:
412:
409:on 2013-05-25.
393:
390:on 2017-04-17.
371:
350:
321:
320:
318:
315:
314:
313:
306:
303:
302:
301:
298:
295:
292:
289:
286:
280:
277:
274:
267:
264:
261:
258:
255:
252:
241:PKCS standards
231:
230:
196:
194:
187:
181:
178:
161:
158:
150:Oracle Solaris
113:
110:
100:certificates,
70:
67:
53:is one of the
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1088:
1077:
1074:
1072:
1069:
1068:
1066:
1047:
1039:
1038:
1035:
1029:
1028:Steganography
1026:
1024:
1021:
1019:
1016:
1014:
1011:
1009:
1006:
1004:
1001:
999:
996:
994:
991:
989:
986:
984:
983:Stream cipher
981:
979:
976:
974:
971:
970:
968:
964:
958:
955:
953:
950:
948:
945:
943:
942:Onion routing
940:
938:
935:
933:
930:
928:
925:
923:
922:Shared secret
920:
918:
915:
913:
910:
908:
905:
903:
900:
898:
895:
893:
890:
888:
885:
883:
880:
878:
875:
873:
870:
868:
865:
862:
859:
854:
851:
850:
849:
846:
844:
841:
839:
836:
834:
831:
829:
826:
824:
821:
819:
818:Key generator
816:
814:
811:
809:
806:
804:
801:
799:
796:
792:
789:
787:
784:
783:
782:
781:Hash function
779:
777:
774:
772:
769:
767:
764:
762:
759:
757:
756:Cryptanalysis
754:
752:
749:
745:
742:
741:
740:
737:
735:
732:
730:
727:
726:
724:
720:
716:
709:
704:
702:
697:
695:
690:
689:
686:
682:
666:
663:
661:
658:
656:
653:
651:
648:
646:
643:
641:
638:
636:
633:
631:
628:
626:
623:
621:
618:
616:
613:
611:
608:
606:
603:
601:
598:
596:
593:
592:
589:
585:
578:
573:
571:
566:
564:
559:
558:
555:
551:
545:
542:
540:
537:
534:
530:
527:
526:
522:
506:
500:
497:
485:
479:
476:
464:
458:
455:
443:
437:
434:
422:
416:
413:
408:
404:
397:
394:
389:
385:
381:
375:
372:
360:
354:
351:
340:
336:
329:
327:
323:
316:
312:
309:
308:
304:
299:
296:
293:
290:
287:
285:
281:
278:
275:
272:
268:
265:
262:
259:
256:
253:
250:
249:
248:
246:
242:
238:
227:
224:November 2014
218:is available.
217:
213:
207:
206:
202:
197:This section
195:
186:
185:
179:
177:
174:
169:
167:
159:
157:
155:
151:
147:
143:
139:
135:
131:
127:
123:
119:
111:
109:
107:
103:
99:
95:
90:
88:
84:
80:
76:
68:
66:
64:
60:
56:
52:
48:
41:
37:
33:
19:
978:Block cipher
823:Key schedule
813:Key exchange
803:Kleptography
766:Cryptosystem
715:Cryptography
644:
509:. Retrieved
499:
488:. Retrieved
478:
467:. Retrieved
457:
446:. Retrieved
436:
425:. Retrieved
415:
407:the original
396:
388:the original
384:RSA Security
374:
363:. Retrieved
353:
342:. Retrieved
237:RSA Security
234:
221:
216:Editing help
198:
176:committees.
170:
163:
115:
91:
72:
50:
47:cryptography
44:
31:
1076:Smart cards
966:Mathematics
957:Mix network
134:smart cards
122:smart cards
87:smart cards
1065:Categories
917:Ciphertext
887:Decryption
882:Encryption
843:Ransomware
511:2024-08-29
490:2020-07-23
469:2016-08-24
448:2016-08-24
427:2020-01-16
365:2016-08-24
344:2024-08-29
317:References
106:Triple DES
85:(HSM) and
81:, such as
38:is due to
907:Plaintext
1046:Category
952:Kademlia
912:Codetext
855:(CSPRNG)
665:PKCS #15
660:PKCS #14
655:PKCS #13
650:PKCS #12
645:PKCS #11
640:PKCS #10
305:See also
51:PKCS #11
32:PKCS #11
722:General
635:PKCS #9
630:PKCS #8
625:PKCS #7
620:PKCS #6
615:PKCS #5
610:PKCS #4
605:PKCS #3
600:PKCS #2
595:PKCS #1
423:. OASIS
180:History
146:MS-CAPI
130:OpenSSL
833:Keygen
531:
199:is in
96:keys,
69:Detail
18:PKCS11
863:(PRN)
339:OASIS
284:OASIS
245:OASIS
205:prose
173:OASIS
112:Usage
98:X.509
584:PKCS
533:7512
201:list
164:The
152:and
138:HSMs
136:and
128:and
529:RFC
102:DES
94:RSA
77:to
75:API
65:).
45:In
1067::
382:.
337:.
325:^
49:,
707:e
700:t
693:v
576:e
569:t
562:v
514:.
493:.
472:.
451:.
430:.
368:.
347:.
226:)
222:(
208:.
104:/
42:.
36:#
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.