Knowledge (XXG)

PKCS 11

Source 📝

1031: 179: 164:
technical committee. It is the stated objective of both the PKCS#11 and KMIP committees to align the standards where practicable. For example, the PKCS#11 Sensitive and Extractable attributes are being added to KMIP version 1.4. There is considerable overlap between members of the two technical
78:, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key", although "PKCS #11" is often used to refer to the API as well as the standard that defines it). 431:"#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 2.40 become OASIS Standards" 473:"#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 3.0 become OASIS Standards" 368: 28: 1011: 841: 134: 430: 694: 236:
to continue the work on the standard within the newly created OASIS PKCS11 Technical Committee. The following list contains significant revision information:
347: 154: 376: 563: 391: 451: 687: 63: 43: 109:(CA) software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use 1059: 890: 680: 1006: 961: 774: 885: 138: 323: 1001: 556: 472: 991: 981: 836: 493: 142: 126: 90: 71: 986: 976: 779: 739: 732: 722: 717: 727: 1034: 880: 826: 106: 409: 1064: 996: 920: 549: 327: 272: 233: 161: 47: 759: 299: 97:
keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
67: 865: 849: 796: 925: 915: 786: 395: 259: 232:
in 1994. In 2013, RSA contributed the latest draft revision of the standard (PKCS#11 2.30) to
130: 51: 860: 517: 160:
The two standards were originally developed independently but are now both governed by an
114: 82: 348:"OASIS Enhances Popular Public-Key Cryptography Standard, PKCS #11, for Mobile and Cloud" 935: 855: 816: 764: 749: 277:
03/2013: OASIS PKCS #11 Technical Committee Inaugural meetings, works starts on v2.40
1053: 1016: 971: 930: 910: 806: 769: 744: 283:
05/2016: OASIS PKCS #11 v2.40 Errata 01 specifications become approved OASIS errata
966: 811: 801: 791: 754: 703: 372: 225: 204: 35: 157:(KMIP) defines a wire protocol that has similar functionality to the PKCS#11 API. 945: 521: 122: 110: 75: 24: 532: 905: 875: 870: 831: 94: 280:
04/2015: OASIS PKCS #11 v2.40 specifications become approved OASIS standards
895: 289:
07/2023: OASIS PKCS #11 v3.1 specifications become approved OASIS standards
286:
07/2020: OASIS PKCS #11 v3.0 specifications become approved OASIS standards
268:
09/2009: v2.30 draft published for review, but final version never published
193: 940: 900: 189: 271:
12/2012: RSA announce that PKCS #11 management is being transitioned to
46:, and also refers to the programming interface to create and manipulate 653: 648: 643: 638: 628: 527: 118: 821: 623: 618: 613: 608: 603: 598: 593: 588: 583: 86: 572: 229: 676: 545: 81:
The API defines most commonly used cryptographic object types (
172: 145:
contain implementations for use by applications, as well.
452:"#PKCS 11 V2.40 Approved Erratas published by PKCS 11 TC" 369:"CT-KIP: Cryptographic Token Key Initialization Protocol" 200: 842:
Cryptographically secure pseudorandom number generator
62:
The PKCS #11 standard defines a platform-independent
668: 537: 954: 710: 121:(using an extension). It is also used to access 528:PKCS#11: Cryptographic Token Interface Standard 688: 557: 8: 533:OASIS PKCS #11 Technical Committee home page 265:01/2007: amendment 3 (additional mechanisms) 695: 681: 673: 669: 564: 550: 542: 538: 322:Dieter Bong; Tony Cox, eds. (2023-07-23). 494:"Two PKCS #11 OASIS Standards published" 317: 315: 155:Key Management Interoperability Protocol 392:"Re-invigorating the PKCS #11 Standard" 311: 224:The PKCS#11 standard originated from 19:The correct title of this article is 7: 324:"PKCS #11 Specification Version 3.1" 410:"OASIS PKCS 11 TC Public Documents" 14: 44:Public-Key Cryptography Standards 1030: 1029: 177: 258:12/2005: amendments 1 & 2 ( 50:(a token where the secret is a 16:Standard in public cryptography 891:Information-theoretic security 192:format but may read better as 133:may use the platform specific 1: 1007:Message authentication code 962:Cryptographic hash function 775:Cryptographic hash function 390:Griffin, Bob (2012-12-26). 1081: 886:Harvest now, decrypt later 18: 1025: 1002:Post-quantum cryptography 672: 579: 541: 524:- The PKCS #11 URI Scheme 240:01/1994: project launched 72:hardware security modules 992:Quantum key distribution 982:Authenticated encryption 837:Random number generation 255:06/2004: v2.20 published 252:01/2001: v2.11 published 249:12/1999: v2.10 published 246:12/1997: v2.01 published 143:Red Hat Enterprise Linux 987:Public-key cryptography 977:Symmetric-key algorithm 780:Key derivation function 740:Cryptographic primitive 733:Authentication protocol 723:Outline of cryptography 718:History of cryptography 496:. OASIS. 10 August 2023 243:04/1995: v1.0 published 201:converting this section 129:. Software written for 113:uses PKCS #11, such as 1060:Cryptography standards 728:Cryptographic protocol 433:. OASIS. 15 April 2015 350:. OASIS. 26 March 2013 29:technical restrictions 23:. The omission of the 881:End-to-end encryption 827:Cryptojacking malware 475:. OASIS. 22 July 2020 454:. OASIS. 28 June 2016 228:along with its other 107:certificate authority 997:Quantum cryptography 921:Trusted timestamping 149:Relationship to KMIP 68:cryptographic tokens 48:cryptographic tokens 760:Cryptographic nonce 300:Microsoft CryptoAPI 866:Subliminal channel 850:Pseudorandom noise 797:Key (cryptography) 203:, if appropriate. 137:API instead. Both 1047: 1046: 1043: 1042: 926:Key-based routing 916:Trapdoor function 787:Digital signature 666: 665: 662: 661: 260:one-time password 222: 221: 131:Microsoft Windows 52:cryptographic key 1072: 1033: 1032: 861:Insecure channel 697: 690: 683: 674: 670: 566: 559: 552: 543: 539: 505: 504: 502: 501: 490: 484: 483: 481: 480: 469: 463: 462: 460: 459: 448: 442: 441: 439: 438: 427: 421: 420: 418: 417: 406: 400: 399: 394:. Archived from 387: 381: 380: 375:. Archived from 365: 359: 358: 356: 355: 344: 338: 337: 335: 334: 319: 262:tokens, CT-KIP ) 217: 214: 208: 199:You can help by 181: 180: 173: 105:Most commercial 1080: 1079: 1075: 1074: 1073: 1071: 1070: 1069: 1050: 1049: 1048: 1039: 1021: 950: 706: 701: 667: 658: 575: 570: 514: 509: 508: 499: 497: 492: 491: 487: 478: 476: 471: 470: 466: 457: 455: 450: 449: 445: 436: 434: 429: 428: 424: 415: 413: 408: 407: 403: 389: 388: 384: 367: 366: 362: 353: 351: 346: 345: 341: 332: 330: 321: 320: 313: 308: 296: 218: 212: 209: 198: 182: 178: 171: 151: 115:Mozilla Firefox 103: 60: 32: 17: 12: 11: 5: 1078: 1076: 1068: 1067: 1062: 1052: 1051: 1045: 1044: 1041: 1040: 1038: 1037: 1026: 1023: 1022: 1020: 1019: 1014: 1012:Random numbers 1009: 1004: 999: 994: 989: 984: 979: 974: 969: 964: 958: 956: 952: 951: 949: 948: 943: 938: 936:Garlic routing 933: 928: 923: 918: 913: 908: 903: 898: 893: 888: 883: 878: 873: 868: 863: 858: 856:Secure channel 853: 847: 846: 845: 834: 829: 824: 819: 817:Key stretching 814: 809: 804: 799: 794: 789: 784: 783: 782: 777: 767: 765:Cryptovirology 762: 757: 752: 750:Cryptocurrency 747: 742: 737: 736: 735: 725: 720: 714: 712: 708: 707: 702: 700: 699: 692: 685: 677: 664: 663: 660: 659: 657: 656: 651: 646: 641: 636: 631: 626: 621: 616: 611: 606: 601: 596: 591: 586: 580: 577: 576: 571: 569: 568: 561: 554: 546: 536: 535: 530: 525: 513: 512:External links 510: 507: 506: 485: 464: 443: 422: 401: 398:on 2013-05-25. 382: 379:on 2017-04-17. 360: 339: 310: 309: 307: 304: 303: 302: 295: 292: 291: 290: 287: 284: 281: 278: 275: 269: 266: 263: 256: 253: 250: 247: 244: 241: 230:PKCS standards 220: 219: 185: 183: 176: 170: 167: 150: 147: 139:Oracle Solaris 102: 99: 89:certificates, 59: 56: 42:is one of the 15: 13: 10: 9: 6: 4: 3: 2: 1077: 1066: 1063: 1061: 1058: 1057: 1055: 1036: 1028: 1027: 1024: 1018: 1017:Steganography 1015: 1013: 1010: 1008: 1005: 1003: 1000: 998: 995: 993: 990: 988: 985: 983: 980: 978: 975: 973: 972:Stream cipher 970: 968: 965: 963: 960: 959: 957: 953: 947: 944: 942: 939: 937: 934: 932: 931:Onion routing 929: 927: 924: 922: 919: 917: 914: 912: 911:Shared secret 909: 907: 904: 902: 899: 897: 894: 892: 889: 887: 884: 882: 879: 877: 874: 872: 869: 867: 864: 862: 859: 857: 854: 851: 848: 843: 840: 839: 838: 835: 833: 830: 828: 825: 823: 820: 818: 815: 813: 810: 808: 807:Key generator 805: 803: 800: 798: 795: 793: 790: 788: 785: 781: 778: 776: 773: 772: 771: 770:Hash function 768: 766: 763: 761: 758: 756: 753: 751: 748: 746: 745:Cryptanalysis 743: 741: 738: 734: 731: 730: 729: 726: 724: 721: 719: 716: 715: 713: 709: 705: 698: 693: 691: 686: 684: 679: 678: 675: 671: 655: 652: 650: 647: 645: 642: 640: 637: 635: 632: 630: 627: 625: 622: 620: 617: 615: 612: 610: 607: 605: 602: 600: 597: 595: 592: 590: 587: 585: 582: 581: 578: 574: 567: 562: 560: 555: 553: 548: 547: 544: 540: 534: 531: 529: 526: 523: 519: 516: 515: 511: 495: 489: 486: 474: 468: 465: 453: 447: 444: 432: 426: 423: 411: 405: 402: 397: 393: 386: 383: 378: 374: 370: 364: 361: 349: 343: 340: 329: 325: 318: 316: 312: 305: 301: 298: 297: 293: 288: 285: 282: 279: 276: 274: 270: 267: 264: 261: 257: 254: 251: 248: 245: 242: 239: 238: 237: 235: 231: 227: 216: 213:November 2014 207:is available. 206: 202: 196: 195: 191: 186:This section 184: 175: 174: 168: 166: 163: 158: 156: 148: 146: 144: 140: 136: 132: 128: 124: 120: 116: 112: 108: 100: 98: 96: 92: 88: 84: 79: 77: 73: 69: 65: 57: 55: 53: 49: 45: 41: 37: 30: 26: 22: 967:Block cipher 812:Key schedule 802:Key exchange 792:Kleptography 755:Cryptosystem 704:Cryptography 633: 498:. Retrieved 488: 477:. Retrieved 467: 456:. Retrieved 446: 435:. Retrieved 425: 414:. Retrieved 404: 396:the original 385: 377:the original 373:RSA Security 363: 352:. Retrieved 342: 331:. Retrieved 226:RSA Security 223: 210: 205:Editing help 187: 165:committees. 159: 152: 104: 80: 61: 39: 36:cryptography 33: 20: 1065:Smart cards 955:Mathematics 946:Mix network 123:smart cards 111:smart cards 76:smart cards 1054:Categories 906:Ciphertext 876:Decryption 871:Encryption 832:Ransomware 500:2024-08-29 479:2020-07-23 458:2016-08-24 437:2016-08-24 416:2020-01-16 354:2016-08-24 333:2024-08-29 306:References 95:Triple DES 74:(HSM) and 70:, such as 27:is due to 896:Plaintext 1035:Category 941:Kademlia 901:Codetext 844:(CSPRNG) 654:PKCS #15 649:PKCS #14 644:PKCS #13 639:PKCS #12 634:PKCS #11 629:PKCS #10 294:See also 40:PKCS #11 21:PKCS #11 711:General 624:PKCS #9 619:PKCS #8 614:PKCS #7 609:PKCS #6 604:PKCS #5 599:PKCS #4 594:PKCS #3 589:PKCS #2 584:PKCS #1 412:. OASIS 169:History 135:MS-CAPI 119:OpenSSL 822:Keygen 520:  188:is in 85:keys, 58:Detail 852:(PRN) 328:OASIS 273:OASIS 234:OASIS 194:prose 162:OASIS 101:Usage 87:X.509 573:PKCS 522:7512 190:list 153:The 141:and 127:HSMs 125:and 117:and 518:RFC 91:DES 83:RSA 66:to 64:API 54:). 34:In 1056:: 371:. 326:. 314:^ 38:, 696:e 689:t 682:v 565:e 558:t 551:v 503:. 482:. 461:. 440:. 419:. 357:. 336:. 215:) 211:( 197:. 93:/ 31:. 25:#

Index

#
technical restrictions
cryptography
Public-Key Cryptography Standards
cryptographic tokens
cryptographic key
API
cryptographic tokens
hardware security modules
smart cards
RSA
X.509
DES
Triple DES
certificate authority
smart cards
Mozilla Firefox
OpenSSL
smart cards
HSMs
Microsoft Windows
MS-CAPI
Oracle Solaris
Red Hat Enterprise Linux
Key Management Interoperability Protocol
OASIS
list
prose
converting this section
Editing help

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.