1031:
179:
164:
technical committee. It is the stated objective of both the PKCS#11 and KMIP committees to align the standards where practicable. For example, the PKCS#11 Sensitive and
Extractable attributes are being added to KMIP version 1.4. There is considerable overlap between members of the two technical
78:, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key", although "PKCS #11" is often used to refer to the API as well as the standard that defines it).
431:"#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 2.40 become OASIS Standards"
473:"#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 3.0 become OASIS Standards"
368:
28:
1011:
841:
134:
430:
694:
236:
to continue the work on the standard within the newly created OASIS PKCS11 Technical
Committee. The following list contains significant revision information:
347:
154:
376:
563:
391:
451:
687:
63:
43:
109:(CA) software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use
1059:
890:
680:
1006:
961:
774:
885:
138:
323:
1001:
556:
472:
991:
981:
836:
493:
142:
126:
90:
71:
986:
976:
779:
739:
732:
722:
717:
727:
1034:
880:
826:
106:
409:
1064:
996:
920:
549:
327:
272:
233:
161:
47:
759:
299:
97:
keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
67:
865:
849:
796:
925:
915:
786:
395:
259:
232:
in 1994. In 2013, RSA contributed the latest draft revision of the standard (PKCS#11 2.30) to
130:
51:
860:
517:
160:
The two standards were originally developed independently but are now both governed by an
114:
82:
348:"OASIS Enhances Popular Public-Key Cryptography Standard, PKCS #11, for Mobile and Cloud"
935:
855:
816:
764:
749:
277:
03/2013: OASIS PKCS #11 Technical
Committee Inaugural meetings, works starts on v2.40
1053:
1016:
971:
930:
910:
806:
769:
744:
283:
05/2016: OASIS PKCS #11 v2.40 Errata 01 specifications become approved OASIS errata
966:
811:
801:
791:
754:
703:
372:
225:
204:
35:
157:(KMIP) defines a wire protocol that has similar functionality to the PKCS#11 API.
945:
521:
122:
110:
75:
24:
532:
905:
875:
870:
831:
94:
280:
04/2015: OASIS PKCS #11 v2.40 specifications become approved OASIS standards
895:
289:
07/2023: OASIS PKCS #11 v3.1 specifications become approved OASIS standards
286:
07/2020: OASIS PKCS #11 v3.0 specifications become approved OASIS standards
268:
09/2009: v2.30 draft published for review, but final version never published
193:
940:
900:
189:
271:
12/2012: RSA announce that PKCS #11 management is being transitioned to
46:, and also refers to the programming interface to create and manipulate
653:
648:
643:
638:
628:
527:
118:
821:
623:
618:
613:
608:
603:
598:
593:
588:
583:
86:
572:
229:
676:
545:
81:
The API defines most commonly used cryptographic object types (
172:
145:
contain implementations for use by applications, as well.
452:"#PKCS 11 V2.40 Approved Erratas published by PKCS 11 TC"
369:"CT-KIP: Cryptographic Token Key Initialization Protocol"
200:
842:
Cryptographically secure pseudorandom number generator
62:
The PKCS #11 standard defines a platform-independent
668:
537:
954:
710:
121:(using an extension). It is also used to access
528:PKCS#11: Cryptographic Token Interface Standard
688:
557:
8:
533:OASIS PKCS #11 Technical Committee home page
265:01/2007: amendment 3 (additional mechanisms)
695:
681:
673:
669:
564:
550:
542:
538:
322:Dieter Bong; Tony Cox, eds. (2023-07-23).
494:"Two PKCS #11 OASIS Standards published"
317:
315:
155:Key Management Interoperability Protocol
392:"Re-invigorating the PKCS #11 Standard"
311:
224:The PKCS#11 standard originated from
19:The correct title of this article is
7:
324:"PKCS #11 Specification Version 3.1"
410:"OASIS PKCS 11 TC Public Documents"
14:
44:Public-Key Cryptography Standards
1030:
1029:
177:
258:12/2005: amendments 1 & 2 (
50:(a token where the secret is a
16:Standard in public cryptography
891:Information-theoretic security
192:format but may read better as
133:may use the platform specific
1:
1007:Message authentication code
962:Cryptographic hash function
775:Cryptographic hash function
390:Griffin, Bob (2012-12-26).
1081:
886:Harvest now, decrypt later
18:
1025:
1002:Post-quantum cryptography
672:
579:
541:
524:- The PKCS #11 URI Scheme
240:01/1994: project launched
72:hardware security modules
992:Quantum key distribution
982:Authenticated encryption
837:Random number generation
255:06/2004: v2.20 published
252:01/2001: v2.11 published
249:12/1999: v2.10 published
246:12/1997: v2.01 published
143:Red Hat Enterprise Linux
987:Public-key cryptography
977:Symmetric-key algorithm
780:Key derivation function
740:Cryptographic primitive
733:Authentication protocol
723:Outline of cryptography
718:History of cryptography
496:. OASIS. 10 August 2023
243:04/1995: v1.0 published
201:converting this section
129:. Software written for
113:uses PKCS #11, such as
1060:Cryptography standards
728:Cryptographic protocol
433:. OASIS. 15 April 2015
350:. OASIS. 26 March 2013
29:technical restrictions
23:. The omission of the
881:End-to-end encryption
827:Cryptojacking malware
475:. OASIS. 22 July 2020
454:. OASIS. 28 June 2016
228:along with its other
107:certificate authority
997:Quantum cryptography
921:Trusted timestamping
149:Relationship to KMIP
68:cryptographic tokens
48:cryptographic tokens
760:Cryptographic nonce
300:Microsoft CryptoAPI
866:Subliminal channel
850:Pseudorandom noise
797:Key (cryptography)
203:, if appropriate.
137:API instead. Both
1047:
1046:
1043:
1042:
926:Key-based routing
916:Trapdoor function
787:Digital signature
666:
665:
662:
661:
260:one-time password
222:
221:
131:Microsoft Windows
52:cryptographic key
1072:
1033:
1032:
861:Insecure channel
697:
690:
683:
674:
670:
566:
559:
552:
543:
539:
505:
504:
502:
501:
490:
484:
483:
481:
480:
469:
463:
462:
460:
459:
448:
442:
441:
439:
438:
427:
421:
420:
418:
417:
406:
400:
399:
394:. Archived from
387:
381:
380:
375:. Archived from
365:
359:
358:
356:
355:
344:
338:
337:
335:
334:
319:
262:tokens, CT-KIP )
217:
214:
208:
199:You can help by
181:
180:
173:
105:Most commercial
1080:
1079:
1075:
1074:
1073:
1071:
1070:
1069:
1050:
1049:
1048:
1039:
1021:
950:
706:
701:
667:
658:
575:
570:
514:
509:
508:
499:
497:
492:
491:
487:
478:
476:
471:
470:
466:
457:
455:
450:
449:
445:
436:
434:
429:
428:
424:
415:
413:
408:
407:
403:
389:
388:
384:
367:
366:
362:
353:
351:
346:
345:
341:
332:
330:
321:
320:
313:
308:
296:
218:
212:
209:
198:
182:
178:
171:
151:
115:Mozilla Firefox
103:
60:
32:
17:
12:
11:
5:
1078:
1076:
1068:
1067:
1062:
1052:
1051:
1045:
1044:
1041:
1040:
1038:
1037:
1026:
1023:
1022:
1020:
1019:
1014:
1012:Random numbers
1009:
1004:
999:
994:
989:
984:
979:
974:
969:
964:
958:
956:
952:
951:
949:
948:
943:
938:
936:Garlic routing
933:
928:
923:
918:
913:
908:
903:
898:
893:
888:
883:
878:
873:
868:
863:
858:
856:Secure channel
853:
847:
846:
845:
834:
829:
824:
819:
817:Key stretching
814:
809:
804:
799:
794:
789:
784:
783:
782:
777:
767:
765:Cryptovirology
762:
757:
752:
750:Cryptocurrency
747:
742:
737:
736:
735:
725:
720:
714:
712:
708:
707:
702:
700:
699:
692:
685:
677:
664:
663:
660:
659:
657:
656:
651:
646:
641:
636:
631:
626:
621:
616:
611:
606:
601:
596:
591:
586:
580:
577:
576:
571:
569:
568:
561:
554:
546:
536:
535:
530:
525:
513:
512:External links
510:
507:
506:
485:
464:
443:
422:
401:
398:on 2013-05-25.
382:
379:on 2017-04-17.
360:
339:
310:
309:
307:
304:
303:
302:
295:
292:
291:
290:
287:
284:
281:
278:
275:
269:
266:
263:
256:
253:
250:
247:
244:
241:
230:PKCS standards
220:
219:
185:
183:
176:
170:
167:
150:
147:
139:Oracle Solaris
102:
99:
89:certificates,
59:
56:
42:is one of the
15:
13:
10:
9:
6:
4:
3:
2:
1077:
1066:
1063:
1061:
1058:
1057:
1055:
1036:
1028:
1027:
1024:
1018:
1017:Steganography
1015:
1013:
1010:
1008:
1005:
1003:
1000:
998:
995:
993:
990:
988:
985:
983:
980:
978:
975:
973:
972:Stream cipher
970:
968:
965:
963:
960:
959:
957:
953:
947:
944:
942:
939:
937:
934:
932:
931:Onion routing
929:
927:
924:
922:
919:
917:
914:
912:
911:Shared secret
909:
907:
904:
902:
899:
897:
894:
892:
889:
887:
884:
882:
879:
877:
874:
872:
869:
867:
864:
862:
859:
857:
854:
851:
848:
843:
840:
839:
838:
835:
833:
830:
828:
825:
823:
820:
818:
815:
813:
810:
808:
807:Key generator
805:
803:
800:
798:
795:
793:
790:
788:
785:
781:
778:
776:
773:
772:
771:
770:Hash function
768:
766:
763:
761:
758:
756:
753:
751:
748:
746:
745:Cryptanalysis
743:
741:
738:
734:
731:
730:
729:
726:
724:
721:
719:
716:
715:
713:
709:
705:
698:
693:
691:
686:
684:
679:
678:
675:
671:
655:
652:
650:
647:
645:
642:
640:
637:
635:
632:
630:
627:
625:
622:
620:
617:
615:
612:
610:
607:
605:
602:
600:
597:
595:
592:
590:
587:
585:
582:
581:
578:
574:
567:
562:
560:
555:
553:
548:
547:
544:
540:
534:
531:
529:
526:
523:
519:
516:
515:
511:
495:
489:
486:
474:
468:
465:
453:
447:
444:
432:
426:
423:
411:
405:
402:
397:
393:
386:
383:
378:
374:
370:
364:
361:
349:
343:
340:
329:
325:
318:
316:
312:
305:
301:
298:
297:
293:
288:
285:
282:
279:
276:
274:
270:
267:
264:
261:
257:
254:
251:
248:
245:
242:
239:
238:
237:
235:
231:
227:
216:
213:November 2014
207:is available.
206:
202:
196:
195:
191:
186:This section
184:
175:
174:
168:
166:
163:
158:
156:
148:
146:
144:
140:
136:
132:
128:
124:
120:
116:
112:
108:
100:
98:
96:
92:
88:
84:
79:
77:
73:
69:
65:
57:
55:
53:
49:
45:
41:
37:
30:
26:
22:
967:Block cipher
812:Key schedule
802:Key exchange
792:Kleptography
755:Cryptosystem
704:Cryptography
633:
498:. Retrieved
488:
477:. Retrieved
467:
456:. Retrieved
446:
435:. Retrieved
425:
414:. Retrieved
404:
396:the original
385:
377:the original
373:RSA Security
363:
352:. Retrieved
342:
331:. Retrieved
226:RSA Security
223:
210:
205:Editing help
187:
165:committees.
159:
152:
104:
80:
61:
39:
36:cryptography
33:
20:
1065:Smart cards
955:Mathematics
946:Mix network
123:smart cards
111:smart cards
76:smart cards
1054:Categories
906:Ciphertext
876:Decryption
871:Encryption
832:Ransomware
500:2024-08-29
479:2020-07-23
458:2016-08-24
437:2016-08-24
416:2020-01-16
354:2016-08-24
333:2024-08-29
306:References
95:Triple DES
74:(HSM) and
70:, such as
27:is due to
896:Plaintext
1035:Category
941:Kademlia
901:Codetext
844:(CSPRNG)
654:PKCS #15
649:PKCS #14
644:PKCS #13
639:PKCS #12
634:PKCS #11
629:PKCS #10
294:See also
40:PKCS #11
21:PKCS #11
711:General
624:PKCS #9
619:PKCS #8
614:PKCS #7
609:PKCS #6
604:PKCS #5
599:PKCS #4
594:PKCS #3
589:PKCS #2
584:PKCS #1
412:. OASIS
169:History
135:MS-CAPI
119:OpenSSL
822:Keygen
520:
188:is in
85:keys,
58:Detail
852:(PRN)
328:OASIS
273:OASIS
234:OASIS
194:prose
162:OASIS
101:Usage
87:X.509
573:PKCS
522:7512
190:list
153:The
141:and
127:HSMs
125:and
117:and
518:RFC
91:DES
83:RSA
66:to
64:API
54:).
34:In
1056::
371:.
326:.
314:^
38:,
696:e
689:t
682:v
565:e
558:t
551:v
503:.
482:.
461:.
440:.
419:.
357:.
336:.
215:)
211:(
197:.
93:/
31:.
25:#
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.