PKCS 11
   HOME

TheInfoList



Click Here for Items Related To - PKCS 11
OR:
PKCS 11 on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, PKCS #11 is a
Public-Key Cryptography Standards Public Key Cryptography Standards (PKCS) are a group of public-key cryptography standards devised and published by RSA Security LLC, starting in the early 1990s. The company published the standards to promote the use of the cryptography tec ...
that defines a C programming interface to create and manipulate cryptographic tokens that may contain secret
cryptographic key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm In mathematics and computer science, an algorithm () is a finite sequenc ...
s. It is often used to communicate with a Hardware Security Module or
smart cards A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
. The PKCS #11 standard is managed by OASIS with the current version being 3.1 PKCS #11 is sometimes referred to as "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key"). The API defines most commonly used cryptographic object types ( RSA keys, X.509 certificates, DES/
Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Dat ...
keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.


Usage

Most commercial
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA) software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use
smart cards A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
uses PKCS #11, such as
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curren ...
and
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...
(using an extension). It is also used to access
smart cards A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
and HSMs. Software written for
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
may use the platform specific MS-CAPI API instead. Both
Oracle Solaris Oracle Solaris is a proprietary Unix operating system offered by Oracle for SPARC and x86-64 based workstations and servers. Originally developed by Sun Microsystems as Solaris, it superseded the company's earlier SunOS in 1993 and became kno ...
and
Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a commercial Linux distribution developed by Red Hat. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version for x86-64. Fedora Linux and ...
contain implementations for use by applications, as well.


Relationship to KMIP

The Key Management Interoperability Protocol (KMIP) defines a wire protocol that has similar functionality to the PKCS #11 API. The two standards were originally developed independently but are now both governed by an
OASIS In ecology, an oasis (; : oases ) is a fertile area of a desert or semi-desert environmentRSA Security RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer security, computer and network security company with a focus on encryption and decryption standards. RSA was named after the initials of its co-founders, ...
along with its other PKCS standards in 1994. In 2013, RSA contributed the latest draft revision of the standard (PKCS #11 2.30) to
OASIS In ecology, an oasis (; : oases ) is a fertile area of a desert or semi-desert environment * 12/2005: amendments 1 & 2 (
one-time password A one-time password (OTP), also known as a one-time PIN, one-time passcode, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital dev ...
tokens, CT-KIP ) * 01/2007: amendment 3 (additional mechanisms) * 09/2009: v2.30 draft published for review, but final version never published * 12/2012: RSA announce that PKCS #11 management is being transitioned to
OASIS In ecology, an oasis (; : oases ) is a fertile area of a desert or semi-desert environment


See also

* Microsoft CryptoAPI


References


External links

* - The PKCS #11 URI Scheme
PKCS#11: Cryptographic Token Interface Standard

OASIS PKCS #11 Technical Committee home page
{{Cryptography navbox Cryptography standards Smart cards