In cryptography, PKCS#11 is one of the Public-Key Cryptography Standards, and also refers to the programming interface to create and manipulate cryptographic tokens.

The PKCS#11 standard was first developed by the RSA Laboratories in cooperation with representatives from industry, science, and governments, is now an open standard lead-managed by the OASIS PKCS#11 Technical Committee.

The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as cryptographic accelerators called a Hardware Security Modules (HSM), smart cards, and names the API itself “Cryptoki” (from “cryptographic token interface” and pronounced as “crypto-key” – but “PKCS #11” is often used to refer to the API as well as the standard that defines it). The API includes functions such as RC2, RC4, RC5, MD5, SHA-1, DES, triple-DES, IDEA, RSA, DSA, MAC computation, and key generation for a wide variety of cryptographic algorithms.

The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

To facilitate the integration of native PKCS#11 tokens into the Java platform, a new cryptographic provider, the Sun PKCS#11 provider, has been introduced into the J2SE 5.0 release. This new provider enables existing applications written to the JCA and JCE APIs to access native PKCS#11 tokens. No modifications to the application are required. The only requirement is the proper configuration of the provider into the Java Runtime.

Related Products

Related Articles

« Back to Glossary Index