PKCS11

From Wikipedia, the free encyclopedia

In cryptography, PKCS#11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules and smart cards. (The PKCS#11 standard names the API "Cryptoki", but "PKCS#11" is often used to refer to the API as well as the standard that defines it.)

Since there isn't a real standard for cryptographic tokens, this API has been developed to be an abstraction layer for the generic cryptographic token. The PKCS#11 API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

PKCS#11 is largely adopted to access smart cards and HSMs. Most commercial Certification Authority software uses PKCS#11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS#11, such as Mozilla Firefox and OpenSSL (using an extension). Software written for Microsoft Windows may use the platform specific MS-CAPI API instead.

[edit] PKCS#11 wrappers

Since PKCS#11 is a complex C API many wrappers exist that let the developer use the API from various languages.

• PyKCS11 - A wrapper for Python
• Another wrapper for Python
• Java 5.0 includes a wrapper for PKCS#11 API
• pkcs11-helper - A simple open source C interface to handle PKCS#11 tokens.
• PKCS#11 patch for OpenSSL for C by Alon Bar-Lev

[edit] References

• RSA Laboratories page on PKCS #11

v • d • e   Cryptography History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers | Steganography