PKCS11

PKCS11

In cryptography, PKCS #11[1] is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards. (The PKCS #11 standard names the API "Cryptoki" which is an amalgamation of "cryptographic token interface" and is pronounced as "crypto-key", but "PKCS #11" is often used to refer to the API as well as the standard that defines it.)

Since there isn't a real standard for cryptographic tokens, this API has been developed to be an abstraction layer for the generic cryptographic token. The PKCS #11 API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

PKCS #11 is largely adopted to access smart cards and HSMs. Most commercial Certification Authority software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Mozilla Firefox and OpenSSL (using an extension). Software written for Microsoft Windows may use the platform specific MS-CAPI API instead.

Contents

History

  • 01/1994: project launched
  • 04/1995: v1.0 published
  • 12/1997: v2.01 published
  • 12/1999: v2.10 published
  • 06/2004: v2.20 published
  • 12/2005: amendments 1 & 2 (one-time password tokens, CT-KIP [2])
  • 01/2007: amendment 3 (additional mechanisms)

Applications using PKCS #11

PKCS #11 wrappers

Since PKCS #11 is a complex C API many wrappers exist that let the developer use the API from various languages.

Other Implementations

Java

  • JCE - Sun's Java has included a native (written in Java) implementation of PKCS #11 available

as part of the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE) since version 5 (JDK 1.5)

External Links

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Comparison of TLS Implementations — The Transport Layer Security (TLS) protocol provide the ability to secure communications across networks. There are several TLS implementations which are free and open source software and sometimes choosing between the available implementations… …   Wikipedia

  • OpenSSH — Don t tell anyone that I m free Developer(s) The OpenBSD Project Stable release 5.9 / September 6, 2011; 2 months ago …   Wikipedia

  • Public Key Cryptographic Standards — Les PKCS (Public Key Cryptographic Standards), ou standards de cryptographie à clé publique, sont un ensemble de spécifications conçues par les laboratoires RSA en Californie. La société RSA Security est spécialisée dans les solutions de sécurité …   Wikipédia en Français

  • Bürgerkarte — Die Bürgerkarte ist eine Kombination aus amtlichem Ausweis Dokument (meist der e card [1] oder dem Mobiltelefon als sog. Handy Signatur [2]) und einem digitalen Zertifikat im elektronischen Verwaltungsverfahren. Sie findet im österreichischen E… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”