A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://en.wikipedia.org/wiki/PKCS_11 below:

PKCS 11 - Wikipedia

Toggle the table of contents PKCS 11

From Wikipedia, the free encyclopedia

Standard in public cryptography

In cryptography, PKCS #11 is a Public-Key Cryptography Standard that defines a C programming interface to create and manipulate cryptographic tokens that may contain secret cryptographic keys. It is often used to communicate with a Hardware Security Module or smart cards.

The PKCS #11 standard is managed by OASIS[1] with the current version being 3.1 [2] PKCS #11 is sometimes referred to as "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key").

The API defines most commonly used cryptographic object types (RSA keys, X.509 certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

Most commercial certificate authority (CA) software uses PKCS #11 to access the CA signing key[clarification needed] or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Mozilla Firefox and OpenSSL (using an extension). It is also used to access smart cards and HSMs. Software written for Microsoft Windows may use the platform specific MS-CAPI API instead. Both Oracle Solaris and Red Hat Enterprise Linux contain implementations for use by applications, as well.

Relationship to KMIP[edit]

The Key Management Interoperability Protocol (KMIP) defines a wire protocol that has similar functionality to the PKCS #11 API.

The two standards were originally developed independently but are now both governed by an OASIS technical committee. It is the stated objective of both the PKCS #11 and KMIP committees to align the standards where practicable. KMIP also has special operations that provide a complete standards based wire protocol for PKCS #11.

There is considerable overlap between members of the two technical committees.

The PKCS #11 standard originated from RSA Security along with its other PKCS standards in 1994. In 2013, RSA contributed the latest draft revision of the standard (PKCS #11 2.30) to OASIS to continue the work on the standard within the newly created OASIS PKCS11 Technical Committee.[3] The following list contains significant revision information:

  1. ^ a b Dieter Bong; Tony Cox, eds. (2023-07-23). "PKCS #11 Specification Version 3.1". OASIS. Retrieved 2024-08-29.
  2. ^ a b Paul Knight, ed. (2023-08-10). "Two PKCS #11 OASIS Standards published". OASIS. Retrieved 2025-01-05.
  3. ^ "OASIS Enhances Popular Public-Key Cryptography Standard, PKCS #11, for Mobile and Cloud". OASIS. 26 March 2013. Retrieved 2016-08-24.
  4. ^ "CT-KIP: Cryptographic Token Key Initialization Protocol". RSA Security. Archived from the original on 2017-04-17.
  5. ^ Griffin, Bob (2012-12-26). "Re-invigorating the PKCS #11 Standard". Archived from the original on 2013-05-25.
  6. ^ "OASIS PKCS 11 TC Public Documents". OASIS. Retrieved 2020-01-16.
  7. ^ "#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 2.40 become OASIS Standards". OASIS. 15 April 2015. Retrieved 2016-08-24.
  8. ^ "#PKCS 11 V2.40 Approved Erratas published by PKCS 11 TC". OASIS. 28 June 2016. Retrieved 2016-08-24.
  9. ^ "#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 3.0 become OASIS Standards". OASIS. 22 July 2020. Retrieved 2020-07-23.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4