PKCS-11
Standard C API for cryptographic tokens.
Definition
PKCS#11 defines C_OpenSession, C_Login, C_FindObjects, C_Sign, C_Decrypt, etc. with mechanisms (CKM_RSA_PKCS, CKM_AES_GCM, CKM_ECDSA). Standard implementations: OpenSC, NSS, Thales/SafeNet. v3.0 published June 2020 (post-quantum mechanisms in draft).
Origin
PKCS#11 v1 published by RSA Labs in 1995 ; OASIS adoption in 2012 ; v2.40 in 2015 ; v3.0 in 2020.
Example in context
An e-signature software uses PKCS#11 to drive a CPS3 smartcard or a Yubikey 5 in qualified AdES signing.
Related terms
- HSM — PKCS#11 target.