PKCS 11

In cryptography, PKCS #11 is one of the Public-Key Cryptography Standards,^[1] and also refers to the programming interface to create and manipulate cryptographic tokens.

Detail

The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key" - but "PKCS #11" is often used to refer to the API as well as the standard that defines it).

The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

Usage

Most commercial certificate authority software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Mozilla Firefox and OpenSSL (using an extension). It is also used to access smart cards and HSMs. Software written for Microsoft Windows may use the platform specific MS-CAPI API instead. Both Oracle Solaris and Red Hat Linux contain implementations for use by applications, as well.

History

The PKCS#11 standard originated from RSA Security along with its other PKCS standards in 1994. In 2013, RSA contributed the latest draft revision of the standard (PKCS#11 2.30) to OASIS to continue the work on the standard within the newly created OASIS PKCS11 Technical Committee.^[2] The following list contains significant revision information:

01/1994: project launched
04/1995: v1.0 published
12/1997: v2.01 published
12/1999: v2.10 published
01/2001: v2.11 published
06/2004: v2.20 published^[1]
12/2005: amendments 1 & 2 (one-time password tokens, CT-KIP ^[3])
01/2007: amendment 3 (additional mechanisms)
09/2009: v2.30 draft published for review, but final version never published
12/2012: RSA announce that PKCS #11 management is being transitioned to OASIS ^[4]
03/2013: OASIS PKCS #11 Technical Committee Inaugural meetings, works starts on v2.40 ^[5]
04/2015: OASIS PKCS #11 v2.40 specifications become approved OASIS standards ^[6]
05/2016: OASIS PKCS #11 v2.40 Errata 01 specifications become approved OASIS errata ^[7]

References

1 2 "PKCS #11: Cryptographic Token Interface Standard".
↑ "OASIS Enhances Popular Public-Key Cryptography Standard, PKCS #11, for Mobile and Cloud | OASIS". www.oasis-open.org. Retrieved 2016-08-24.
↑ "CT-KIP: Cryptographic Token Key Initialization Protocol".
↑ https://blogs.rsa.com/re-invigorating-the-pkcs-11-standard/
↑ https://www.oasis-open.org/committees/documents.php?wg_abbrev=pkcs11
↑ "#PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 2.40 become OASIS Standards | OASIS". www.oasis-open.org. Retrieved 2016-08-24.
↑ "#PKCS 11 V2.40 Approved Erratas published by PKCS 11 TC | OASIS". www.oasis-open.org. Retrieved 2016-08-24.

External links

PKCS

PKCS #1 PKCS #2 PKCS #3 PKCS #4 PKCS #5 PKCS #6 PKCS #7 PKCS #8 PKCS #9 PKCS #10 PKCS #11 PKCS #12 PKCS #13 PKCS #14 PKCS #15

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 8/24/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.