RSA Laboratories - PKCS #11: Cryptographic Token Interface Standard

This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. Cryptoki, pronounced crypto-key and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token.

The draft Version 2.30 of the PKCS #11 specification is now available for 30-day public review. The public review will continue through Wednesday 28-Oct-2009. Please send all comments to pkcs-editor@rsa.com.

New

PKCS #11 V2.30 specification front matter (Acrobat PDF)
PKCS #11 V2.30 core specification (Acrobat PDF)
PKCS #11 V2.30 mechanisms part 1 (Acrobat PDF)
PKCS #11 V2.30 mechanisms part 2 (Acrobat PDF)

The presentation on PKCS #11 V2.30 given at RSA Conference 2009 is also available (Acrobat PDF).

Conformance Profiles

Conformance profile of PKCS #11 v2.11 for mobile devices; MS-Word, Acrobat pdf
PKCS #11: Conformance Profile Specification; MS-Word, Acrobat pdf

Current Version

PKCS #11 v2.20 MS-Word (2.8mb), Acrobat pdf (1.2mb)
Errata for PKCS #11 v2.20 (txt)
Header files for PKCS #11 v2.20 (disclaimer):

PKCS #11 v2.20 Amendment 1: PKCS #11 mechanisms for One-Time Password Tokens Acrobat PDF Acrobat pdf
Header file for PKCS #11 v2.20 Amendment 1 (disclaimer)
PKCS #11 v2.20 Amendment 2: PKCS #11 Mechanisms for the Cryptographic Token Key Initialization Protocol Acrobat pdf
Header file for PKCS #11 v2.20 Amendment 2 (disclaimer)
PKCS #11 v2.20 Amendment 3: Additional PKCS #11 mechanisms; Acrobat pdf
Header file for PKCS #11 v2.20 Amendment 3 (disclaimer).

Previous Versions

PKCS #11 v2.11 MS-Word (1.9mb), Acrobat pdf (1mb)
Amendment 1 to PKCS #11 v2.11 MS-Word (122K), Acrobat pdf (301K)
Errata for PKCS #11 v2.11 (txt)
Header files for PKCS #11 v2.11 (disclaimer): cryptoki.h, pkcs11.h, pkcs11f.h, pkcs11t.h
Version 2.10; MS-Word (1.5mb), Acrobat pdf (1.2mb), PostScript (11.2mb)
Header files for PKCS #11 v2.10 (disclaimer): pkcs11.h, pkcs11f.h, pkcs11t.h
Version 2.01: MS-Word, Acrobat .pdf, zipped ms-word, and zipped Acrobat .pdf.
Version 2.01 with changes shown from Version 2.0 initial draft: MS-Word and zipped MS-Word
Version 2.01 Include Files (disclaimer): pkcs11.h (top level include file), pkcs11f.h and pkcs11t.h
Version 2.01 errata: ascii
Version 2.0 (unsupported) initial draft (14 April 1997) MS-Word, and Acrobat .pdf
Version 2.0 (unsupported) second draft (2 July 1997) MS-Word, and Acrobat .pdf
Version 2.0 Include Files (disclaimer): pkcs11.h (top level include file), pkcs11f.h and pkcs11t.h
Version 1.0: MS-Word, .ps, and .ps.gz
Version 1.0 Include File (disclaimer): ascii
Version 1.0 errata: ascii and ms-word

Links to Implementations

Disclaimer
IAIK Java wrapper

Contribution Agreements

PKCS #11 v2.10 is based on drafts contributed by Matt Wood of Intel, provided with contribution letters: Draft 1, Draft 2, Draft 3, Final

DISCLAIMER

Regarding the header / include files:

License to copy and use this software is granted provided that it is identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing the derived work.

This software is provided “AS IS” and RSA Security, Inc. disclaims all warranties including but not limited to the implied warranty of merchantability, fitness for a particular purpose, and noninfringement.

Regarding reference implementations:

RSA Laboratories is providing links to external reference implementations for the benefit of PKCS #11 developers. RSA Laboratories has not verified or reviewed these implementations and therefore can make no statement regarding their conformance to the current PKCS #11 specification. RSA Laboratories also makes no representations regarding intellectual property coverage or ownership of the reference implementations. The implementations may also be subject to regulations on the import, export and/or use of cryptography. Resolution of these issues is the responsibility of the user.

7.1 What is probabilistic encryption?

Contribution Agreements: Draft 1

Contribution Agreements: Draft 2

7.2 What are special signature schemes?

7.3 What is a blind signature scheme?

Contribution Agreements: Draft 3

Contribution Agreements: Final

7.4 What is a designated confirmer signature?

7.5 What is a fail-stop signature scheme?

7.6 What is a group signature?

7.7 What is a one-time signature scheme?

7.8 What is an undeniable signature scheme?

7.9 What are on-line/off-line signatures?

7.10 What is OAEP?

7.11 What is digital timestamping?

7.12 What is key recovery?

7.13 What are LEAFs?

7.14 What is PSS/PSS-R?

7.15 What are covert channels?

7.16 What are proactive security techniques?

7.17 What is quantum computing?

7.18 What is quantum cryptography?

7.19 What is DNA computing?

7.20 What are biometric techniques?

7.21 What is tamper-resistant hardware?

7.22 How are hardware devices made tamper-resistant?

Public-Key Cryptography Standards (PKCS) PKCS #1: RSA Cryptography Standard Section Index Foreword PKCS #3: Diffie-Hellman Key Agreement Standard PKCS #5: Password-Based Cryptography Standard Chapter 1 Introduction Chapter 2 Cryptography PKCS #6: Extended-Certificate Syntax Standard PKCS #7: Cryptographic Message Syntax Standard Chapter 3 Techniques in Cryptography Chapter 4 Applications of Cryptography PKCS #8: Private-Key Information Syntax Standard PKCS #9: Selected Attribute Types Chapter 5 Cryptography in the Real World Chapter 6 Laws Concerning Cryptography PKCS #10: Certification Request Syntax Standard PKCS #11: Cryptographic Token Interface Standard Chapter 7 Miscellaneous Topics Chapter 8 Further Reading PKCS #12: Personal Information Exchange Syntax Standard PKCS #13: Elliptic Curve Cryptography Standard Appendix A Mathematical concepts Appendix B Glossary PKCS #15: Cryptographic Token Information Format Standard PKCS Mailing Lists Appendix C References Workshops PKCS News Archives Guidelines for Contributions to the Public-Key Cryptography Standards (PKCS) One-Time Password Specifications (OTPS)	Home: Standards Initiatives: Public-Key Cryptography Standards (PKCS) PKCS #11: Cryptographic Token Interface Standard This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. Cryptoki, pronounced crypto-key and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token. The draft Version 2.30 of the PKCS #11 specification is now available for 30-day public review. The public review will continue through Wednesday 28-Oct-2009. Please send all comments to pkcs-editor@rsa.com. New PKCS #11 V2.30 specification front matter (Acrobat PDF) PKCS #11 V2.30 core specification (Acrobat PDF) PKCS #11 V2.30 mechanisms part 1 (Acrobat PDF) PKCS #11 V2.30 mechanisms part 2 (Acrobat PDF) The presentation on PKCS #11 V2.30 given at RSA Conference 2009 is also available (Acrobat PDF). Conformance Profiles Conformance profile of PKCS #11 v2.11 for mobile devices; MS-Word, Acrobat pdf PKCS #11: Conformance Profile Specification; MS-Word, Acrobat pdf Current Version PKCS #11 v2.20 MS-Word (2.8mb), Acrobat pdf (1.2mb) Errata for PKCS #11 v2.20 (txt) Header files for PKCS #11 v2.20 (disclaimer): cryptoki.h pkcs11.h pkcs11f.h pkcs11t.h PKCS #11 v2.20 Amendment 1: PKCS #11 mechanisms for One-Time Password Tokens Acrobat PDF Acrobat pdf Header file for PKCS #11 v2.20 Amendment 1 (disclaimer) PKCS #11 v2.20 Amendment 2: PKCS #11 Mechanisms for the Cryptographic Token Key Initialization Protocol Acrobat pdf Header file for PKCS #11 v2.20 Amendment 2 (disclaimer) PKCS #11 v2.20 Amendment 3: Additional PKCS #11 mechanisms; Acrobat pdf Header file for PKCS #11 v2.20 Amendment 3 (disclaimer). Previous Versions PKCS #11 v2.11 MS-Word (1.9mb), Acrobat pdf (1mb) Amendment 1 to PKCS #11 v2.11 MS-Word (122K), Acrobat pdf (301K) Errata for PKCS #11 v2.11 (txt) Header files for PKCS #11 v2.11 (disclaimer): cryptoki.h, pkcs11.h, pkcs11f.h, pkcs11t.h Version 2.10; MS-Word (1.5mb), Acrobat pdf (1.2mb), PostScript (11.2mb) Header files for PKCS #11 v2.10 (disclaimer): pkcs11.h, pkcs11f.h, pkcs11t.h Version 2.01: MS-Word, Acrobat .pdf, zipped ms-word, and zipped Acrobat .pdf. Version 2.01 with changes shown from Version 2.0 initial draft: MS-Word and zipped MS-Word Version 2.01 Include Files (disclaimer): pkcs11.h (top level include file), pkcs11f.h and pkcs11t.h Version 2.01 errata: ascii Version 2.0 (unsupported) initial draft (14 April 1997) MS-Word, and Acrobat .pdf Version 2.0 (unsupported) second draft (2 July 1997) MS-Word, and Acrobat .pdf Version 2.0 Include Files (disclaimer): pkcs11.h (top level include file), pkcs11f.h and pkcs11t.h Version 1.0: MS-Word, .ps, and .ps.gz Version 1.0 Include File (disclaimer): ascii Version 1.0 errata: ascii and ms-word Related Documents Version 2.01: Presentations from '98 workshop: Matt Wood of Intel (PowerPoint), Mike Hamann of IBM Laboratory (ms-word). Version 2.01: PowerPoint presentations from '97 workshop: Chris Thorpe of TIS, Matt Wood of Intel Version 1.0: workshop summary from July '96 PKCS 11 / Cryptoki workshop: ascii Links to Implementations Disclaimer IAIK Java wrapper Contribution Agreements PKCS #11 v2.10 is based on drafts contributed by Matt Wood of Intel, provided with contribution letters: Draft 1, Draft 2, Draft 3, Final DISCLAIMER Regarding the header / include files: License to copy and use this software is granted provided that it is identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing the derived work. This software is provided “AS IS” and RSA Security, Inc. disclaims all warranties including but not limited to the implied warranty of merchantability, fitness for a particular purpose, and noninfringement. Regarding reference implementations: RSA Laboratories is providing links to external reference implementations for the benefit of PKCS #11 developers. RSA Laboratories has not verified or reviewed these implementations and therefore can make no statement regarding their conformance to the current PKCS #11 specification. RSA Laboratories also makes no representations regarding intellectual property coverage or ownership of the reference implementations. The implementations may also be subject to regulations on the import, export and/or use of cryptography. Resolution of these issues is the responsibility of the user. 7.1 What is probabilistic encryption? Contribution Agreements: Draft 1 Contribution Agreements: Draft 2 7.2 What are special signature schemes? 7.3 What is a blind signature scheme? Contribution Agreements: Draft 3 Contribution Agreements: Final 7.4 What is a designated confirmer signature? 7.5 What is a fail-stop signature scheme? 7.6 What is a group signature? 7.7 What is a one-time signature scheme? 7.8 What is an undeniable signature scheme? 7.9 What are on-line/off-line signatures? 7.10 What is OAEP? 7.11 What is digital timestamping? 7.12 What is key recovery? 7.13 What are LEAFs? 7.14 What is PSS/PSS-R? 7.15 What are covert channels? 7.16 What are proactive security techniques? 7.17 What is quantum computing? 7.18 What is quantum cryptography? 7.19 What is DNA computing? 7.20 What are biometric techniques? 7.21 What is tamper-resistant hardware? 7.22 How are hardware devices made tamper-resistant? Top of Page	PKCS #11: Cryptographic Token Interface Standard 7.1 What is probabilistic encryption? Contribution Agreements: Draft 1 Contribution Agreements: Draft 2 7.2 What are special signature schemes? 7.3 What is a blind signature scheme? Contribution Agreements: Draft 3 Contribution Agreements: Final 7.4 What is a designated confirmer signature? 7.5 What is a fail-stop signature scheme? 7.6 What is a group signature? 7.7 What is a one-time signature scheme? 7.8 What is an undeniable signature scheme? 7.9 What are on-line/off-line signatures? 7.10 What is OAEP? 7.11 What is digital timestamping? 7.12 What is key recovery? 7.13 What are LEAFs? 7.14 What is PSS/PSS-R? 7.15 What are covert channels? 7.16 What are proactive security techniques? 7.17 What is quantum computing? 7.18 What is quantum cryptography? 7.19 What is DNA computing? 7.20 What are biometric techniques? 7.21 What is tamper-resistant hardware? 7.22 How are hardware devices made tamper-resistant?
		Email to a friend Print

PKCS #11: Cryptographic Token Interface Standard

New