Re-invigorating the PKCS #11 Standard

Categories: Uncategorized

One of the most important and widely-deployed cryptographic standards is PKCS #11, one of the family of PKCS standards that RSA initiated in the 1990s. The PKCS #11 standard specifies an API, called Cryptoki, for devices that hold cryptographic information and perform cryptographic functions. The API follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device, called a cryptographic token.

Increasingly over the past several years, we at RSA have felt that it would make sense to move PKCS #11 into an organization focused on standards development and maintenance. So starting shortly after the draft of PKCS #11 V2.30 went to public review in 2009, we began looking into moving PKCS #11 into OASIS to take advantage of the robust processes and infrastructure that OASIS already has in place. This transition is ready to happen!

OASIS and RSA will shortly be announcing a new technical committee, called “PKCS 11 Technical Committee”, that will address requirements for enhancements to PKCS #11. These requirements include  new mechanisms for instrumentation of the PKCS #11 application programming interface and other new PKCS #11 functionality, such as in support of integration with other standards, particularly OASIS KMIP. The committee will also engage in activities that support effective and interoperable implementation of PKCS #11, such as developing guidance on the use of PKCS #11, supporting interoperability testing and coordination of reference implementations.

Along with the other co-sponsors of the new PKCS 11 TC, RSA and OASIS encourage everyone interested in PKCS #11 to consider participating in the new technical committee. The call for participation will be published in January, with the first meeting of the TC anticipated for Monday 4-March-2013, immediately following the RSA Conference.

Details of the first meeting will be published soon, including location for those who can attend in person and call-in details for those who can’t. If you have any questions, please contact me ( I hope I’ll see you there!




Bob Griffin

Bob Griffin is Chief Security Architect at RSA, the Security Division of EMC, where he is responsible for technical architecture, standards and strategy, particularly for RSA’s data security products. He represents EMC to several standards organization, including as co-chair of the OASIS Key Management Interoperability Protocol (KMIP) technical committee. Bob has extensive experience in security strategy, corporate governance, business process transformation and software development. He has had the primary architectural responsibility for a number of production systems environments and for major software engineering projects at RSA, Entrust and Digital Equipment Corporation,. He is a frequently requested speaker for professional and industry conferences and has instructed courses within both professional and university settings.