PKCS#11: Cryptographic Token Interface Standard



From early 2013, PKCS#11 moved to the OASIS PKCS11 technical committee. All future PKCS#11 development is handled under the OASIS process.

For older releases the main PKCS#11 site at RSA used to contain the offical copies of the standard but this site has variable availability. The PKCS#11 mailing lists remain unavailable as of July 2015.

These RSA Security Inc. Public-Key Cryptography Standards (PKCS) documents were produced from the original standard document using Open Office to export it in MediaWiki format then processed through some custom perl scripts and then passed into a modified version of doxygen to finally produce the HTML output. The text of the standard is otherwise unchanged.

Each document can be viewed online, downloaded as a gzipped-tarfile for local usage or the original PDF of the standard is available along with a link to the official include files. A complete archive of the HTML versions of all the standards is available as a single 3.5Mb gzipped tarfile here

Version 3.0

Version 3.0 is the current under-development version and anticipated for release early 2019. It introduces the first update to the underlying API since v2.11 that was published in 2001.

Support for safer AEAD API usage and vendor API extensions is an explicit aim of this update.

Refer to the OASIS PKCS11 technical committee.

Version 2.40

Based on the v2.30 specification and header files contributed to OASIS by RSA/EMC the OASIS PKCS#11 technical committee developed v2.40 of the specification.

Version v2.40 became an official OASIS standard as of 14-April-2015. Errata 1 published 13-May-2016 contains important fixes as is the current version of the specification.

Note: The official header files for v2.40 were published with errata 1 and are available here.

HTML: [BASE] [CURRENT-MECHANISMS] [HISTORICAL-MECHANISMS] [PROFILES]
PDF: [BASE] [CURRENT-MECHANISMS] [HISTORICAL-MECHANISMS] [PROFILES]

Version 2.30

This is the draft of the v2.30 version of the standard. The RSA PKCS#11 development process did not officially move this standard beyond draft despite the 30 day public final draft review ending 28-Oct-2009.

Many vendors have adopted various portions of the draft version.

This version is the basis of the v2.40 OASIS standard version.

[HTML] [HTML-TGZ] [OVERVIEW-PDF] [BASE-PDF] [MECHANISMS1-PDF] [MECHANISMS2-PDF] [INC]

Version 2.20

Published 28 June 2004 this is the most widely used version of the PKCS#11 standard. Most supporting vendors have versions with various vendor-specific extensions based on v2.20.

[HTML] [HTML-TGZ] [PDF] [INC]

Version 2.11

Revision 1 published November 2001.

[HTML] [HTML-TGZ] [PDF] [INC]

Version 2.10

Published December 1999.

[HTML] [HTML-TGZ] [PDF] [INC]

Version 2.01

Published 22 December 1997.

[HTML] [HTML-TGZ] [PDF] [INC]

Version 2.0

Published 15 April 1997.

[HTML] [HTML-TGZ] [PDF] [INC]

Version 1.0

Published 28 April 1995.

[HTML] [HTML-TGZ] [PDF] [INC]