Cryptographic Token Interface Standard



This RSA Security Inc. Public-Key Cryptography Standards (PKCS) document was produced from the original standard document using Open Office to export it in MediaWiki format then processed through some custom perl scripts and then passed into a modified version of doxygen to finally produce the HTML output. The text of the standard is otherwise unchanged.

Tim Hudson - - 10-Sep-2009

As cryptography begins to see wide application and acceptance, one thing is increasingly clear: if it is going to be as effective as the underlying technology allows it to be, there must be interoperable standards. Even though vendors may agree on the basic cryptographic techniques, compatibility between implementations is by no means guaranteed. Interoperability requires strict adherence to agreed-upon standards.

Towards that goal, RSA Laboratories has developed, in cooperation with representatives of industry, academia and government, a family of standards called Public-Key Cryptography Standards, or PKCS for short.

PKCS is offered by RSA Laboratories to developers of computer systems employing public-key and related technology. It is RSA Laboratories' intention to improve and refine the standards in conjunction with computer system developers, with the goal of producing standards that most if not all developers adopt.

The role of RSA Laboratories in the standards-making process is four-fold:

  1. Publish carefully written documents describing the standards.

  2. Solicit opinions and advice from developers and users on useful or necessary changes and extensions.

  3. Publish revised standards when appropriate.

  4. Provide implementation guides and/or reference implementations.

During the process of PKCS development, RSA Laboratories retains final authority on each document, though input from reviewers is clearly influential. However, RSA Laboratories' goal is to accelerate the development of formal standards, not to compete with such work. Thus, when a PKCS document is accepted as a base document for a formal standard, RSA Laboratories relinquishes its "ownership" of the document, giving way to the open standards development process. RSA Laboratories may continue to develop related documents, of course, under the terms described above.

PKCS documents and information are available online at There is an electronic mailing list, "cryptoki", at, specifically for discussion and development of PKCS #11. To subscribe to this list, send e-mail to with the line "subscribe cryptoki" in the message body. To unsubscribe, send e-mail to with the line "unsubscribe cryptoki" in the message body.

Comments on the PKCS documents, requests to register extensions to the standards, and suggestions for additional standards are welcomed. Address correspondence to:

 PKCS Editor
 RSA Laboratories
 174 Middlesex Turnpike
 Bedford, MA 01730 USA

It would be difficult to enumerate all the people and organizations who helped to produce PKCS #11. RSA Laboratories is grateful to each and every one of them. Special thanks go to Bruno Couillard of Chrysalis-ITS and John Centafont of NSA for the many hours they spent writing up parts of this document. Thanks also for the many other technical descriptions provided by many industry specialists. The reviewers of the document, without whose help the quality of the content would not be as great, must also be acknowledged and thanked. The review effort cannot be underestimated especially for a document so large.

For Version 1.0, PKCS #11's document editor was Aram Perez of International Computer Services, under contract to RSA Laboratories; the project coordinator was Burt Kaliski of RSA Laboratories. For Version 2.01, Ray Sidney served as document editor and project coordinator. Matthew Wood of Intel was document editor and project coordinator for Version 2.10 and Version 2.11. Simon McMahon from Eracom was editor for Version 2.20 while Magnus Nystrom of RSA coordinated the project.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220