PKCS #11 Specification v3.1 from PKCS 11 TC approved as a Committee Specification

Public key cryptographic token API ready for testing and implementation

OASIS is pleased to announce that PKCS #11 Specification Version 3.1 from the OASIS PKCS 11 TC [1] has been approved as an OASIS Committee Specification.

The Public Key Cryptography Standards (PKCS) are a group of public-key cryptography standards devised and published by RSA Security LLC, starting in the early 1990s. The OASIS PKCS 11 Technical Committee addresses the ongoing enhancement and maintenance of the PKCS #11 standard.

PKCS #11 Specification Version 3.1 defines a platform-independent API to cryptographic tokens, such as hardware security modules and smart cards. The API itself is named “Cryptoki” (from “cryptographic token interface” and pronounced as “crypto-key”). This specification defines data types, functions and other basic components of the PKCS #11 Cryptoki interface for devices that may hold cryptographic information and may perform cryptographic functions. It also defines mechanisms that are anticipated for use with the current version of PKCS #11.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

PKCS #11 Specification Version 3.1
Committee Specification 01
11 August 2022

PDF (Authoritative):
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.pdf
HTML:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html
Editable source:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.docx
PKCS #11 header files:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/include/pkcs11-v3.1/

The changes since the previous publication are marked in:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01-DIFF.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.zip

Members of the PKCS 11 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS PKCS 11 TC
https://www.oasis-open.org/committees/pkcs11/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/csd01/pkcs11-spec-v3.1-csd01-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/csd01/pkcs11-spec-v3.1-csd01-comment-resolution-log.pdf

[3] Approval ballots:
https://www.oasis-open.org/committees/ballot.php?id=3716
https://www.oasis-open.org/committees/ballot.php?id=3723