Join TC     TC Page     Send a comment to this TC

Enhancing PKCS #11 standard for cryptographic tokens controlling authentication information (personal identity, cryptographic keys, certificates, digital signatures, biometric data)

Robert Relyea, rrelyea@redhat.com, Chair
Valerie Fenwick, valerie.fenwick@oracle.com, Chair
Tony Cox, tony.cox@cryptsoft.com, Secretary

Table of Contents


OASIS Press Release: Latest advances in OASIS KMIP and PKCS #11 Encryption and Cryptographic Token Interface Standards Demonstrated by Twelve Companies at RSA 2016: Interoperability Between Cryptosense, Cryptsoft, Feitian, Fornetix, Hewlett Packard Enterprise (HPE), IBM, Oracle, P6R, Quintessence Labs, SafeNet, Townsend Security, and Utimaco Products on Display; 29 Feb 2016

The PKCS#11 Technical Committee passed a motion to recognize Bob Griffin as Chair Emeritus. Thank you, Bob, for all your hard work to get this committee started!

OASIS Press Release: PKCS #11 Cryptographic Token Interface Base Specification, Interface Profiles, Current Mechanisms Specification, and Historical Mechanisms Specification Versions 2.40 become OASIS Standards.

OASIS Press Release: Twelve Companies Demonstrate Interoperability for OASIS KMIP and PKCS #11 Encryption and Cryptographic Token Interface Standards at RSA 2015: Cryptosense, Cryptsoft, Dell, Feitian, Fornetix, HP, IBM, Oracle, P6R, Thales, Utimaco, and Vormetric Collaborate to Prove Multi-Vendor Interoperability; 21 Apr 2015

Valerie Fenwick and Bob Griffin make the case for approving PKCS #11 package as OASIS Standards in this video.

Participation in the OASIS PKCS 11 TC is open to all interested parties. Contact join@oasis-open.org for more information.


The OASIS PKCS 11 Technical Committee develops enhancements to improve the PKCS #11 standard for ease of use in code libraries, open source applications, wrappers, and enterprise/COTS products: implementation guidelines, usage tutorials, test scenarios and test suites, interoperability testing, coordination of functional testing, development of conformance profiles, and providing reference implementations.

The updated standard provides additional support for mobile and cloud computing use cases: for distributed/federated applications involving key management functions (key generation, distribution, translation, escrow, re-keying); session-based models; virtual devices and virtual keystores; evolving wireless/sensor applications using near field communication (NFC), RFID, Bluetooth, and Wi-Fi.

TC members are also designing new mechanisms for API instrumentation, suitable for use in prototyping, profiling, and testing in resource-constrained application environments. These updates enable support for easy integration of PKCS #11 with other cryptographic key management system (CKMS) standards, including a broader range of cryptographic algorithms and CKMS cryptographic service models.

For more information on the PKCS 11 TC, see the TC Charter.


No subcommittees have been formed for this TC.

TC Liaisons

Tim Hudson (Cryptsoft) has been appointed by the PKCS 11 TC as liaison to the OASIS KMIP TC.

Technical Work Produced by the Committee

Wiki for OASIS PKCS 11 TC member collaboration

This Technical Committee has produced four new OASIS standards, encompassing PKCS11 version 2.40.

Also, the PKCS #11 V2.30 principal input specification referenced in the TC Charter was contributed on 2013-03-04.

PKCS #11 V2.40

The latest documents for PKCS #11 V2.40 are official OASIS standards as of April 2015. This standard builds on the foundation of PKCS #11 V2.30, and is backwards compatible to PKCS #11 V2.20.

Expository Work Produced by the Committee

External Resources

External resources have not yet been identified.

Mailing Lists and Comments

pkcs11: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the list archives, also mirrored by MarkLogic at MarkMail.org.

pkcs11-comment: a public mailing list for providing feedback on the technical work of the OASIS PKCS 11 TC. Send a comment or view the comment list archives, also mirrored by MarkLogic at MarkMail.org.

Press Coverage and Commentary

Additional Information

Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.