Re-invigorating the PKCS #11 Standard

One of the most important and widely-deployed cryptographic standards is PKCS #11, one of the family of PKCS standards that RSA initiated in the 1990s. The PKCS #11 standard specifies an API, called Cryptoki, for devices that hold cryptographic information and perform cryptographic functions. The API follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device, called a cryptographic token.

Increasingly over the past several years, we at RSA have felt that it would make sense to move PKCS #11 into an organization focused on standards development and maintenance. So starting shortly after the draft of PKCS #11 V2.30 went to public review in 2009, we began looking into moving PKCS #11 into OASIS to take advantage of the robust processes and infrastructure that OASIS already has in place. This transition is ready to happen!

OASIS and RSA will shortly be announcing a new technical committee, called “PKCS 11 Technical Committee”, that will address requirements for enhancements to PKCS #11. These requirements include  new mechanisms for instrumentation of the PKCS #11 application programming interface and other new PKCS #11 functionality, such as in support of integration with other standards, particularly OASIS KMIP. The committee will also engage in activities that support effective and interoperable implementation of PKCS #11, such as developing guidance on the use of PKCS #11, supporting interoperability testing and coordination of reference implementations.

Along with the other co-sponsors of the new PKCS 11 TC, RSA and OASIS encourage everyone interested in PKCS #11 to consider participating in the new technical committee. The call for participation will be published in January, with the first meeting of the TC anticipated for Monday 4-March-2013, immediately following the RSA Conference.

Details of the first meeting will be published soon, including location for those who can attend in person and call-in details for those who can’t. If you have any questions, please contact me (robert.griffin@rsa.com). I hope I’ll see you there!