RSA Laboratories

Contribution Agreements: Draft 1

PKCS #11 Contribution Letter


PKCS #11 Version 2.1, Proposed Draft 1


Proposed Specification


Matthew Wood
Intel Security Technology Lab
2111 NE 25th Ave.
Hillsboro, OR 97124-5961 USA


July 20, 1999
Version 2.1, Draft 1


This draft represents the next revision of PKCS #11 standard. It includes the following enhancements over version 2.01:

  • formatting changes to match latest revisions of other PKCS documents
  • behavioral clarifications
  • new mechanism types
  • object enhancements
  • new objects types to support hardware feature expansion
  • method for applying a secondary authentication PIN to private key objects

The following is a detailed list of each set of edits to the version 2.01 document included in the proposed draft.

  • X.509 Attribute certificates
  • Data object attribute addition (add OID attribute)
  • Addition of RIPE-MD mechanisms
  • RFC2279 (UTF8) strings for internationalization
  • Clarification of multi-application access behavior (taken from mailing list discussion)
  • Clarification of mapping between PKCS #11 and X.509 key usage (adapted from PKCS #15)
  • Clarification of whether or not C_Encrypt can be used to terminate a multi-part operation to make sure the intended behavior is acurately reflected.
  • Addition of error codes to function descriptions
  • Clarification of C_InitToken behavior with respect to the SO PIN (taken from the percieved majority preference on the mailing list)
  • Multiple PIN handling.
  • Clarification of required lifetime of the CK_C_INITIALIZE_ARGS structure and C_FindObjectsInit templates in applications
  • Hardware feature objects to represent items such as real-time clocks, monotonic counters, etc.
Intellectual Property Issues

Contributor hereby submits this Contribution to RSA Laboratories for possible consideration in RSA Laboratories' Public-Key Cryptography Standards (PKCS) and agrees to the guidelines for PKCS contributions in effect at the time this Contribution is submitted.

Contributor also hereby grants RSA Laboratories license to make derivative works of this Contribution and to include all or portions of this Contribution or of such derivative works in PKCS documents and drafts. Contributor represents that it has authority to grant such license.

Intel Corporation makes no representations regarding intellectual property claims by other parties. Such determination is the reponsibility of the user.


All references are included in the proposed draft document itself.

Top of the page