RSA Laboratories

PKCS #11: Cryptographic Token Interface Standard

This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. Cryptoki, pronounced crypto-key and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token.

The draft Version 2.30 of the PKCS #11 specification is now available for 30-day public review. The public review will continue through Wednesday 28-Oct-2009. Please send all comments to


The presentation on PKCS #11 V2.30 given at RSA Conference 2009 is also available (Acrobat PDF).

Conformance Profiles

Current Version

Previous Versions

Related Documents

  • Version 2.01: Presentations from '98 workshop: Matt Wood of Intel (PowerPoint), Mike Hamann of IBM Laboratory (ms-word).
  • Version 2.01: PowerPoint presentations from '97 workshop: Chris Thorpe of TIS, Matt Wood of Intel
  • Version 1.0: workshop summary from July '96 PKCS 11 / Cryptoki workshop: ascii

Links to Implementations

Contribution Agreements

  • PKCS #11 v2.10 is based on drafts contributed by Matt Wood of Intel, provided with contribution letters: Draft 1, Draft 2, Draft 3, Final


Regarding the header / include files:

License to copy and use this software is granted provided that it is identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing the derived work.

This software is provided “AS IS” and RSA Security, Inc. disclaims all warranties including but not limited to the implied warranty of merchantability, fitness for a particular purpose, and noninfringement.

Regarding reference implementations:

RSA Laboratories is providing links to external reference implementations for the benefit of PKCS #11 developers. RSA Laboratories has not verified or reviewed these implementations and therefore can make no statement regarding their conformance to the current PKCS #11 specification. RSA Laboratories also makes no representations regarding intellectual property coverage or ownership of the reference implementations. The implementations may also be subject to regulations on the import, export and/or use of cryptography. Resolution of these issues is the responsibility of the user.