分类: C/C++
2009-02-09 17:18:34
In , PKCS#11 is one of the family of standards called , published by . It defines a platform-independent to cryptographic tokens, such as Hardware Security Modules and . (The PKCS#11 standard names the API "Cryptoki", but "PKCS#11" is often used to refer to the API as well as the standard that defines it.)
Since there isn't a real standard for cryptographic tokens, this API has been developed to be an abstraction layer for the generic cryptographic token. The PKCS#11 API defines most commonly used cryptographic object types ( keys, Certificates, / keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
PKCS#11 is largely adopted to access smart cards and HSMs. Most commercial software uses PKCS#11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS#11, such as and (using an extension). Software written for may use the platform specific API instead.
Since PKCS#11 is a complex API many wrappers exist that let the developer use the API from various languages.