Deconstructing PKCS #11
To some, PKCS #11 may be a common term used on a daily basis, but to others, it’s unfamiliar jargon. Whether you’re a tech guru or not, PKCS #11 is a beneficial technology that you can implement into your organization’s IT infrastructure.
What Is It?
PKCS #11 (Public-Key Cryptographic Standard #11) is a standard originally developed by RSA Laboratories and currently maintained by OASIS. PKCS #11 specifies a standardized API in the C programming language that offers substantial benefits to organizations, including significantly decreased integration work.
What Is Its Purpose?
PKCS #11 is used to facilitate easy automation of cryptographic operations such as encryption, decryption, signing, and verifying objects such as certificates and keys.
Hardware vs. Software: Which Should I Use?
Using hardware security modules (HSM) to perform cryptographic tasks on sensitive information is always more secure than software alone, due to the robust physical measures that prevent tampering and intrusion. The HSM provides a software library that bridges the PKCS #11 API defined in the standard with their own proprietary API to perform the cryptographic operations in hardware as opposed to software. While PKCS #11 can be used through software on the host computer, it is much easier for the host application’s hardware to be compromised, leading to the exposure of the encryption keys.
PKCS #11 in Futurex HSMs
Futurex products support PKCS #11 in order to communicate with a wide range of applications. With just a few exceptions incorporated to enhance overall security, Futurex supports all functions supplied in PKCS #11, with the addition of some custom functions developed by Futurex in order to increase utility. Enabling PKCS #11 on existing Futurex technology is a simple process. Contact us or download our PKCS #11 whitepaper to learn more.