The correct title of this article is PKCS #11. The substitution or omission of the # sign is because of technical restrictions.
In cryptography, PKCS #11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards. (The PKCS #11 standard names the API "Cryptoki" which is an amalgamation of "cryptographic token interface" and is pronounced as "crypto-key", but "PKCS #11" is often used to refer to the API as well as the standard that defines it.)
Since there isn't a real standard for cryptographic tokens, this API has been developed to be an abstraction layer for the generic cryptographic token. The PKCS #11 API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
PKCS #11 is largely adopted to access smart cards and HSMs. Most commercial Certification Authority software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Mozilla Firefox and OpenSSL (using an extension). Software written for Microsoft Windows may use the platform specific MS-CAPI API instead.
- 01/1994: project launched
- 04/1995: v1.0 published
- 12/1997: v2.01 published
- 12/1999: v2.10 published
- 06/2004: v2.20 published
- 12/2005: amendments 1 & 2 (one-time password tokens, CT-KIP )
- 01/2007: amendment 3 (additional mechanisms)
Applications using PKCS #11 
PKCS #11 wrappers 
Since PKCS #11 is a complex C API many wrappers exist that let the developer use the API from various languages.
Other Implementations 
- JCE - Oracle's Java has included an implementation of PKCS #11 consisting of both native and Java code available as part of the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE) since version 5 (JDK 1.5). This only supports 32 bit Java on Windows. Oracle Java 7 includes 64 bit Java Mac support. It is not a full PKCS #11 implementation, but rather allows JCA/JCE to access smartcards through PKCS #11. It does not, for instance, support the change PIN function.
External links