PKCS#11

This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. Cryptoki, pronounced crypto-key and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token.

•  PKCS #11: Cryptographic Token Interface Standard
•  Wikipedia on PKCS #11

Example Code

• Sample PKCS#11 source code for BIND DNSSEC
• HSM Speed tester
• HSM Toolkit

Library Code

• The  OpenSC Project has a PKCS#11 support for smartcards.
•  libp11 is a library implementing a small layer on top of PKCS#11 API to make using PKCS#11 implementations easier.
•  Engine PKCS#11 is an implementation of an engine for OpenSSL.
• Love Hörnquist Åstrand has written a  software only implementation of PKCS#11.

Other potentially useful Information

•  Darren Moffat's PKCS#11 URI Suggestion