Public Key Cryptography Standards #11

The Public Key Cryptography Standards #11 (PKCS #11) subsystem provides applications with a method for accessing hardware devices (tokens) regardless of the type of device.

The content in this section conforms to Version 2.20 of the PKCS #11 standard.

The PKCS #11 subsystem uses the following components:

  • An API shared object (/usr/lib/pkcs11/ibm_pks11.so) is provided as a generic interface to a device driver that supports the PKCS #11 standard. This tiered design enables new PKCS #11 devices when they are available without recompiling existing applications.
  • A PKCS #11 device driver that provides capabilities to applications that are similar to the capabilities provided to other kernel components, such as Encrypted File System (EFS) or IP Security (IPSec).
  • When the platform supports the cryptography coprocessor facility, the PKCS #11 device driver uses the hardware acceleration that is available with Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), and hash message authentication code (HMAC) operations. For improved performance, you can enable network memory affinity.