Talk:PKCS 11

Description wrong?
This description of PCKS11 is wrong. PKCS is a certificate file format. It is not an API. —Preceding unsigned comment added by Mcr314 (talk • contribs) 16:23, 19 January 2007


 * PKCS is a series of cryptography standards promoted by RSA Security (now a part of EMC). The majority are data format and interchange standards for cryptographic algorithms and their use, but #11 is in fact an interface standard.  See  for details.
 * 71.107.96.47 19:02, 18 April 2007 (UTC)

In Colloquial usage developers often refer to the API simply as "P11"
Substituting "P" for "PKCS#" in all the PKCS standards is common in the developer community using PKCS#11 but confusing for the novice and thus worthwhile to note concisely in this article for reader clarity. Yes, usage in forums and articles is is greater for "PKCS#11" than "P11", but this does not negate the usage of the short form in colloquial usage. A search for "P11" and "PKCS#11" quickly demonstrates interchangeability of the forms in API documentation and in discussion forums. - Joachimv (talk) 06:04, 5 September 2009 (UTC)


 * I'm not convinced of that - the above link only gives some 4500 hits - and a lot of those aren't actually developers referring to it as "P11"; they're things hits where "p11" is of a longer string (e.g. libpam-p11), or as (for example) variables and such called "p11" - neither backs up your comment, that developers use "P11" when talking to each other about it.


 * The URL posted actually backs up my view - if you look through all the google hits it shows, the overwhelming majority have "PKCS#11"/"PKCS11" in the subject, and not "P11". If it was commonly referred to as "P11", you could expect a significant proportion returned to have "P11" in the subject.


 * On this basis, a better search would be: (searching groups for "P11" in the subject, where PKCS#11 is also present in order to get come kind of context.) This gives a better view of how widespread "P11" is as a developer term - only some 46 hits(!)


 * It may well be common in your experience, though that doesn't mean it's widespread Nuwewsco (talk) 07:18, 5 September 2009 (UTC)


 * "Only 4500 hits" means there is usage of "P11". It's not like there are many more than 4500 developers using the PKCS #11 standard. It's not about significant percentage or overwhelming usage. It's about colloquial or slang usage among developers. Contrary to your assertions, all of these links do in fact show colloquial usage of "P11" as short for "PKCS #11". In fact, all of those links have usage of the shortened "P11" in code, in descriptions, in labels, in parameter names, etc. In these cases "P11" is short for "PKCS #11". A non-technical person trying to understand what "P11" means has a hard time finding out the answer. Listing the short colloquial usage is important to help non-technical users identify the technology referred to behind the slang.  Eliminating such text from the Wiki entry based on personal experience as opposed to evidence of usage in the development community is short sighted and not helpful.  — Preceding unsigned comment added by 24.205.251.60 (talk) 14:11, 14 October 2011 (UTC)

Java Implementation?
The section on "Other Implementations" mentions that "Sun's Java has included a native (written in Java) implementation of PKCS #11". The link on the word "JCE" in fact points to the "Sun PKCS #11 Provider", which is in fact not an implementation of PKCS #11, but more an adapter, using a native interface to call the functions of a PKCS #11 library. It implements a Java JCE Provider interface, using the functions of a PKCS#11 library to provide its services (crypto functionality and/or access to key and other objects).

Also the wording "native (written in Java)" seems pointless - it is either native (not Java), or Java (not native). After, the JNI are not used to interface Java to Java, but Java to native code. And it is not really practical to implement a "C Api" in Java.

Would it be better to say something like "Sun's Java includes a PKCS #11 JCE provider, allowing access to any PKCS #11 library".

But than again, who cares.


 * Java's PKCS#11 provider is a PKCS11 consumer. PKCS11 implementations can be of the type where they consume PKCS11, or where they provide PKCS11 services. Both are indeed implementations. Both types implementations were demonstrated at the 2015 Oasis interoperability booth at RSA https://www.oasis-open.org/news/pr/twelve-companies-demonstrate-interoperability-for-oasis-kmip-and-pkcs-11-encryption-and-cryp Bubbva (talk) 23:08, 13 May 2015 (UTC)

PKCS#12 Pooseant (talk) 07:24, 9 October 2016 (UTC)

borken link
The link to sdeancomponents is now dead and points to a domain squatter. Unfortunately this page is not in any web archive that I can find. These components are a part of a project on github: https://github.com/t-d-k/doxbox/tree/master/SDeanComponents. I am the maintainer of that project so don't want to update the link myself as I could have a vested interest. Tdk at squte (talk) 21:33, 9 September 2014 (UTC)


 * Thanks for bringing this to attention. These kinds of lists, particularly lists of external links are generally discouraged, so I have split that out as List of applications using PKCS 11 and unlinked all the entries. -- intgr [talk] 17:44, 11 November 2014 (UTC)