Public Key Cryptography Standards (PKCS) #11 has gained wide acceptance within the cryptographic security device community and has become the interface of choice for many applications. The high esteem in which PKCS #11 is held is evidenced by the fact that it has been selected by a large number of companies as the API for their own devices. In this paper we analyse the security of the PKCS #11 standard as an interface (e.g. an application-programming interface (API)) for a security device. We show that PKCS #11 is vulnerable to a number of known and new API attacks and exhibits a number of design weaknesses that raise questions as to its suitability for this role. Finally we present some design solutions.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jolyon Clulow
    • 1
  1. 1.Department of Mathematical, and Statistical SciencesUniversity of NatalDurbanSouth Africa

Personalised recommendations