This article lists applications and other software implementations using the PKCS #11 standard.

Applications

FreeOTFE FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile (using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written is a ...

– disk encryption system (PKCS #11 can either be used to encrypt critical data block, or as keyfile storage) *

Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and a ...

– a web browser *

Mozilla Thunderbird Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client developed by the Mozilla Foundation and operated by subsidiary MZLA Technologies Corporation. The project s ...

– an email client *

OpenDNSSEC OpenDNSSEC is a computer program that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security. OpenDNSSEC was created as ...

– a

DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...

signer *

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...

– TLS/SSL library (with engine_pkcs11) *

GnuTLS GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network trans ...

– TLS/SSL library *

Network Security Services Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the ...

library developed by Mozilla *

OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...

–

VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...

system * StrongSwan –

system *

TrueCrypt TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication). On 28 May ...

– disk encryption system (PKCS #11 only used as trivial keyfile storage) * TrouSerS – an open-source TCG Software Stack * OpenSC –

smartcard A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

library *

OpenSSH OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture. Network Working Gr ...

– a

Secure Shell The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a ...

implementation (since OpenSSH version 5.4) *

OpenDS OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2). Written in Java (prog ...

– an open source directory server. *

Oracle Database Oracle Database (commonly referred to as Oracle DBMS, Oracle Autonomous Database, or simply as Oracle) is a multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online t ...

– uses PKCS#11 for transparent data encryption * IBM DB2 Database – uses PKCS#11 for transparent data encryption *

PowerDNS PowerDNS is a DNS server program, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different ''backends'' ranging from simple BIND style zonefiles to relational databases and load ...

– open source, authoritative DNS server (since version 3.4.0) *

GNOME Keyring GNOME Keyring is a software application designed to store security credentials such as usernames, passwords, and keys, together with a small amount of relevant metadata. The sensitive data is encrypted and stored in a keyring file in the user's ...

– a password and cryptographic key manager. *

Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...

Cryptographic Framework – pluggable cryptographic system in operating system *

Safelayer Safelayer Secure Communications S.A. is a Spanish private company founded in May 1999. It develops software products on the public key infrastructure area ( digital security for identity management, electronic signature and data protection). ...

– KeyOne and TrustedX product suites.
Pkcs11Admin
– GUI tool for administration of PKCS#11 enabled devices
SoftHSM
– implementation of a cryptographic store accessible through a PKCS#11 interface * XCA – X Certificate and Key management *

SecureCRT SecureCRT is a commercial SSH and Telnet client and terminal emulator by VanDyke Software. Originally a Windows product, VanDyke later added a Mac OS X version in 2010 with release v6.6 and a Linux version in 2011 with release v6.7. History Sec ...

– SSH client *

wolfSSL wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming lan ...

– an SSL/TLS library with PKCS #11 support * XShell - SSH Client from NetSarang Computer, Inc (versions > 6.0 support PKCS#11)
EJBCA
– Certification Authority software (uses PKCS#11 for digital signatures)
SignServer
– Server side software for digitally signing and time stamping documents, files and code (uses PKCS#11 for digital signatures and key wrapping/unwrapping)
PuTTY-CAC
- A fork of PuTTY that supports smartcard authentication

PKCS #11 wrappers

Since PKCS #11 is a complex C API many wrappers exist that let the developer use the API from various languages. * For Perl: *
Crypt::PKCS11
*
Crypt::NSS::PKCS11
*
Crypt::PKCS11::Easy
*
Crypt::Cryptoki

php-pkcs11
PHP PKCS11 Extension including the support of the Oasis PKCS11 standard * NCryptoki - .NET (C# and VB.NET), Silverlight 5 and Visual Basic 6 wrapper for PKCS #11 API * Pkcs11Interop - Open source .NET wrapper for unmanaged PKCS#11 libraries
python-pkcs11
- The most complete and documented PKCS#11 wrapper for

Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...

PyKCS11
- Another wrapper for

* pkcs11 - Another wrapper for

* Java includes
wrapper for PKCS #11 API
since version 1.5
IAIK PKCS#11 Wrapper
https://github.com/mikma/pkcs11wrapper on GitHub] - A library for the Java™ platform which makes PKCS#11 modules accessible from within Java. * pkcs11-helper - A simple open-source software, open source C interface to handle PKCS #11 tokens. * SDeanComponents - Delphi wrapper for PKCS #11 API
jacknji11
- Java wrapper using

Java Native Access Java Native Access (JNA) is a community-developed library that provides Java programs easy access to native shared libraries without using the Java Native Interface (JNI). JNA's design aims to provide native access in a natural way with a minimum ...

(JNA)
rust-cryptoki
- High-level,

Rust Rust is an iron oxide, a usually reddish-brown oxide formed by the reaction of iron and oxygen in the catalytic presence of water or air moisture. Rust consists of hydrous iron(III) oxides (Fe2O3·nH2O) and iron(III) oxide-hydroxide (FeO(OH ...

idiomatic wrapper crate for PKCS #11.
rust-pkcs11
- Crate for

* ruby-pkcs11 - Ruby binding for PKCS #11 API * tclPKCS11 = Tcl binding for PKCS#11 API * pkcs11.net - .NET wrapper for PKCS #11 API * Oracle Solaris Cryptographic Framework * pkcs11 - Go wrapper for PKCS #11 API * node.js *
graphene
- high level OOP wrapper for pkcs#11 ** pkcs11js - low level wrapper for pkcs#11

References

{{DEFAULTSORT:PKCS 11 applications Lists of software Cryptography lists and comparisons