• FreeDesktop.org
• Mailing List
• About

Spec: PKCS#11 URIs

PKCS#11 URIs are a way to identify a certain crypto object that resides in a PKCS#11 module. These URIs can be used in configuration files, or when one application needs to refer another to a cryptographic object, like a key or a certificate.

A PKCS#11 URI looks like:

pkcs11:token=The%20Software%20PKCS#11%20softtoken;object=my-certificate;
	objecttype=cert;id=%69%95%3e%5c%f4%bd%ec%91

Implementations and Integration

• GnuTLS: Used to lookup certificate and key objects.
• Gck library: API for parsing and building PKCS#11 URIs
• p11-kit: Used in configuration. Also has an API for parsing and building PKCS#11 URIs

Specification

• An IETF RFC Draft: draft-pechanec-pkcs11uri
• Discussion: saag@ietf.org
• Authors: J. Pechanec, D. Moffat