Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

What is PKCS11?

Key Points
  • PKCS11 is an API for safe communication using cryptographic tokens like Yubikeys and HSMs.
  • Yubikeys, paired with certificates, such as those from SecureW2, improve organizational security and simplicity of use.
  • SecureW2 makes integrating certificates and security keys easier, improving security and reducing IT load.

High-profile data breaches from major organizations such as Equifax, Solar Winds, and even the White House have pushed network security into the forefront of the public eye.

One method of security that has seen an increase in response to hacks is security keys, such as Yubikeys. Security keys have actually been present for around a decade, but only recently have they seen heavy usage from the mainstream. This is partially due to the innovations in technology from companies like Yubico, as well as IT professionals becoming more aware of the problems caused by insecure passwords. A majority of IT security respondents and individuals (55%) prefer a method of protecting accounts that don’t involve passwords, SecureW2 can help by combining powerful certificates with Yubikeys, read about our Yubico integration here, or check out what one of our customers had to say here.

It’s important to understand the technology that goes along with them. One particularly important aspect of security keys is an API known as PKCS11.

 

What is PKCS11?

PKCS11 (Public-Key Cryptography Standards), also known as “Cryptoki” or PKCS#11, is an API used to communicate with cryptographic security tokens such as smart cards, USB keys, and Hardware Security Modules (HSMs).

The API defines the most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify, and delete those objects.

PKCS11 is, at its core, an API used to create or delete cryptographic data like public-private key pairs.

So for example, if you want to generate a new key pair, you would do so by calling one of the interfaces provided by the PKCS#11 standard. Considering that the standard is not bound to any specific platform, it can be used for all kinds of technologies, such as smartcards and hardware security modules.

 

How Do Smart Cards Use PKCS11?

PKCS11 is the standard that defines a way for software to interact with cryptographic tokens. A typical software application communication sequence using PKCS11 is pictured below.

Yubikey itself actually runs a modified version of the PKCS#11 framework; they aptly dubbed it  YKCS11. YKCS11 allows external applications to communicate with and/or use the PIV application present on the YubiKey itself through standardized means.

 

Improving Security Keys With SecureW2

Protocols like PKCS11 are just one of the many things that make security keys such a good investment for an organization’s security. It’s also important to ensure that anyone who uses security keys is using it to its full potential.

What’s the best way to maximize your security keys? Certificates!

Certificates remove any possibility of user error by relying on rigorous security protocols, encrypted key pairs, and easy identification.

SecureW2 has the industry’s only solution for using certificates with Yubikeys. With SecureW2, you can easily onboard users and have them configure security keys with certificates in minutes. This takes the burden away from IT departments who would traditionally have to manually enroll each Yubikey. Instead, end-users are fully capable of enrolling certificates themselves using our portal.

If you’re interested in exploring the possibilities of certificate onboarding and simple self-enrollment, check out our pricing page here.

 

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

What is PKCS11?