PKCS #11 is a standard that defines an API (also known as cryptoki) for interacting with cryptographic tokens.
They can interact with things including:
- Hardware security modules (HSMs)
- Smart cards
- Cryptographic acceleratorsNote:
Cryptographic accelerators aren't used as much now because most CPUs include their own native support.
Many PKCS #11 tokens provide the ability to store certificates, and the PingDirectory server supports using these types of PKCS #11 tokens as an alternative to a Java KeyStore (JKS) or PKCS #12 file-based key store. While the PKCS #11 tokens used in production environments are typically associated with hardware devices, it's possible to emulate a PKCS #11 token in software.