Public-Key Cryptography Standard

PKCS - Wikiwand
What are Public-Key Cryptography Standards (PKCS)?
Guide to Public Key Cryptography Standards in Cyber Security | RSI Security

PKCS #1: RSA (RFC8017)
PKCS #3: Diffie–Hellman Key Agreement Standard

RFC 8018 - PKCS #5: Password-Based Cryptography Specification Version 2.1
PBKDF2 - Wikiwand

Certificate signing request - Wikiwand
RFC 2986 - PKCS #10: Certification Request Syntax Specification Version 1.7

PKCS 12 - Wikiwand
RFC 7292 - PKCS #12: Personal Information Exchange Syntax v1.1

PKCS 7/CMS

PKCS 7 - Wikiwand
RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5
RFC 5652 - Cryptographic Message Syntax (CMS) IETF picked up CMS, obsoletes 3852

• SignedData
• EnvelopedData
• EncryptedData
• DigestedData
• AuthenticatedData

RFC 5083 - Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type

• AuthEnvelopedData

RFC 3274 - Compressed Data Content Type for Cryptographic Message Syntax (CMS)

• CompressedData

RFC 4073 - Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)

• ContentCollection
• ContentWithAttributes

RFC 4108 - Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages
RFC 5958 - Asymmetric Key Packages obsoletes RFC5208 PKCS#8
RFC 6010 - Cryptographic Message Syntax (CMS) Content Constraints Extension
RFC 6160 - Algorithms for Cryptographic Message Syntax (CMS) Protection of Symmetric Key Package Content Types
RFC 6211 - Cryptographic Message Syntax (CMS) Algorithm Identifier Protection Attribute
RFC 7468 - Textual Encodings of PKIX, PKCS, and CMS Structures
RFC 8696 - Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)

PKCS 11

PKCS 11 - Wikiwand Cryptoki, C API to communicate with HSM or smart cards
PKCS #11 Specification Version 3.1
oasis-tcs/pkcs11: OASIS PKCS 11 TC: Repository to support version control for development of technical files associated with the OASIS PKCS11 specification

An Introduction to PKCS#11

pkcs11-spec-v3.2-wd13.docx uploaded | OASIS PKCS 11 TC

Clients

ThalesGroup/crypto11: Implement crypto.Signer and crypto.Decrypter for HSM-protected keys via PKCS#11 Go binding

jdk.crypto.cryptoki implementation of the SunPKCS11 security provider
Java PKCS#11 Reference Guide
SimpleMethod/PKCS11-Java-Wrapper: A comprehensive Java library for interacting with PKCS#11 (Cryptoki) compatible hardware security modules (HSMs) and smart cards. This wrapper simplifies cryptographic operations while maintaining high security standards. GPL v3

OpenSC/OpenSC: Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend LGPL v2.1

openCryptoki - An Open Source Implementation of PKCS #11 - IBM Documentation
opencryptoki/opencryptoki: PKCS#11 library and tools for Linux and AIX. Includes tokens supporting IBM crypto hardware as well as a software token.

c - OpenSC vs openCryptoKI - Stack Overflow
OpenSC is a software stack for smart cards. And it includes a PKCS#11 module. OpenCryptoki is "just" a PKCS#11 module (meaning software-only-module, except for some IBM PCI cards, apparently) that has nothing to do with (most) smart cards.

Software implementations

softhsm/SoftHSMv2: SoftHSM version 2
SoftHSMv2 · Cloudflare SSL/TLS docs

corePKCS11: Overview
FreeRTOS/corePKCS11: Software implementation of the PKCS #11 standard.

yay -S softhsm opensc

> softhsm2-util --show-slots
Available slots:
Slot 0
    Slot info:
        Description:      SoftHSM slot ID 0x0
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

> softhsm2-util --init-token --slot 0 --label Token1
=== SO PIN (4-255 characters) ===
Please enter SO PIN: ******
Please reenter SO PIN: ******
=== User PIN (4-255 characters) ===
Please enter user PIN: ******
Please reenter user PIN: ******
error registering mldsa44 with no hash
The token has been initialized and is reassigned to slot 491172432
A Graduate Course in Applied Cryptography
> pkcs11-tool --show-info --module /usr/lib/softhsm/libsofthsm2.so
error registering mldsa44 with no hash
Cryptoki version 2.40
Manufacturer     SoftHSM
Library          Implementation of PKCS11 (ver 2.6)
Using slot 0 with a present token (0x1d46b250)

> pkcs11-tool --list-slots --module /usr/lib/softhsm/libsofthsm2.so
error registering mldsa44 with no hash
Available slots:
Slot 0 (0x1d46b250): SoftHSM slot ID 0x1d46b250
  token label        : Token1
  token manufacturer : SoftHSM project
  token model        : SoftHSM v2
  token flags        : login required, rng, token initialized, PIN initialized, other flags=0x20
  hardware version   : 2.6
  firmware version   : 2.6
  serial num         : 628ee7169d46b250
  pin min/max        : 4/255
  uri                : pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=628ee7169d46b250;token=Token1
Slot 1 (0x1): SoftHSM slot ID 0x1
  token state:   uninitialized