Supported Standards And Protocols; Pkcs #11 - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Chapter 3.

Supported Standards and Protocols

Red Hat Certificate System is based on many public and standard protocols and RFCs, to ensure the
best possible performance and interoperability. The major standards and protocols used or supported
by Certificate System 8.0 are outlined in this chapter, to help administrators plan their client services
effectively.

3.1. PKCS #11

Public-Key Cryptography Standard (PKCS) #11 specifies an API used to communicate with devices
that hold cryptographic information and perform cryptographic operations. Because it supports PKCS
#11, Certificate System is compatible with a wide range of hardware and software devices.
At least one PKCS #11 module must be available to any Certificate System subsystem instance. A
PKCS #11 module (also called a cryptographic module or cryptographic service provider) manages
cryptographic services such as encryption and decryption. PKCS #11 modules are analogous to
drivers for cryptographic devices that can be implemented in either hardware or software. Certificate
System contains a built-in PKCS #11 module and can support third-party modules.
A PKCS #11 module always has one or more slots which can be implemented as physical hardware
slots in a physical reader such as smart cards or as conceptual slots in software. Each slot for a
PKCS #11 module can in turn contain a token, which is the hardware or software device that actually
provides cryptographic services and optionally stores certificates and keys.
Two cryptographic modules are included in the Certificate System:
41