Digital Certificates › PKCS #11 Tokens

PKCS #11 Tokens

PKCS #11 is the cryptographic token interface standard. It specifies an application programming interface (API) to tokens, that hold cryptographic information and perform cryptographic functions.

z/OS PKCS #11 tokens are created using system software such as CA Top Secret, ACF2, RACF, the gskkyman utility, or by applications using the C API.

Each token has a unique token name, or label, specified by the end user or application when the token is created.

A token name must follow these rules:

• Up to 32 characters in length
• Permitted characters are:
  • Alphanumeric
  • National: @ (X'5B'), # (X'7B'), or $ (X'7C')
  • Period
• The first character must be alphabetic or national
• Lowercase letters can be used but are folded to uppercase

To use PKCS #11 tokens with CA Top Secret, use the TSS P11TOKEN command function with the BIND, IMPORT, TOKENADD, TOKENDEL, TOKENLST and UNBIND keywords.

For information, see the Command Function Guide.