You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

Illustration courtesy of Shutterstock

PKCS 11 Overview

PKCS 11 defines an API called the cryptographic token interface, cryptoki for short. Cryptoki adds a layer of abstraction between the application and the cryptographic device. This allows applications to utilize multiple devices and run in multiple environments providing portability. PKCS 11 has been adopted by many supported devices that are vendor neutral and cross-platform, thus becoming an industry-wide standard.

Cryptoki provides an interface for an application to access cryptographic devices via logical slots. Each slot may contain a token, which is a logical view of a cryptographic device. A token is present when a cryptographic device is present. Applications can connect to tokens through any or all of the slots (see Figure 2).

Cryptoki represents each cryptographic device logically the same to every application. Therefore, the application doesn’t need to interface directly with the device provider. The application doesn’t need the details of the device; hence, the cryptographic device can even be implemented in software.

A PKCS 11 token is a logical device that stores objects and performs cryptographic functions. Cryptoki provides functions for managing PKCS 11 objects. There are three classes of objects: data, keys and certificates (see Figure 3). Within key objects, sub-types include public, private and secret keys. Cryptoki can create, destroy, copy and modify values within each object.


Chris Lita currently serves as lead cryptography engineer for the AIX Security Team. He is an expert software engineer, who has worked in a diverse set of technology areas within IBM.

Jason Jaramillo is a security software engineer for IBM AIX, specializing in Kerberos, OpenSSL, and Public Key Cryptography Standards 11.

Lucas McLane, CISSP, is an information assurance/software engineer for IBM AIX.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters