|
Home > |
|---|
PKCS#11 is a standard security module interface defined specifically for removable tokens like smart cards, but it is also applicable to non-removable devices. Many vendors have adopted this interface, so the likelihood of any particular application being required to operate with more than one PKCS#11 device is quite high. This interoperability is highly beneficial to the application developer.
•Look for PKCS#11 security modules that have high interoperability with standard PKCS#11 applications. Common PKCS#11 applications include Netscape, Entrust, Identrus etc.
•Test with multiple devices. Without testing, it is impossible to know for certain that an application is interoperable.
•Since there is no central compliance-testing lab for generic PKCS#11 implementations, many implementations with low interoperability also exist. Instead, various application-specific compliance test suites have been used.
•Vendor-defined extensions will not be present on other vendors' implementations. These should be used only when there is no alternative, or where vendor independence is not an issue.