In cryptography, PKCS11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards. (The PKCS#11 standard names the API "Cryptoki" which is an amalgamation of "cryptographic token interface", but "PKCS#11" is often used to refer to the API as well as the standard that defines it.)

Since there is no real standard for cryptographic tokens, this API has been developed to be an abstraction layer for the generic cryptographic token. The PKCS#11 API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

PKCS#11 is largely adopted to access smart cards and HSMs. Most commercial Certification Authority software uses PKCS#11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS#11, such as Mozilla Firefox and OpenSSL (using an extension). Software written for Microsoft Windows may use the platform specific MS-CAPI API. Server provides support for PKCS11 smart cards and tokens, please visit products page for more details.