Calls: Send in your ideas. Deadline August 1st, 2023.

Pitchfork PKCS#11

Contribute to OASIS standardisation PKCS#11 v3

PKCS #11 is the de facto standard for cryptographic tokens controlling authentication information (personal identity, cryptographic keys, certificates, digital signatures, biometric data). Due to the age of the standard, it was lacking a number of modern, so called 'quantum-resistant' algorithms. This small project enables open source developers from the Pitchfork project to contribute a number of important algorithms to the OASIS PKCS #11 standards committee in time for the pending new version of PKCS #11.

The PITCHFORK is a free/libre hardware device for compartmentalizing key material and cryptographic operations in a small and durable USB device. It uses a Cortex-M3 processor and stores all keys in the CPUs flash. The PITCHFORK has an embedded radio interface over which it can do secure key exchanges with other devices, including "post-quantum" cryptography. Over USB it can send and receive messages using various modern low-level crypto protocols providing different aspects of overall security. Stef Marsiske from the Pitchfork project team joined the OASIS PKCS #11 standards committee to make sure the intersection of PKCS#11 supported algorithms and Pitchfork algorithms is no longer empty.

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and NGI Zero Entrust.

Want to help but no money to spend? Help us by protecting open source and its users.

.