PKCS#11 Requirements

PKCS#11 token must support AES_CTR algorithm. For example, SafeNet USB eToken 5110 is one of inexpensive models with AES_CTR support. Modules with custom encryption must implement random access cipher.

The module should be a DLL with exports accordingly to PKCS#11 specification. Additionally Dbdefence verifies digital signature for the module. Modules with missing digital signatures or with improper PKCS#11 format are declined. Modules from unauthorized vendors are declined. Currently Dbdefence supports modules from the following vendors:

  • Activecrypt Software
  • SafeNet

If you would like to add support for particular vendor or your own digital signature please contact