PKCS#11 Requirements

A PKCS#11 token must support the AES_CTR algorithm. For example, SafeNet USB eToken 5110 is one of the inexpensive models with AES_CTR support. Modules with custom encryption must implement the random access cipher.

The module should be a DLL with exports accordingly to the PKCS#11 specification. Additionally, DbDefence verifies a digital signature for the module. Modules with missing digital signatures or with an improper PKCS#11 format are declined. Modules from unauthorized vendors are declined. Currently DbDefence supports modules from the following vendors:

  • Activecrypt Software
  • SafeNet

If you would like to add support for a specific vendor or your own digital signature, please contact