The PKCS#11 standard has been around since 1995 and is a platform-independent API to access and use cryptographic functions in hardware security modules (HSMs), smart cards, USB tokens, TPMs and the like. PKCS#11 is standardized in the Oasis standardization organization.
In PKI and digital signature solutions, the use of cryptographic modules is widespread. On the server side, where our products mostly operate, it is mandatory in many audit schemes to use cryptographic modules that are certified. The two most prominent certifications being FIPS 140-2 (FIPS 140-3 is upcoming) and EN 419 221-5 (eIDAS Cryptographic Module for Trust Services).
For PrimeKey products, such as EJBCA, PrimeKey strives to support as wide range of cryptographic tokens as possible and therefore uses the standard PKCS#11 API to access these modules. Our products developed in Java can make use of two different client implementations of PKCS#11, the Java PKCS#11 provider which is built into the Java JDK on a high level, or JackNJI11 which gives more low level control to the PKCS#11 interface.