PKCS #11 for JSON Web Keys

Document Type Expired Internet-Draft (individual)
Last updated 2018-01-01 (latest revision 2017-06-30)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document updates RFC 7517 in order to specify an extension to the JSON Web Key (JWK) format so that private key material may be stored in cryptographic hardware using PKCS #11. It defines a new property for JWKs which contains the PKCS #11 URI identifying the location of the private key material. Implementations can use this URI to offload the cryptographic operations to the identified hardware.


Nathaniel McCallum (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)