Though the names are very similar, PCKS11 and PKCS12 are actually defining 2 very different things and this can create some confusion.

  • PKCS11 is a protocol used to access hardware encryption devices such as USB tokens, smart card or vaults (such as Azure Vault). Keystore API in Java allows to abstract access to the PKCS11 interface and to get list of digital ids / certificates and private keys from the hardware devices.
  • PKCS12 is a file format to store certificates and private keys. The KeyStore API in Java also allows to access certificate and keys from PKCS12 files.