# Key management

The Qualcomm Linux Security solution supports the public-key cryptography standards by implementing the PKCS#11 APIs. This feature allows applications to use keys and certificates in a platform-independent manner.

PKCS#11 is implemented as a global platform for running trusted applications within Qualcomm TEE. There is also a corresponding rich execution environment (REE) implementation for these applications.

For more information, see the following documents:

- [PKCS #11 Cryptographic Token Interface Base Specification](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html)
- [PKCS #11 Cryptographic Token Interface Usage Guide](https://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cnd01/pkcs11-ug-v2.40-cnd01.html)

## Limitations

The following functionalities are not supported:

- Random number generator functionality
- P-192 in CKM\_ECDSA
- RSA PKCS key generation and signing in CKM\_RSA\_PKCS mode
- EDDSA key generation and signing

Last Published: Jan 30, 2025

[Previous Topic
Cryptography](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/crypto-core.md) [Next Topic
Secure boot](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/secure-boot.md)