# Key management

The Qualcomm Linux Security solution supports the public-key cryptography standards by implementing the PKCS#11 APIs. This feature allows applications to use keys and certificates in a platform-independent manner.

PKCS#11 is implemented as a global platform for running trusted applications within Qualcomm TEE. There is also a corresponding rich execution environment (REE) implementation for these applications.

For more information, see the following documents:

- [PKCS #11 Cryptographic Token Interface Base Specification](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html)
- [PKCS #11 Cryptographic Token Interface Usage Guide](https://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cnd01/pkcs11-ug-v2.40-cnd01.html)

## Limitations

The following functionalities aren’t supported:

- Random number generator functionality
- P-192 in CKM\_ECDSA
- RSA PKCS key generation and signing in CKM\_RSA\_PKCS mode
- EDDSA key generation and signing

## Next steps

- To learn about the next security feature, see [Secure boot](https://docs.qualcomm.com/doc/80-70018-11/topic/secure-boot.html#secure-boot).
- To learn about TrustZone and security framework, see [Security architecture](https://docs.qualcomm.com/doc/80-70018-11/topic/architecture.html#architecture).
- To learn about APIs that can be used to interact with Linux and hardware, see [Security APIs](https://docs.qualcomm.com/doc/80-70018-11/topic/interfaces.html#interfaces).

Last Published: Apr 10, 2025

[Previous Topic
Cryptography](https://docs.qualcomm.com/bundle/publicresource/80-70018-11/topics/crypto-core.md) [Next Topic
Secure boot](https://docs.qualcomm.com/bundle/publicresource/80-70018-11/topics/secure-boot.md)