Appendix D: Differences between IBM and Oracle versions of PKCS11

The Oracle keystore is named PKCS11 and the IBM® keystore is called PKCS11IMPLKS.
The Oracle keystore requires that all trusted certificates have the attribute CKA_TRUSTED set to true. The IBM keystore assumes that any certificates on the device are trusted. The IBM keystore can work with data that was saved using the Oracle keystore. However, the Oracle keystore might not be able to work with data saved using the IBM keystore.