diff --git a/app/brave_generated_resources.grd b/app/brave_generated_resources.grd
index 70f613c096f6..dd01631f0f96 100644
--- a/app/brave_generated_resources.grd
+++ b/app/brave_generated_resources.grd
@@ -348,6 +348,9 @@ Or change later at <ph name="SETTINGS_EXTENIONS_LINK">$2<ex>ping://settings/exte
       <message name="IDS_EXTENSION_PROMPT_WARNING_IPFS_PRIVATE" desc="Permisson string for access to private ipfs api.">
         Read and modify IPFS settings
       </message>
+      <message name="IDS_EXTENSION_PROMPT_WARNING_PKCS11" desc="Permisson string for access to PKCS11 api.">
+        Sign documents using a hardware security module
+      </message>
       <message name="IDS_LOCATION_BAR_ONION_AVAILABLE" desc="Button in location bar to indicate onion available site to open a new tab in tor window.">
         .onion
       </message>
diff --git a/browser/extensions/BUILD.gn b/browser/extensions/BUILD.gn
index 3683f6e39d0d..bb9fc4bef735 100644
--- a/browser/extensions/BUILD.gn
+++ b/browser/extensions/BUILD.gn
@@ -51,6 +51,8 @@ source_set("extensions") {
     "brave_theme_event_router.h",
     "updater/brave_update_client_config.cc",
     "updater/brave_update_client_config.h",
+    "api/pkcs11_api.cc",
+    "api/pkcs11_api.h",
   ]
 
   deps = [
diff --git a/browser/extensions/api/pkcs11_api.cc b/browser/extensions/api/pkcs11_api.cc
new file mode 100644
index 000000000000..4b5e7261cc16
--- /dev/null
+++ b/browser/extensions/api/pkcs11_api.cc
@@ -0,0 +1,46 @@
+/* Copyright (c) 2019 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "brave/browser/extensions/api/pkcs11_api.h"
+
+#include <memory>
+#include <string>
+
+#include "base/logging.h"
+#include "base/json/json_writer.h"
+#include "base/values.h"
+#include "brave/common/extensions/api/pkcs11.h"
+
+namespace extensions {
+namespace api {
+
+ExtensionFunction::ResponseAction Pkcs11InstallModuleFunction::Run() {
+  absl::optional<pkcs11::InstallModule::Params> params =
+      pkcs11::InstallModule::Params::Create(args());
+  EXTENSION_FUNCTION_VALIDATE(params);
+
+  LOG(INFO) << "Setting path: " << params->path << " for PKCS11 module.";
+
+  return RespondNow(NoArguments());
+}
+
+ExtensionFunction::ResponseAction Pkcs11SetPinFunction::Run() {
+  absl::optional<pkcs11::SetPin::Params> params =
+      pkcs11::SetPin::Params::Create(args());
+  EXTENSION_FUNCTION_VALIDATE(params);
+
+  LOG(INFO) << "Setting pin: " << params->pin << " for PKCS11 login.";
+
+  return RespondNow(NoArguments());
+}
+
+ExtensionFunction::ResponseAction Pkcs11GetSignatureFunction::Run() {
+  const std::string signature = "sample_signature";
+
+  return RespondNow(WithArguments(signature));
+}
+
+}  // namespace api
+}  // namespace extensions
diff --git a/browser/extensions/api/pkcs11_api.h b/browser/extensions/api/pkcs11_api.h
new file mode 100644
index 000000000000..61ed99dc4412
--- /dev/null
+++ b/browser/extensions/api/pkcs11_api.h
@@ -0,0 +1,47 @@
+/* Copyright (c) 2019 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_BROWSER_EXTENSIONS_API_PKCS11_API_H_
+#define BRAVE_BROWSER_EXTENSIONS_API_PKCS11_API_H_
+
+#include "extensions/browser/extension_function.h"
+
+namespace extensions {
+namespace api {
+
+class Pkcs11InstallModuleFunction : public ExtensionFunction {
+ public:
+  DECLARE_EXTENSION_FUNCTION("pkcs11.installModule", UNKNOWN)
+
+ protected:
+  ~Pkcs11InstallModuleFunction() override {}
+
+  ResponseAction Run() override;
+};
+
+class Pkcs11SetPinFunction : public ExtensionFunction {
+ public:
+  DECLARE_EXTENSION_FUNCTION("pkcs11.setPin", UNKNOWN)
+
+ protected:
+  ~Pkcs11SetPinFunction() override {}
+
+  ResponseAction Run() override;
+};
+
+class Pkcs11GetSignatureFunction : public ExtensionFunction {
+ public:
+  DECLARE_EXTENSION_FUNCTION("pkcs11.getSignature", UNKNOWN)
+
+ protected:
+  ~Pkcs11GetSignatureFunction() override {}
+
+  ResponseAction Run() override;
+};
+
+}  // namespace api
+}  // namespace extensions
+
+#endif  // BRAVE_BROWSER_EXTENSIONS_API_PKCS11_API_H_
diff --git a/chromium_src/chrome/common/extensions/permissions/chrome_api_permissions.cc b/chromium_src/chrome/common/extensions/permissions/chrome_api_permissions.cc
index df7fb82dee8b..b0ad208efd4c 100644
--- a/chromium_src/chrome/common/extensions/permissions/chrome_api_permissions.cc
+++ b/chromium_src/chrome/common/extensions/permissions/chrome_api_permissions.cc
@@ -16,7 +16,9 @@ constexpr APIPermissionInfo::InitInfo brave_permissions_to_register[] = {
     {APIPermissionID::kIpfs, "ipfs",
      APIPermissionInfo::kFlagImpliesFullURLAccess},
     {APIPermissionID::kIpfsPrivate, "ipfsPrivate",
-     APIPermissionInfo::kFlagImpliesFullURLAccess}};
+     APIPermissionInfo::kFlagImpliesFullURLAccess},
+     {APIPermissionID::kPkcs11, "pkcs11"},
+  };
 
 // Merges Brave and Chrormium constant arrays to final list of permissions.
 template <typename T, size_t N>
diff --git a/chromium_src/chrome/common/extensions/permissions/chrome_permission_message_rules.cc b/chromium_src/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
index c7251e4f6bf5..14c8220114cc 100644
--- a/chromium_src/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
+++ b/chromium_src/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
@@ -21,6 +21,9 @@ ChromePermissionMessageRule::GetAllRules() {
   rules.push_back({IDS_EXTENSION_PROMPT_WARNING_IPFS_PRIVATE,
                    {APIPermissionID::kIpfsPrivate},
                    {}});
+  rules.push_back({IDS_EXTENSION_PROMPT_WARNING_PKCS11,
+                   {APIPermissionID::kPkcs11},
+                   {}});
   return rules;
 }
 
diff --git a/chromium_src/extensions/common/mojom/api_permission_id.mojom b/chromium_src/extensions/common/mojom/api_permission_id.mojom
index 874d55b700c2..6a3b9a05f54b 100644
--- a/chromium_src/extensions/common/mojom/api_permission_id.mojom
+++ b/chromium_src/extensions/common/mojom/api_permission_id.mojom
@@ -8,5 +8,6 @@ module extensions.mojom;
 [BraveExtend]
 enum APIPermissionID {
   kIpfs = 750,
-  kIpfsPrivate = 751
+  kIpfsPrivate = 751,
+  kPkcs11 = 911
 };
diff --git a/common/extensions/api/BUILD.gn b/common/extensions/api/BUILD.gn
index b4bd2fa2b9ff..222937586d8b 100644
--- a/common/extensions/api/BUILD.gn
+++ b/common/extensions/api/BUILD.gn
@@ -62,6 +62,7 @@ brave_extensions_api_schema_sources = [
   "brave_theme.json",
   "greaselion.json",
   "rewards_notifications.json",
+  "pkcs11.json"
 ]
 
 if (enable_ipfs) {
diff --git a/common/extensions/api/_api_features.json b/common/extensions/api/_api_features.json
index 0449e20985e7..9a7667af76ab 100644
--- a/common/extensions/api/_api_features.json
+++ b/common/extensions/api/_api_features.json
@@ -169,5 +169,9 @@
     "matches": [
       "chrome://newtab/*"
     ]
-  }]
+  }],
+  "pkcs11": {
+    "dependencies": ["permission:pkcs11"],
+    "contexts": ["blessed_extension"]
+  }
 }
diff --git a/common/extensions/api/_permission_features.json b/common/extensions/api/_permission_features.json
index c49f147152a8..43757fa7caa8 100644
--- a/common/extensions/api/_permission_features.json
+++ b/common/extensions/api/_permission_features.json
@@ -46,5 +46,10 @@
     "allowlist": [
       "21070F3D60711361C1210B870439BE49B5D995F4" // Ethereum Remote Client extension
     ]
+  },
+  "pkcs11": {
+    "channel": "stable",
+    "extension_types": ["extension", "legacy_packaged_app"]
   }
 }
+ 
\ No newline at end of file
diff --git a/common/extensions/api/pkcs11.json b/common/extensions/api/pkcs11.json
new file mode 100644
index 000000000000..65095bbf3448
--- /dev/null
+++ b/common/extensions/api/pkcs11.json
@@ -0,0 +1,58 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+[
+  {
+    "namespace": "pkcs11",
+    "description": "Use the <code>chrome.pkcs11</code> API to sign data using crypto token",
+    "compiler_options": {
+      "implemented_in": "brave/browser/extensions/api/pkcs11_api.h"
+    },
+    "functions": [
+      {
+        "name": "installModule",
+        "type": "function",
+        "description": "Set PKCS11 module path",
+        "parameters": [
+          {
+            "name": "path",
+            "type": "string",
+            "description": "system path of PKCS11 library"
+          }
+        ]
+      },
+      {
+        "name": "setPin",
+        "type": "function",
+        "description": "Set pin to login into crypto token",
+        "parameters": [
+          {
+            "name": "pin",
+            "type": "string",
+            "description": "Pin to login into crypto token"
+          }
+        ]
+      },
+      {
+        "name": "getSignature",
+        "type": "function",
+        "description": "Get signature for signed document",
+        "parameters": [
+          {
+            "name": "callback",
+            "type": "function",
+            "description": "Function called when signature for document is fetched",
+            "parameters": [
+              {
+                "name": "signature",
+                "type": "string",
+                "description": "signed signature"
+              }
+            ]
+          }
+        ]
+      }
+    ]
+  }
+]