PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
| CK_SLOT_ID | slotID |
| ID of the slot that interfaces with the token. More... | |
| CK_STATE | state |
| the state of the session. More... | |
| CK_FLAGS | flags |
| bit flags that define the type of session; the flags are defined below. More... | |
| CK_ULONG | ulDeviceError |
| an error code defined by the cryptographic device. More... | |
| slotID | ID of the slot that interfaces with the token |
| state | the state of the session |
| flags | bit flags that define the type of session; the flags are defined below |
| ulDeviceError | an error code defined by the cryptographic device. Used for errors not covered by Cryptoki. |
The following table defines the flags parameter:
Table 7-3, Session Information Flags
| Bit Flag | Mask | Meaning |
| CKF_EXCLUSIVE_SESSION | 0x00000001 | TRUE if the session is exclusive; FALSE if the session is shared |
| CKF_RW_SESSION | 0x00000002 | TRUE if the session is read/write; FALSE if the session is read-only |
| CKF_SERIAL_SESSION | 0x00000004 | TRUE if cryptographic functions are performed in serial with the application; FALSE if the functions may be performed in parallel with the application |
| CKF_INSERTION_CALLBACK | 0x00000008 | this flag is write-only, i.e., is supplied as an argument to a C_OpenSession call, but is never set in a session's CK_SESSION_INFO structure. It is TRUE if the call is a request for a token insertion callback, instead of being a request to open a session |
Object types
Cryptoki represents object information with the following types:
typedef CK_ULONG CK_OBJECT_HANDLE;
When an object is created or found on a token, Cryptoki assigns it an object handle for sessions to use to access it. A particular object on a token does not necessarily have a handle which is fixed for the lifetime of the object; however, if a particular session can use a particular handle to access a particular object, then that session will continue to be able to use that handle to acces that object as long as the session continues to exist, the object continues to exist, and the object continues to be accessible to the session.
typedef CK_ULONG CK_OBJECT_CLASS;
For this version of Cryptoki, the following classes of objects are defined:
#define CKO_DATA 0x00000000 #define CKO_CERTIFICATE 0x00000001 #define CKO_PUBLIC_KEY 0x00000002 #define CKO_PRIVATE_KEY 0x00000003 #define CKO_SECRET_KEY 0x00000004 #define CKO_VENDOR_DEFINED 0x80000000
Object classes CKO_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their object classes through the PKCS process.
typedef CK_ULONG CK_KEY_TYPE;
For this version of Cryptoki, the following key types are defined:
#define CKK_RSA 0x00000000 #define CKK_DSA 0x00000001 #define CKK_DH 0x00000002 #define CKK_ECDSA 0x00000003 #define CKK_MAYFLY 0x00000004 #define CKK_KEA 0x00000005 #define CKK_GENERIC_SECRET 0x00000010 #define CKK_RC2 0x00000011 #define CKK_RC4 0x00000012 #define CKK_DES 0x00000013 #define CKK_DES2 0x00000014 #define CKK_DES3 0x00000015 #define CKK_CAST 0x00000016 #define CKK_CAST3 0x00000017 #define CKK_CAST5 0x00000018 #define CKK_RC5 0x00000019 #define CKK_IDEA 0x0000001A #define CKK_SKIPJACK 0x0000001B #define CKK_BATON 0x0000001C #define CKK_JUNIPER 0x0000001D #define CKK_CDMF 0x0000001E #define CKK_VENDOR_DEFINED 0x80000000
Key types CKK_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their key types through the PKCS process.
typedef CK_ULONG CK_CERTIFICATE_TYPE;
For this version of Cryptoki, the following certificate types are defined:
#define CKC_X_509 0x00000000 #define CKC_VENDOR_DEFINED 0x80000000
Certificate types CKC_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their certificate types through the PKCS process.
typedef CK_ULONG CK_ATTRIBUTE_TYPE;
For this version of Cryptoki, the following attribute types are defined:
#define CKA_CLASS 0x00000000 #define CKA_TOKEN 0x00000001 #define CKA_PRIVATE 0x00000002 #define CKA_LABEL 0x00000003 #define CKA_APPLICATION 0x00000010 #define CKA_VALUE 0x00000011 #define CKA_CERTIFICATE_TYPE 0x00000080 #define CKA_ISSUER 0x00000081 #define CKA_SERIAL_NUMBER 0x00000082 #define CKA_KEY_TYPE 0x00000100 #define CKA_SUBJECT 0x00000101 #define CKA_ID 0x00000102 #define CKA_SENSITIVE 0x00000103 #define CKA_ENCRYPT 0x00000104 #define CKA_DECRYPT 0x00000105 #define CKA_WRAP 0x00000106 #define CKA_UNWRAP 0x00000107 #define CKA_SIGN 0x00000108 #define CKA_SIGN_RECOVER 0x00000109 #define CKA_VERIFY 0x0000010A #define CKA_VERIFY_RECOVER 0x0000010B #define CKA_DERIVE 0x0000010C #define CKA_START_DATE 0x00000110 #define CKA_END_DATE 0x00000111 #define CKA_MODULUS 0x00000120 #define CKA_MODULUS_BITS 0x00000121 #define CKA_PUBLIC_EXPONENT 0x00000122 #define CKA_PRIVATE_EXPONENT 0x00000123 #define CKA_PRIME_1 0x00000124 #define CKA_PRIME_2 0x00000125 #define CKA_EXPONENT_1 0x00000126 #define CKA_EXPONENT_2 0x00000127 #define CKA_COEFFICIENT 0x00000128 #define CKA_PRIME 0x00000130 #define CKA_SUBPRIME 0x00000131 #define CKA_BASE 0x00000132 #define CKA_VALUE_BITS 0x00000160 #define CKA_VALUE_LEN 0x00000161 #define CKA_EXTRACTABLE 0x00000162 #define CKA_LOCAL 0x00000163 #define CKA_NEVER_EXTRACTABLE 0x00000164 #define CKA_ALWAYS_SENSITIVE 0x00000165 #define CKA_MODIFIABLE 0x00000170 #define CKA_VENDOR_DEFINED 0x80000000
Section defines the attributes for each object class. Attribute types CKA_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their attribute types through the PKCS process.
|
|
ID of the slot that interfaces with the token. |
|
|
the state of the session. |
|
|
bit flags that define the type of session; the flags are defined below. |
|
|
an error code defined by the cryptographic device. Used for errors not covered by Cryptoki. |