Cryptographic Token Interface Standard

PKCS#11

---

CK_SESSION_INFO Reference

CK_SESSION_INFO

CK_SESSION_INFO provides information about a session. More...

Data Fields
CK_SLOT_ID	slotID
	ID of the slot that interfaces with the token. More...
CK_STATE	state
	the state of the session. More...
CK_FLAGS	flags
	bit flags that define the type of session; the flags are defined below. More...
CK_USHORT	usDeviceError
	an error code defined by the cryptographic device. More...

---

Detailed Description

CK_SESSION_INFO

CK_SESSION_INFO provides information about a session. It is defined as follows:

slotID	ID of the slot that interfaces with the token
state	the state of the session
flags	bit flags that define the type of session; the flags are defined below
usDeviceError	an error code defined by the cryptographic device. Used for errors not covered by Cryptoki.

The flags are defined in the following table.

Table 7-3, Session Information Flags

Bit Flag	Mask	Meaning
CKF_EXCLUSIVE_SESSION	0x0001	TRUE if the session is exclusive; FALSE if the session is shared
CKF_RW_SESSION	0x0002	TRUE if the session is read/write; FALSE if the session is read-only
CKF_SERIAL_SESSION	0x0004	TRUE if cryptographic functions are performed in serial with the application; FALSE if the functions may be performed in parallel with the application

CK_SESSION_INFO_PTR

CK_SESSION_INFO_PTR points to a CK_SESSION_INFO structure. It is implementation dependent.

Object types

Cryptoki represents object information with the following types.

CK_OBJECT_HANDLE

CK_OBJECT_HANDLE is a token-specific identifier for an object. It is defined as follows:

typedef CK_ULONG CK_OBJECT_HANDLE;

The handle is assigned by Cryptoki when an object is created. The handle for an object is unique among all objects in the token at a given time, and remains constant until the object is destroyed.

Cryptoki considers an object handle valid if and only if the object exists and is accessible to the application. In particular, object handles for private objects are valid if only if a user is logged in.

CK_OBJECT_HANDLE_PTR

CK_OBJECT_HANDLE_PTR points to a CK_OBJECT_HANDLE. It is implementation dependent.

CK_OBJECT_CLASS

CK_OBJECT_CLASS is a value that identifies the classes (or types) of objects that Cryptoki recognizes. It is defined as follows:

typedef CK_USHORT CK_OBJECT_CLASS;

For this version of Cryptoki, the following classed of objects are defined:

#define CKO_DATA 0x0000
#define CKO_CERTIFICATE 0x0001
#define CKO_PUBLIC_KEY 0x0002
#define CKO_PRIVATE_KEY 0x0003
#define CKO_SECRET_KEY 0x0004
#define CKO_VENDOR_DEFINED 0x8000

Object classes CKO_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their object classes through the PKCS process.

CK_OBJECT_CLASS_PTR

CK_OBJECT_CLASS_PTR points to a CK_OBJECT_CLASS structure. It is implementation dependent.

CK_KEY_TYPE

CK_KEY_TYPE is a value that identifies a key type. It is defined as follows:

typedef CK_USHORT CK_KEY_TYPE;

For this version of Cryptoki, the following key types are defined:

#define CKK_RSA 0x0000
#define CKK_DSA 0x0001
#define CKK_DH 0x0002
#define CKK_GENERIC_SECRET 0x0010
#define CKK_RC2 0x0011
#define CKK_RC4 0x0012
#define CKK_DES 0x0013
#define CKK_DES2 0x0014
#define CKK_DES3 0x0015
#define CKK_VENDOR_DEFINED 0x8000

Key types CKK_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their key types through the PKCS process.

CK_CERTIFICATE_TYPE

CK_CERTIFICATE_TYPE is a value that identifies a certificate type. It is defined as follows:

typedef CK_USHORT CK_CERTIFICATE_TYPE;

For this version of Cryptoki, the following certificate types are defined:

#define CKC_X_509 0x0000
#define CKC_VENDOR_DEFINED 0x8000

Certificate types CKC_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their certificate types through the PKCS process.

CK_ATTRIBUTE_TYPE

CK_ATTRIBUTE_TYPE is a value that identifies an attribute type. It is defined as follows:

typedef CK_USHORT CK_ATTRIBUTE_TYPE;

For this version of Cryptoki, the following attribute types are defined:

#define CKA_CLASS 0x0000
#define CKA_TOKEN 0x0001
#define CKA_PRIVATE 0x0002
#define CKA_LABEL 0x0003
#define CKA_APPLICATION 0x0010
#define CKA_VALUE 0x0011
#define CKA_CERTIFICATE_TYPE 0x0080
#define CKA_ISSUER 0x0081
#define CKA_SERIAL_NUMBER 0x0082
#define CKA_KEY_TYPE 0x0100
#define CKA_SUBJECT 0x0101
#define CKA_ID 0x0102
#define CKA_SENSITIVE 0x0103
#define CKA_ENCRYPT 0x0104
#define CKA_DECRYPT 0x0105
#define CKA_WRAP 0x0106
#define CKA_UNWRAP 0x0107
#define CKA_SIGN 0x0108
#define CKA_SIGN_RECOVER 0x0109
#define CKA_VERIFY 0x010A
#define CKA_VERIFY_RECOVER 0x010B
#define CKA_DERIVE 0x010C
#define CKA_MODULUS 0x0120
#define CKA_MODULUS_BITS 0x0121
#define CKA_PUBLIC_EXPONENT 0x0122
#define CKA_PRIVATE_EXPONENT 0x0123
#define CKA_PRIME_1 0x0124
#define CKA_PRIME_2 0x0125
#define CKA_EXPONENT_1 0x0126
#define CKA_EXPONENT_2 0x0127
#define CKA_COEFFICIENT 0x0128
#define CKA_PRIME 0x0130
#define CKA_SUBPRIME 0x0131
#define CKA_BASE 0x0132
#define CKA_VALUE_BITS 0x0160
#define CKA_VALUE_LEN 0x0161
#define CKA_VENDOR_DEFINED 0x8000

Section defines the attributes for each object class. Attribute types CKA_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their attribute types through the PKCS process.

CK_ATTRIBUTE

CK_ATTRIBUTE is a structure that includes the type, length and value of an attribute. It is defined as follows:

---

Field Documentation

CK_SLOT_ID slotID

ID of the slot that interfaces with the token.

CK_STATE state

the state of the session.

CK_FLAGS flags

bit flags that define the type of session; the flags are defined below.

CK_USHORT usDeviceError

an error code defined by the cryptographic device. Used for errors not covered by Cryptoki.

---

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v100