PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
| CK_CHAR | label [32] |
| application defined label, assigned during token initialization; must be padded with the blank character (' '). More... | |
| CK_CHAR | manufacturerID [32] |
| ID of the device manufacturer; must be padded with the blank character (' '). More... | |
| CK_CHAR | model [16] |
| model of the device; must be padded with the blank character (' '). More... | |
| CK_CHAR | serialNumber [16] |
| character-string serial number of the device; must be padded with the blank character (' '). More... | |
| CK_FLAGS | flags |
| bit flags indicating capabilities and status of the device as defined below. More... | |
| CK_USHORT | usMaxSessionCount |
| maximum number of sessions that can be opened with the token at one time. More... | |
| CK_USHORT | usSessionCount |
| number of sessions that are currently open with the token. More... | |
| CK_USHORT | usMaxRwSessionCount |
| maximum number of read/write sessions that can be opened with the token at one time. More... | |
| CK_USHORT | usRwSessionCount |
| number of read/write sessions that are currently open with the token. More... | |
| CK_USHORT | usMaxPinLen |
| maximum length in bytes of the PIN. More... | |
| CK_USHORT | usMinPinLen |
| minimum length in bytes of the PIN. More... | |
| CK_ULONG | ulTotalPublicMemory |
| the total amount of memory in bytes occupied by public objects. More... | |
| CK_ULONG | ulFreePublicMemory |
| the amount of free (unused) memory in bytes for public objects. More... | |
| CK_ULONG | ulTotalPrivateMemory |
| the total amount of memory in bytes occupied by private objects. More... | |
| CK_ULONG | ulFreePrivateMemory |
| the amount of free (unused) memory in bytes for private objects. More... | |
| label | application defined label, assigned during token initialization; must be padded with the blank character (' ') |
| manufacturerID | ID of the device manufacturer; must be padded with the blank character (' ') |
| model | model of the device; must be padded with the blank character (' ') |
| serialNumber | character-string serial number of the device; must be padded with the blank character (' ') |
| flags | bit flags indicating capabilities and status of the device as defined below |
| usMaxSessionCount | maximum number of sessions that can be opened with the token at one time |
| usSessionCount | number of sessions that are currently open with the token |
| usMaxRwSessionCount | maximum number of read/write sessions that can be opened with the token at one time |
| usRwSessionCount | number of read/write sessions that are currently open with the token |
| usMaxPinLen | maximum length in bytes of the PIN |
| usMinPinLen | minimum length in bytes of the PIN |
| ulTotalPublicMemory | the total amount of memory in bytes occupied by public objects |
| ulFreePublicMemory | the amount of free (unused) memory in bytes for public objects |
| ulTotalPrivateMemory | the total amount of memory in bytes occupied by private objects |
| ulFreePrivateMemory | the amount of free (unused) memory in bytes for private objects |
The flags parameter is defined as follows:
Table 7-2, Token Information Flags
| Bit Flag | Mask | Meaning |
| CKF_RNG | 0x0001 | TRUE if the token has its own random number generator |
| CKF_WRITE_PROTECTED | 0x0002 | TRUE if the token is write-protected |
| CKF_LOGIN_REQUIRED | 0x0004 | TRUE if a user must be logged in to perform cryptographic functions |
| CKF_USER_PIN_INITIALIZED | 0x0008 | TRUE if the normal user's PIN has been initialized |
| CKF_EXCLUSIVE_EXISTS | 0x0010 | TRUE if an exclusive session exists |
Session types
Cryptoki represents session information with the following types.
typedef CK_ULONG CK_SESSION_HANDLE;
typedef enum CK_USER_TYPE {
CKU_SO, /* Security Officer */
CKU_USER /* Normal user */
} CK_USER_TYPE;
typedef enum CK_STATE {
CKS_RW_PUBLIC_SESSION,
CKS_RW_USER_FUNCTIONS,
CKS_RO_PUBLIC_SESSION,
CKS_RO_SO_FUNCTIONS,
CKS_RO_USER_FUNCTIONS
} CK_STATE;
|
|
application defined label, assigned during token initialization; must be padded with the blank character (' '). |
|
|
ID of the device manufacturer; must be padded with the blank character (' '). |
|
|
model of the device; must be padded with the blank character (' '). |
|
|
character-string serial number of the device; must be padded with the blank character (' '). |
|
|
bit flags indicating capabilities and status of the device as defined below. |
|
|
maximum number of sessions that can be opened with the token at one time. |
|
|
number of sessions that are currently open with the token. |
|
|
maximum number of read/write sessions that can be opened with the token at one time. |
|
|
number of read/write sessions that are currently open with the token. |
|
|
maximum length in bytes of the PIN. |
|
|
minimum length in bytes of the PIN. |
|
|
the total amount of memory in bytes occupied by public objects. |
|
|
the amount of free (unused) memory in bytes for public objects. |
|
|
the total amount of memory in bytes occupied by private objects. |
|
|
the amount of free (unused) memory in bytes for private objects. |