PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
This proposed standard defines an API to high-level security services such as authentication of identities and data-origin, non-repudiation, and separation and protection. It is at a higher level than Cryptoki. The following table lists the GCS-API functions with the Cryptoki functions used to implement the functions. Note that full support of GCS-API is left for future versions of Cryptoki.
Table B-2, GCS-API vs. Cryptoki
| GCS-API | Cryptoki implementation |
| retrieve_CC | |
| release_CC | |
| generate_hash | C_DigestInit, C_Digest |
| generate_random_number | C_GenerateRandom |
| generate_checkvalue | C_SignInit, C_Sign, C_SignUpdate, C_SignFinal |
| verify_checkvalue | C_VerifyInit, C_Verify, C_VerifyUpdate, C_VerifyFinal |
| data_encipher | C_EncryptInit, C_Encrypt, C_EncryptUpdate, C_EncryptFinal |
| data_decipher | C_DecryptInit, C_Decrypt, C_DecryptUpdate, C_DecryptFinal |
| create_CC | |
| derive_key | C_DeriveKey |
| generate_key | C_GenerateKey |
| store_CC | |
| delete_CC | |
| replicate_CC | |
| export_key | C_WrapKey |
| import_key | C_UnwrapKey |
| archive_CC | C_WrapKey |
| restore_CC | C_UnwrapKey |
| set_key_state | |
| generate_key_pattern | |
| verify_key_pattern | |
| derive_clear_key | C_DeriveKey |
| generate_clear_key | C_GenerateKey |
| load_key_parts | |
| clear_key_encipher | C_WrapKey |
| clear_key_decipher | C_UnwrapKey |
| change_key_context | |
| load_initial_key | |
| generate_initial_key | |
| set_current_master_key | |
| protect_under_new_master_key | |
| protect_under_current_master_key | |
| initialise_random_number_generator | C_SeedRandom |
| install_algorithm | |
| de_install_algorithm | |
| disable_algorithm | |
| enable_algorithm | |
| set_defaults |