PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
| CK_ULONG | ulMinKeySize |
| the minimum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent). More... | |
| CK_ULONG | ulMaxKeySize |
| the maximum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent). More... | |
| CK_FLAGS | flags |
| bit flags specifying mechanism capabilities. More... | |
| ulMinKeySize | the minimum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent) |
| ulMaxKeySize | the maximum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent) |
| flags | bit flags specifying mechanism capabilities |
For some mechanisms, the ulMinKeySize and ulMaxKeySize fields have meaningless values.
The following table defines the flags field:
Table 13, Mechanism Information Flags
| Bit Flag | Mask | Meaning |
| CKF_HW | 0x00000001 | TRUE if the mechanism is performed by the device; FALSE if the mechanism is performed in software |
| CKF_ENCRYPT | 0x00000100 | TRUE if the mechanism can be used with C_EncryptInit |
| CKF_DECRYPT | 0x00000200 | TRUE if the mechanism can be used with C_DecryptInit |
| CKF_DIGEST | 0x00000400 | TRUE if the mechanism can be used with C_DigestInit |
| CKF_SIGN | 0x00000800 | TRUE if the mechanism can be used with C_SignInit |
| CKF_SIGN_RECOVER | 0x00001000 | TRUE if the mechanism can be used with C_SignRecoverInit |
| CKF_VERIFY | 0x00002000 | TRUE if the mechanism can be used with C_VerifyInit |
| CKF_VERIFY_RECOVER | 0x00004000 | TRUE if the mechanism can be used with C_VerifyRecoverInit |
| CKF_GENERATE | 0x00008000 | TRUE if the mechanism can be used with C_GenerateKey |
| CKF_GENERATE_KEY_PAIR | 0x00010000 | TRUE if the mechanism can be used with C_GenerateKeyPair |
| CKF_WRAP | 0x00020000 | TRUE if the mechanism can be used with C_WrapKey |
| CKF_UNWRAP | 0x00040000 | TRUE if the mechanism can be used with C_UnwrapKey |
| CKF_DERIVE | 0x00080000 | TRUE if the mechanism can be used with C_DeriveKey |
| CKF_EC_F_P | 0x00100000 | TRUE if the mechanism can be used with EC domain parameters over Fp |
| CKF_EC_F_2M | 0x00200000 | TRUE if the mechanism can be used with EC domain parameters over F 2 m |
| CKF_EC_ECPARAMETERS | 0x00400000 | TRUE if the mechanism can be used with EC domain parameters of the choice ecParameters |
| CKF_EC_NAMEDCURVE | 0x00800000 | TRUE if the mechanism can be used with EC domain parameters of the choice namedCurve |
| CKF_EC_UNCOMPRESS | 0x01000000 | TRUE if the mechanism can be used with elliptic curve point uncompressed |
| CKF_EC_COMPRESS | 0x02000000 | TRUE if the mechanism can be used with elliptic curve point compressed |
| CKF_EXTENSION | 0x80000000 | TRUE if there is an extension to the flags; FALSE if no extensions. Must be FALSE for this version. |
CK_MECHANISM_INFO_PTR is a pointer to a CK_MECHANISM_INFO.
|
|
the minimum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent). |
|
|
the maximum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent). |
|
|
bit flags specifying mechanism capabilities. |