PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
typedef struct CK_CMS_SIG_PARAMS { CK_OBJECT_HANDLEcertificateHandle; CK_MECHANISM_PTRpSigningMechanism; CK_MECHANISM_PTRpDigestMechanism; CK_UTF8CHAR_PTRpContentType; CK_BYTE_PTRpRequestedAttributes; CK_ULONGulRequestedAttributesLen; CK_BYTE_PTRpRequiredAttributes; CK_ULONGulRequiredAttributesLen; } CK_CMS_SIG_PARAMS;
| certificateHandle | Object handle for a certificate associated with the signing key. The token may use information from this certificate to identify the signer in the '''SignerInfo''' result value. ''CertificateHandle'' may be NULL_PTR if the certificate is not available as a PKCS #11 object or if the calling application leaves the choice of certificate completely to the token. |
| pSigningMechanism | Mechanism to use when signing a constructed CMS '''SignedAttributes''' value. E.g. ''' CKM_SHA1_RSA_PKCS'''. |
| pDigestMechanism | Mechanism to use when digesting the data. Value shall be NULL_PTR when the digest mechanism to use follows from the ''pSigningMechanism'' parameter. |
| pContentType | NULL-terminated string indicating complete MIME Content-type of message to be signed; or the value NULL_PTR if the message is a MIME object (which the token can parse to determine its MIME Content-type if required). Use the value "application/octet-stream" if the MIME type for the message is unknown or undefined. Note that the ''pContentType'' string shall conform to the syntax specified in RFC 2045, i.e. any parameters needed for correct presentation of the content by the token (such as, for example, a non-default "charset") must be present. The token must follow rules and procedures defined in RFC 2045 when presenting the content. |
| pRequestedAttributes | Pointer to DER-encoded list of CMS '''Attributes''' the caller requests to be included in the signed attributes. Token may freely ignore this list or modify any supplied values. |
| ulRequestedAttributesLen | Length in bytes of the value pointed to by ''pRequestedAttributes'' |
| pRequiredAttributes | Pointer to DER-encoded list of CMS '''Attributes''' (with accompanying values) required to be included in the resulting signed attributes. Token must not modify any supplied values. If the token does not support one or more of the attributes, or does not accept provided values, the signature operation will fail. The token will use its own default attributes when signing if both the ''pRequestedAttributes'' and ''pRequiredAttributes'' field are set to NULL_PTR. |
| ulRequiredAttributesLen | Length in bytes, of the value pointed to by ''pRequiredAttributes''. |