man pages section 5: Standards, Environments, and Macros

Exit Print View

 
Updated: July 2014
 
 

pkcs11_kernel(5)

Name

pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework

Synopsis

/usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so

Description

The pkcs11_kernel.so object implements the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki), v2.20, specification by using a private interface to communicate with the Kernel Cryptographic Framework.

Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots.

The PKCS#11 mechanisms provided by this library is determined by the available hardware providers.

Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB).

All of the Standard PKCS#11 functions listed on libpkcs11 (3LIB) are implemented except for the following:

C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent

A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

Buffers cannot be greater than 2 megabytes. For example, C_Encrypt () can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext.

The maximum number of object handles that can be returned by a call to C_FindObjects() is 512.

The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control.

Return Values

The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com.

Attributes

See attributes(5) for a description of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed
MT-Level
MT-Safe with exceptions. See section 6.6.2 of RSA PKCS#11 v2.20
Standard
PKCS#11 v2.20

See also

cryptoadm(1M), rctladm (1M), libpkcs11 (3LIB), attributes(5), pkcs11_softtoken(5)

RSA PKCS#11 v2.20 http://www.rsasecurity.com

Notes

Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable.

Copyright © 1993, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next