Content-type: text/html Man page of pkcs11_kernel

pkcs11_kernel

Section: Standards, Environments, and Macros (5)
Updated: 27 Oct 2005
Index Return to Main Contents
 

NAME

pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework  

SYNOPSIS

/usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so
 

DESCRIPTION

The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20 specification by using a private interface to communicate with the Kernel Cryptographic Framework.

Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots.

The PKCS#11 mechanisms provided by this library is determined by the available hardware providers.

Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB).

All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following:

C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent

A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext.

The maximum number of object handles that can be returned by a call to C_FindObjects() is 512.

The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control.  

RETURN VALUES

The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com.  

ATTRIBUTES

See attributes(5) for a description of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
Interface StabilityStandard: PKCS#11 v2.20
MT-Level MT-Safe with exceptions. See section 6.5.2 of RSA PKCS#11 v2.20

 

SEE ALSO

cryptoadm(1M), rctladm(1M), libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5)

RSA PKCS#11 v2.20 http://www.rsasecurity.com  

NOTES

Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable.


 

Index

NAME
SYNOPSIS
DESCRIPTION
RETURN VALUES
ATTRIBUTES
SEE ALSO
NOTES

This document was created by man2html, using the manual pages.
Time: 02:39:51 GMT, October 02, 2010