The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

pkcs11_softtoken (5)
  • >> pkcs11_softtoken (5) ( Solaris man: Форматы файлов )
  •  

    NAME

    pkcs11_softtoken - Software RSA PKCS#11 softtoken
     
    

    SYNOPSIS

    /usr/lib/security/pkcs11_softtoken.so
    /usr/lib/security/64/pkcs11_softtoken.so
    

     

    DESCRIPTION

    The pkcs11_softtoken.so object implements the RSA PKCS#11 v2.20 specification in software. Persistent storage for "token" objects is provided by this PKCS#11 implementation.

    Application developers should link to libpkcs11.so rather than link directly to pkcs11_softtoken.so. See libpkcs11(3LIB).

    The following cryptographic algorithms are implemented: DES, 3DES, AES, Blowfish, RC4, MD5, SHA1, SHA256, SHA384, SHA512, RSA, DSA, DH, and ECC.

    All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following:

    C_GetObjectSize
    C_InitPIN
    C_InitToken
    C_WaitForSlotEvent
    

    A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

    The following RSA PKCS#11 v2.20 mechanisms are supported:

    CKM_RSA_PKCS_KEY_PAIR_GEN
    CKM_RSA_PKCS
    CKM_RSA_X_509
    
    CKM_DSA_KEY_PAIR_GEN
    CKM_DSA
    CKM_DSA_SHA1
    
    CKM_DH_PKCS_KEY_PAIR_GEN
    CKM_DH_PKCS_DERIVE
    
    CKM_EC_KEY_PAIR_GEN
    CKM_ECDSA
    CKM_ECDSA_SHA1
    CKM_ECDH1_DERIVE
    
    CKM_DES_KEY_GEN
    CKM_DES_ECB
    CKM_DES_CBC
    CKM_DES_CBC_PAD
    
    CKM_DES3_KEY_GEN
    CKM_DES3_ECB
    CKM_DES3_CBC
    CKM_DES3_CBC_PAD
    
    CKM_AES_KEY_GEN
    CKM_AES_ECB
    CKM_AES_CBC
    CKM_AES_CBC_PAD
    CKM_AES_CTR
    
    CKM_BLOWFISH_KEY_GEN
    CKM_BLOWFISH_CBC
    
    CKM_RC4_KEY_GEN
    CKM_RC4
    
    CKM_MD5_RSA_PKCS
    CKM_SHA1_RSA_PKCS
    CKM_SHA256_RSA_PKCS
    CKM_SHA384_RSA_PKCS
    CKM_SHA512_RSA_PKCS
    
    CKM_MD5
    CKM_SHA_1
    CKM_SHA256
    CKM_SHA384
    CKM_SHA512
    
    CKM_MD5_HMAC
    CKM_MD5_HMAC_GENERAL
    CKM_SHA_1_HMAC
    CKM_SHA_1_HMAC_GENERAL
    CKM_SHA256_HMAC
    CKM_SHA256_HMAC_GENERAL
    CKM_SHA384_HMAC
    CKM_SHA384_HMAC_GENERAL
    
    CKM_MD5_KEY_DERIVATION
    CKM_SHA1_KEY_DERIVATION
    CKM_SHA256_KEY_DERIVATION
    CKM_SHA384_KEY_DERIVATION
    CKM_SHA512_KEY_DERIVATION
    
    CKM_SSL3_PRE_MASTER_KEY_GEN 
    CKM_SSL3_MASTER_KEY_DERIVE
    CKM_SSL3_KEY_AND_MAC_DERIVE
    CKM_SSL3_MASTER_KEY_DERIVE_DH
    CKM_TLS_PRE_MASTER_KEY_GEN 
    CKM_TLS_MASTER_KEY_DERIVE 
    CKM_TLS_KEY_AND_MAC_DERIVE 
    CKM_TLS_MASTER_KEY_DERIVE_DH
    

    Each of the following types of key objects has certain token-specific attributes that are set to true by default as a result of object creation, key/key pair generation, and key derivation.

    Public key object

    CKA_ENCRYPT, CKA_VERIFY, CKA_VERIFY_RECOVER

    Private key object

    CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER, CKA_EXTRACTABLE

    Secret key object

    CKA_ENCRYPT, CKA_DECRYPT, CKA_SIGN, CKA_VERIFY, CKA_EXTRACTABLE

    The following certificate objects are supported:

    CKC_X_509

    For CKC_X_509 certificate objects, the following attributes are supported: CKA_SUBJECT, CKA_VALUE, CKA_LABEL, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, and CKA_CERTIFICATE_TYPE.

    CKC_X_509_ATTR_CERT

    For CKC_X_509_ATTR_CERT certificate objects, the following attributes are supported: CKA_OWNER, CKA_VALUE, CKA_LABEL, CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_ATTR_TYPES, and CKA_CERTIFICATE_TYPE.

    The search operation of objects matching the template is performed at C_FindObjectsInit. The matched objects are cached for subsequent C_FindObjects operations.

    The pkcs11_softtoken.so object provides a filesystem-based persistent token object store for storing token objects. The default location of the token object store is the user's home directory returned by getpwuid_r(). The user can override the default location by using the ${SOFTTOKEN_DIR} environment variable.

    If the token object store has never been initialized, the C_Login() function might return CKR_OK but the user will not be able to create, generate, derive or find any private token object and receives CKR_PIN_EXPIRED.

    The user must use the pktool(1) setpin command with the default passphrase "changeme" as the old passphrase to change the passphrase of the object store. This action is needed to initialize and set the passphrase to a newly created token object store.

    After logging into object store with the new passphrase that was set by the pktool setpin command, the user can create and store the private token object in this newly created object store. Until the token object store is initialized by setpin, the C_Login() function is allowed, but all attempts by the user to create, generate, derive or find any private token object fails with a CKR_PIN_EXPIRED error.

    The PIN provided for C_Login() and C_SetPIN() functions can be any string of characters with lengths between 1 and 256 and no embedded nulls.  

    RETURN VALUES

    The return values for each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com  

    FILES

    user_home_directory/.sunw/pkcs11_softtoken

    user's default token object store

    ${SOFTTOKEN_DIR}/pkcs11_softtoken

    alternate token object store

     

    ATTRIBUTES

    See attributes(5) for a description of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    Interface StabilityCommitted

    MT-Level

    Standard

     

    SEE ALSO

    pktool(1), cryptoadm(1M), libpkcs11(3LIB), attributes(5), pkcs11_kernel(5)

    RSA PKCS#11 v2.20 http://www.rsasecurity.com


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    RETURN VALUES
    FILES
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру