libpkcs11 man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

LIBPKCS11(3LIB)						       LIBPKCS11(3LIB)

       libpkcs11 - PKCS#11 Cryptographic Framework library

       cc [ flag... ] file... -lpkcs11 [ library... ]
       #include <security/cryptoki.h>
       #include <security/pkcs11.h>

       The  libpkcs11 library implements the RSA Security Inc. PKCS#11 Crypto‐
       graphic Token Interface (Cryptoki), v2.20 specification by using	 plug-
       ins to provide the slots.

       Each  plug-in,  which also implements RSA PKCS#11 v2.20, represents one
       or more slots.

       The libpkcs11 library provides a special slot called the meta slot. The
       meta  slot provides a virtual union of capabilities of all other slots.
       When available, the meta slot is always	the  first  slot  provided  by

       The  meta slot feature can be configured either system-wide or by indi‐
       vidual users. System-wide configuration for meta slot features is  done
       with  the  cryptoadm(1M) utility. User configuration for meta slot fea‐
       tures is performed with environment variables.

       By default, the following is the	 system-wide  configuration  for  meta
       slot.  Meta slot is enabled. Meta slot provides token-based object sup‐
       port with the Software  RSA  PKCS#11  softtoken	(pkcs11_softtoken(5)).
       Meta  slot is allowed to move sensitive token objects to other slots if
       that is necessary to perform an operation.

       Users can overwrite one or more system-wide configuration  options  for
       meta slot using these environment variables.

       environment variables are used to specify  an  alternate	 token	object
       store. A user can specify either slot-description in ${METASLOT_OBJECT‐
       STORE_SLOT} or token-label in ${METASLOT_OBJECTSTORE_TOKEN},  or	 both.
       Valid  values  for  slot-description and token-label are available from
       output of the command:

	 cryptoadm list -v

       The ${METASLOT_ENABLED} environment variable is used to specify whether
       the  user wants to turn the metaslot feature on or off. Only two values
       are recognized. The value "true" means meta slot will be on. The	 value
       "false" means meta slot will be off.

       The  ${METASLOT_AUTO_KEY_MIGRATE} environment variable is used to spec‐
       ify whether the user wants sensitive token objects  to  move  to	 other
       slots for cryptographic operations. Only two values are recognized. The
       value "true" means meta slot will migrate sensitive  token  objects  to
       other  slots  if	 necessary. The value "false" means meta slot will not
       migrate sensitive token objects to other slots even if it is necessary.

       When the meta slot feature is enabled, the slot	that  provides	token-
       based object support is not shown as one of the available slots. All of
       its functionality can be used with the meta slot.

       This library filters the list of	 mechanisms  available	from  plug-ins
       based on the policy set by cryptoadm(1M).

       This library provides entry points for all PKCS#11 v2.20 functions. See
       the RSA PKCS#11 v2.20 specification at

       Plug-ins are added to libpkcs11 by the pkcs11conf class	action	script
       during  execution  of pkgadd(1M). The available mechanisms are adminis‐
       tered by the cryptoadm(1M) utility.

       Plug-ins must have all of their library dependancies specified, includ‐
       ing libc(3LIB). Libraries that have unresolved symbols, including those
       from libc, will be rejected and a message will be  sent	to  syslog(3C)
       for such plug-ins.

       Due to U.S. Export regulations, all plug-ins are required to be crypto‐
       graphically signed using the elfsign utility.

       Any plug-in that is not signed  or  is  not  a  compatible  version  of
       PKCS#11	will  be  dropped by libpkcs11. When a plug-in is dropped, the
       administrator is alerted by the syslog(3C) utility.

       The <security/pkcs11f.h>	 header	 contains  function  definitions.  The
       <security/pkcs11t.h> header contains type definitions. Applications can
       include either of these headers in place of <security/pkcs11.h>,	 which
       contains both function and type definitions.

       The shared object provides the public interfaces defined
       below. See Intro(3) for additional information on shared object	inter‐

   PKCS#11 Standard
       C_CloseAllSessions    C_CloseSession
       C_CopyObject	     C_CreateObject
       C_Decrypt	     C_DecryptDigestUpdate
       C_DecryptFinal	     C_DecryptInit
       C_DecryptUpdate	     C_DecryptVerifyUpdate
       C_DeriveKey	     C_DestroyObject
       C_Digest		     C_DigestEncryptUpdate
       C_DigestFinal	     C_DigestInit
       C_DigestKey	     C_DigestUpdate
       C_Encrypt	     C_EncryptFinal
       C_EncryptInit	     C_EncryptUpdate
       C_Finalize	     C_FindObjects
       C_FindObjectsFinal    C_FindObjectsInit
       C_GenerateKey	     C_GenerateKeyPair
       C_GenerateRandom	     C_GetAttributeValue

       C_GetFunctionList     C_GetInfo
       C_GetMechanismInfo    C_GetMechanismList
       C_GetObjectSize	     C_GetOperationState
       C_GetSessionInfo	     C_GetSlotInfo
       C_GetSlotList	     C_GetTokenInfo
       C_InitPIN	     C_InitToken
       C_Initialize	     C_Login
       C_Logout		     C_OpenSession
       C_SeedRandom	     C_SetAttributeValue
       C_SetOperationState   C_SetPIN
       C_Sign		     C_SignEncryptUpdate
       C_SignFinal	     C_SignInit
       C_SignRecover	     C_SignRecoverInit
       C_SignUpdate	     C_UnwrapKey
       C_Verify		     C_VerifyFinal
       C_VerifyInit	     C_VerifyRecover
       C_VerifyRecoverInit   C_VerifyUpdate
       C_WaitForSlotEvent    C_WrapKey

   SUNW Extensions
       SUNW_C_GetMechSession   SUNW_C_KeyToObject

				     shared object

				     64-bit shared object

       See attributes(5) for descriptions of the following attributes:

       │Interface Stability │ Committed	      │
       │MT-Level	    │ See below.      │
       │Standard	    │ See below.      │

       The  SUNW  Extension  functions are MT-Safe. The PKCS#11 Standard func‐
       tions are MT-Safe with exceptions. See Section  6.5.2  of  RSA  PKCS#11

       The PKCS#11 Standard functions conform to PKCS#11 v2.20.

       cryptoadm(1M),  pkgadd(1M), Intro(3), SUNW_C_GetMechSession(3EXT), sys‐
       log(3C), attributes(5) , pkcs11_kernel(5), pkcs11_softtoken(5)

       RSA PKCS#11 v2.20

       If an application calls C_WaitForSlotEvent() without the CKF_DONT_BLOCK
       flag  set,  libpkcs11  must  create  threads  internally.  If, however,
       CKF_LIBRARY_CANT_CREATE_OS_THREADS is set, C_WaitForSlotEvent() returns

       The  PKCS#11 library does not work with Netscape 4.x but does work with
       more recent versions of Netscape and Mozilla.

       Because C_Initalize() might have been called by both an application and
       a library, it is not safe for a library or its plugins to call C_Final‐
       ize(). A library can be	finished  calling  functions  from  libpkcs11,
       while an application might not.

				  Aug 4, 2008		       LIBPKCS11(3LIB)

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net