Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for pkcs11_softtoken (opensolaris section 5)

pkcs11_softtoken(5)	       Standards, Environments, and Macros	      pkcs11_softtoken(5)

NAME
       pkcs11_softtoken - Software RSA PKCS#11 softtoken

SYNOPSIS
       /usr/lib/security/pkcs11_softtoken.so
       /usr/lib/security/64/pkcs11_softtoken.so

DESCRIPTION
       The pkcs11_softtoken.so object implements the RSA PKCS#11 v2.20 specification in software.
       Persistent storage for "token" objects is provided by this PKCS#11 implementation.

       Application  developers	should	link  to  libpkcs11.so	rather	than  link  directly   to
       pkcs11_softtoken.so. See libpkcs11(3LIB).

       The  following  cryptographic  algorithms  are implemented: DES, 3DES, AES, Blowfish, RC4,
       MD5, SHA1, SHA256, SHA384, SHA512, RSA, DSA, DH, and ECC.

       All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for
       the following:

	 C_GetObjectSize
	 C_InitPIN
	 C_InitToken
	 C_WaitForSlotEvent

       A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

       The following RSA PKCS#11 v2.20 mechanisms are supported:

	 CKM_RSA_PKCS_KEY_PAIR_GEN
	 CKM_RSA_PKCS
	 CKM_RSA_X_509

	 CKM_DSA_KEY_PAIR_GEN
	 CKM_DSA
	 CKM_DSA_SHA1

	 CKM_DH_PKCS_KEY_PAIR_GEN
	 CKM_DH_PKCS_DERIVE

	 CKM_EC_KEY_PAIR_GEN
	 CKM_ECDSA
	 CKM_ECDSA_SHA1
	 CKM_ECDH1_DERIVE

	 CKM_DES_KEY_GEN
	 CKM_DES_ECB
	 CKM_DES_CBC
	 CKM_DES_CBC_PAD

	 CKM_DES3_KEY_GEN
	 CKM_DES3_ECB
	 CKM_DES3_CBC
	 CKM_DES3_CBC_PAD

	 CKM_AES_KEY_GEN
	 CKM_AES_ECB
	 CKM_AES_CBC
	 CKM_AES_CBC_PAD
	 CKM_AES_CTR

	 CKM_BLOWFISH_KEY_GEN
	 CKM_BLOWFISH_CBC

	 CKM_RC4_KEY_GEN
	 CKM_RC4

	 CKM_MD5_RSA_PKCS
	 CKM_SHA1_RSA_PKCS
	 CKM_SHA256_RSA_PKCS
	 CKM_SHA384_RSA_PKCS
	 CKM_SHA512_RSA_PKCS

	 CKM_MD5
	 CKM_SHA_1
	 CKM_SHA256
	 CKM_SHA384
	 CKM_SHA512

	 CKM_MD5_HMAC
	 CKM_MD5_HMAC_GENERAL
	 CKM_SHA_1_HMAC
	 CKM_SHA_1_HMAC_GENERAL
	 CKM_SHA256_HMAC
	 CKM_SHA256_HMAC_GENERAL
	 CKM_SHA384_HMAC
	 CKM_SHA384_HMAC_GENERAL

	 CKM_MD5_KEY_DERIVATION
	 CKM_SHA1_KEY_DERIVATION
	 CKM_SHA256_KEY_DERIVATION
	 CKM_SHA384_KEY_DERIVATION
	 CKM_SHA512_KEY_DERIVATION

	 CKM_SSL3_PRE_MASTER_KEY_GEN
	 CKM_SSL3_MASTER_KEY_DERIVE
	 CKM_SSL3_KEY_AND_MAC_DERIVE
	 CKM_SSL3_MASTER_KEY_DERIVE_DH
	 CKM_TLS_PRE_MASTER_KEY_GEN
	 CKM_TLS_MASTER_KEY_DERIVE
	 CKM_TLS_KEY_AND_MAC_DERIVE
	 CKM_TLS_MASTER_KEY_DERIVE_DH

       Each  of the following types of key objects has certain token-specific attributes that are
       set to true by default as a result of object creation, key/key pair  generation,  and  key
       derivation.

       Public key object     CKA_ENCRYPT, CKA_VERIFY, CKA_VERIFY_RECOVER

       Private key object    CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER, CKA_EXTRACTABLE

       Secret key object     CKA_ENCRYPT, CKA_DECRYPT, CKA_SIGN, CKA_VERIFY, CKA_EXTRACTABLE

       The following certificate objects are supported:

       CKC_X_509	      For  CKC_X_509  certificate  objects,  the following attributes are
			      supported: CKA_SUBJECT, CKA_VALUE, CKA_LABEL,  CKA_ID,  CKA_ISSUER,
			      CKA_SERIAL_NUMBER, and CKA_CERTIFICATE_TYPE.

       CKC_X_509_ATTR_CERT    For   CKC_X_509_ATTR_CERT   certificate	objects,   the	following
			      attributes  are	supported:   CKA_OWNER,   CKA_VALUE,   CKA_LABEL,
			      CKA_SERIAL_NUMBER,  CKA_AC_ISSUER, CKA_ATTR_TYPES, and CKA_CERTIFI-
			      CATE_TYPE.

       The search operation of objects matching the template is performed  at  C_FindObjectsInit.
       The matched objects are cached for subsequent C_FindObjects operations.

       The  pkcs11_softtoken.so  object provides a filesystem-based persistent token object store
       for storing token objects. The default location of the token object store  is  the  user's
       home  directory	returned  by  getpwuid_r(). The user can override the default location by
       using the ${SOFTTOKEN_DIR} environment variable.

       If the token object store has never been initialized, the C_Login() function might  return
       CKR_OK but the user will not be able to create, generate, derive or find any private token
       object and receives CKR_PIN_EXPIRED.

       The user must use the pktool(1) setpin command with the default passphrase  "changeme"  as
       the  old passphrase to change the passphrase of the object store. This action is needed to
       initialize and set the passphrase to a newly created token object store.

       After logging into object store with the new passphrase that was set by the pktool  setpin
       command,  the  user  can  create  and store the private token object in this newly created
       object store. Until the token object store is initialized by setpin, the  C_Login()  func-
       tion is allowed, but all attempts by the user to create, generate, derive or find any pri-
       vate token object fails with a CKR_PIN_EXPIRED error.

       The PIN provided for C_Login() and C_SetPIN() functions can be any  string  of  characters
       with lengths between 1 and 256 and no embedded nulls.

RETURN VALUES
       The  return values for each of the implemented functions are defined and listed in the RSA
       PKCS#11 v2.20 specification. See http://www.rsasecurity.com

FILES
       user_home_directory/.sunw/pkcs11_softtoken

	   user's default token object store

       ${SOFTTOKEN_DIR}/pkcs11_softtoken

	   alternate token object store

ATTRIBUTES
       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |MT-Safe  with   exceptions.  |
       |			     |See  section  6.5.2  of RSA  |
       |			     |PKCS#11 v2.20.		   |
       +-----------------------------+-----------------------------+
       |Standard		     |PKCS#11 v2.20		   |
       +-----------------------------+-----------------------------+

SEE ALSO
       pktool(1), cryptoadm(1M), libpkcs11(3LIB), attributes(5), pkcs11_kernel(5)

       RSA PKCS#11 v2.20 http://www.rsasecurity.com

SunOS 5.11				   25 Mar 2008			      pkcs11_softtoken(5)


All times are GMT -4. The time now is 03:49 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password