Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pkcs11_kernel(5) [osx man page]

pkcs11_kernel(5)					Standards, Environments, and Macros					  pkcs11_kernel(5)

NAME
pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework SYNOPSIS
/usr/lib/security/pkcs11_kernel.so /usr/lib/security/64/pkcs11_kernel.so DESCRIPTION
The pkcs11_kernel.so object implements the RSA PKCS#11 v2.11 specification by using a private interface to communicate with the Kernel Cryptographic Framework. Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots. The PKCS#11 mechanisms provided by this library is determined by the available hardware providers. Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB). All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following: C_DecryptDigestUpdate C_DecryptVerifyUpdate C_DigestEncryptUpdate C_GetOperationState C_InitToken C_InitPIN C_SetOperationState C_SignEncryptUpdate C_WaitForSlotEvent A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED. Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext. The maximum number of object handles that can be returned by a call to C_FindObjects() is 512. The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control. RETURN VALUES
The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.11 specification. See http://www.rsase- curity.com/rsalabs/pkcs/pkcs-11. ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Standard: PKCS#11 v2.11 | +-----------------------------+-----------------------------+ |MT-Level |MT-Safe with exceptions. | | |See section 6.5.2 of RSA | | |PKCS#11 v2.11 | +-----------------------------+-----------------------------+ SEE ALSO
cryptoadm(1M), rctladm(1M), libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5) RSA PKCS#11 v2.11 http://www.rsasecurity.com NOTES
Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable. SunOS 5.10 17 Nov 2004 pkcs11_kernel(5)

Check Out this Related Man Page

pkcs11_kernel(5)					Standards, Environments, and Macros					  pkcs11_kernel(5)

NAME
pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework SYNOPSIS
/usr/lib/security/pkcs11_kernel.so /usr/lib/security/64/pkcs11_kernel.so DESCRIPTION
The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20 specification by using a private interface to communicate with the Kernel Cryptographic Framework. Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots. The PKCS#11 mechanisms provided by this library is determined by the available hardware providers. Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB). All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following: C_DecryptDigestUpdate C_DecryptVerifyUpdate C_DigestEncryptUpdate C_GetOperationState C_InitToken C_InitPIN C_SetOperationState C_SignEncryptUpdate C_WaitForSlotEvent A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED. Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext. The maximum number of object handles that can be returned by a call to C_FindObjects() is 512. The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control. RETURN VALUES
The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsase- curity.com. ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Standard: PKCS#11 v2.20 | +-----------------------------+-----------------------------+ |MT-Level |MT-Safe with exceptions. | | |See section 6.5.2 of RSA | | |PKCS#11 v2.20 | +-----------------------------+-----------------------------+ SEE ALSO
cryptoadm(1M), rctladm(1M), libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5) RSA PKCS#11 v2.20 http://www.rsasecurity.com NOTES
Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable. SunOS 5.11 27 Oct 2005 pkcs11_kernel(5)
Man Page