Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pkcs11_softtoken(5) [plan9 man page]

pkcs11_softtoken(5)					Standards, Environments, and Macros				       pkcs11_softtoken(5)

NAME
pkcs11_softtoken - Software RSA PKCS#11 softtoken SYNOPSIS
/usr/lib/security/pkcs11_softtoken.so /usr/lib/security/64/pkcs11_softtoken.so /usr/lib/security/pkcs11_softtoken_extra.so /usr/lib/security/64/pkcs11_softtoken_extra.so DESCRIPTION
The pkcs11_softtoken.so object implements the RSA PKCS#11 v2.11 specification in software. Persistent storage for "token" objects is pro- vided by this PKCS#11 implementation. The pkcs11_softtoken.so object contains only implementations of symmetric key algorithms of up to 128-bit keylength. pkcs11_softto- ken_extra.so, if available, might contain longer key lengths. Application developers should link to libpkcs11.so rather than link directly to pkcs11_softtoken.so. See libpkcs11(3LIB). The following cryptographic algorithms are implemented: DES, 3DES, AES, Blowfish, RC4, MD5, SHA1, RSA, DSA, and DH. All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following: C_GetObjectSize C_InitPIN C_InitToken C_WaitForSlotEvent A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED. The following RSA PKCS#11 v2.11 mechanisms are supported: CKM_RSA_PKCS_KEY_PAIR_GEN CKM_RSA_PKCS CKM_RSA_X_509 CKM_DSA_KEY_PAIR_GEN CKM_DSA CKM_DSA_SHA1 CKM_DH_PKCS_KEY_PAIR_GEN CKM_DH_PKCS_DERIVE CKM_DES_KEY_GEN CKM_DES_ECB CKM_DES_CBC CKM_DES_CBC_PAD CKM_DES3_KEY_GEN CKM_DES3_ECB CKM_DES3_CBC CKM_DES3_CBC_PAD CKM_AES_KEY_GEN CKM_AES_ECB CKM_AES_CBC CKM_AES_CBC_PAD CKM_BF_KEY_GEN CKM_BF_ECB CKM_BF_CBC CKM_RC4_KEY_GEN CKM_RC4 CKM_MD5_RSA_PKCS CKM_SHA1_RSA_PKCS CKM_SHA_1 CKM_MD5 CKM_MD5_1_HMAC CKM_MD5_1_HMAC_GENERAL CKM_SHA_1_HMAC CKM_SHA_1_HMAC_GENERAL CKM_MD5_KEY_DERIVATION CKM_SHA1_KEY_DERIVATION CKM_SSL3_PRE_MASTER_KEY_GEN CKM_SSL3_MASTER_KEY_DERIVE CKM_SSL3_KEY_AND_MAC_DERIVE CKM_SSL3_MASTER_KEY_DERIVE_DH CKM_TLS_PRE_MASTER_KEY_GEN CKM_TLS_MASTER_KEY_DERIVE CKM_TLS_KEY_AND_MAC_DERIVE CKM_TLS_MASTER_KEY_DERIVE_DH Each of the following types of key objects has certain token-specific attributes that will be set to true by default as a result of object creation, key/key pair generation, and key derivation. Public key object CKA_ENCRYPT, CKA_VERIFY, CKA_VERIFY_RECOVER Private key object CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER, CKA_EXTRACTABLE Secret key object CKA_ENCRYPT, CKA_DECRYPT, CKA_SIGN, CKA_VERIFY, CKA_EXTRACTABLE The following certificate objects are supported: CKC_X_509 For CKC_X_509 certificate objects, the following attributes are supported: CKA_SUBJECT, CKA_VALUE, CKA_LABEL, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, and CKA_CERTIFICATE_TYPE. CKC_X_509_ATTR_CERT For CKC_X_509_ATTR_CERT certificate objects, the following attributes are supported: CKA_OWNER, CKA_VALUE, CKA_LABEL, CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_ATTR_TYPES, and CKA_CERTIFICATE_TYPE. The search operation of objects matching the template is performed at C_FindObjectsInit. The matched objects are cached for sublequent C_FindObjects operations. The pkcs11_softtoken.so object provides a filesystem-based persistent token object store for storing token objects. The default location of the token object store is the user's $HOME directory. The user can override the default location by using the ${SOFTTOKEN_DIR} environment variable. If the token object store has never been initialized, the C_Login() function might return CKR_OK but the user will not be able to create, generate, derive or find any private token object and will receive CKR_PIN_EXPIRED. The user must use the pktool(1) setpin command with the default passphrase "changeme" as the old passphrase to change the passphrase of the object store. This action is needed to initialize and set the passphrase to a newly created token object store. After logging into object store with the new passphrase that was set by the pktool setpin command, the user can create and store the pri- vate token object in this newly created object store. Until the token object store is initialized by setpin, the C_Login() function is allowed, but all attempts by the user to create, generate, derive or find any private token object will fail with a CKR_PIN_EXPIRED error. The PIN provided for C_Login() and C_SetPIN() functions can be any string of characters with lengths between 1 and 256 and no embedded nulls. RETURN VALUES
The return values for each of the implemented functions are defined and listed in the RSA PKCS#11 v2.11 specification. See http://www.rsasecurity.com FILES
${HOME}/.sunw/pkcs11_softtoken user's default token object store ${SOFTTOKEN_DIR}/pkcs11_softtoken alternate token object store ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Standard: PKCS#11 v2.11 | +-----------------------------+-----------------------------+ |MT-Level |MT-Safe with exceptions. | | |See section 6.5.2 of RSA | | |PKCS#11 v2.11. | +-----------------------------+-----------------------------+ SEE ALSO
pktool(1), cryptoadm(1M), libpkcs11(3LIB), attributes(5), pkcs11_kernel(5) RSA PKCS#11 v2.11 http://www.rsasecurity.com SunOS 5.10 11 May 2004 pkcs11_softtoken(5)
Man Page