unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

pkcs11_kernel(5)      Standards, Environments, and Macros     pkcs11_kernel(5)



NAME
       pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework

SYNOPSIS
       /usr/lib/security/pkcs11_kernel.so
       /usr/lib/security/64/pkcs11_kernel.so

DESCRIPTION
       The pkcs11_kernel.so object implements the RSA PKCS#11 v2.11 specifica-
       tion by using a private interface to communicate with the Kernel  Cryp-
       tographic Framework.

       Each  unique  hardware  provider is represented by a PKCS#11 slot. In a
       system with no hardware Kernel Cryptographic Framework providers,  this
       PKCS#11 library presents no slots.

       The  PKCS#11  mechanisms  provided by this library is determined by the
       available hardware providers.

       Application developers should link to  libpkcs11.so  rather  than  link
       directly to pkcs11_kernel.so. See libpkcs11(3LIB).

       All  of  the  Standard  PKCS#11 functions listed on libpkcs11(3LIB) are
       implemented except for the following:

       C_DecryptDigestUpdate
       C_DecryptVerifyUpdate
       C_DigestEncryptUpdate
       C_GetOperationState
       C_InitToken
       C_InitPIN
       C_SetOperationState
       C_SignEncryptUpdate
       C_WaitForSlotEvent


       A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

       Buffers cannot be greater than 2 megabytes.  For  example,  C_Encrypt()
       can  be  called  with a 2 megabyte buffer of plaintext and a 2 megabyte
       buffer for the ciphertext.

       The maximum number of object handles that can be returned by a call  to
       C_FindObjects() is 512.

       The  maximum amount of kernel memory that can be used for crypto opera-
       tions is limited by  the  project.max-crypto-memory  resource  control.
       Allocations  in  the  kernel for buffers and session-related structures
       are charged against this resource control.

RETURN VALUES
       The return values of each of the implemented functions are defined  and
       listed  in the RSA PKCS#11 v2.11 specification. See http://www.rsasecu-
       rity.com/rsalabs/pkcs/pkcs-11.

ATTRIBUTES
       See attributes(5) for a description of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE TYPEATTRIBUTE VALUE Interface StabilityStan-
       dard: PKCS#11 v2.11 MT-LevelT{ MT-Safe  with  exceptions.  See  section
       6.5.2 of RSA PKCS#11 v2.11 T}


SEE ALSO
       cryptoadm(1M),     rctladm(1M),     libpkcs11(3LIB),     attributes(5),
       pkcs11_softtoken(5)

       RSA PKCS#11 v2.11 http://www.rsasecurity.com

NOTES
       Applications that have an open session to a PKCS#11 slot make the  cor-
       responding  hardware  provider  driver not unloadable. An administrator
       must close the applications that have an PKCS#11 session  open  to  the
       hardware provider to make the driver unloadable.



SunOS 5.10                        17 Nov 2004                 pkcs11_kernel(5)