PKCS#11v2.2（DOC）

PKCS

公钥密码算法标准

5星 · 超过95%的资源需积分: 9 100 浏览量更新于2023-05-29 评论收藏 2.71MB DOC 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

PKCS #11 v2.20: Cryptographic Token Interface Standard
RSA Laboratories
June 2004
Table of Contents
INTRODUCTION......................................................................................................................................1
SCOPE.........................................................................................................................................................2
REFERENCES...........................................................................................................................................3
DEFINITIONS............................................................................................................................................7
SYMBOLS AND ABBREVIATIONS....................................................................................................10
GENERAL OVERVIEW........................................................................................................................13
1  INTRODUCTION............................................................................................................................ 13
2  DESIGN GOALS............................................................................................................................. 13
3  GENERAL MODEL......................................................................................................................... 14
4  LOGICAL VIEW OF A TOKEN.......................................................................................................... 16
5  USERS.......................................................................................................................................... 17
6  APPLICATIONS AND THEIR USE OF CRYPTOKI................................................................................17
6.1  Applications and processes........................................................................................................18
6.2  Applications and threads............................................................................................................18
7  SESSIONS..................................................................................................................................... 19
7.1  Read-only session states.............................................................................................................20
7.2  Read/write session states............................................................................................................21
7.3  Permitted object accesses by sessions.......................................................................................22
7.4  Session events.............................................................................................................................23
7.5  Session handles and object handles...........................................................................................23
7.6  Capabilities of sessions..............................................................................................................24
7.7  Example of use of sessions.........................................................................................................24
8  SECONDARY AUTHENTICATION (DEPRECATED)..............................................................................27
9  FUNCTION OVERVIEW...................................................................................................................27
SECURITY CONSIDERATIONS..........................................................................................................31
PLATFORM- AND COMPILER-DEPENDENT DIRECTIVES FOR C OR C++..........................32
1  STRUCTURE PACKING................................................................................................................... 32
2  POINTER-RELATED MACROS.......................................................................................................... 33
 CK_PTR...............................................................................................................................................33
 CK_DEFINE_FUNCTION..................................................................................................................33
 CK_DECLARE_FUNCTION...............................................................................................................33
 CK_DECLARE_FUNCTION_POINTER............................................................................................33
 CK_CALLBACK_FUNCTION............................................................................................................34
Copyright 1994-2004 RSA Security Inc. License to copy this document is granted provided that it is
identified as “RSA Security Inc. Public-Key Cryptography Standards (PKCS)” in all material mentioning
or referencing this document.

II PKCS #11 V2.20: CRYPTOGRAPHIC TOKEN INTERFACE STANDARD
 NULL_PTR..........................................................................................................................................34
8.3  SAMPLE PLATFORM- AND COMPILER-DEPENDENT CODE..................................................................35
8.3.1  Win32..........................................................................................................................................35
8.3.2  Win16..........................................................................................................................................36
8.3.3  Generic UNIX.............................................................................................................................36
9  GENERAL DATA TYPES......................................................................................................................38
9.1  GENERAL INFORMATION............................................................................................................... 38
 CK_VERSION; CK_VERSION_PTR..................................................................................................38
 CK_INFO; CK_INFO_PTR................................................................................................................39
 CK_NOTIFICATION...........................................................................................................................40
9.2  SLOT AND TOKEN TYPES............................................................................................................... 40
 CK_SLOT_ID; CK_SLOT_ID_PTR....................................................................................................40
 CK_SLOT_INFO; CK_SLOT_INFO_PTR..........................................................................................41
 CK_TOKEN_INFO; CK_TOKEN_INFO_PTR..................................................................................42
9.3  SESSION TYPES............................................................................................................................. 49
 CK_SESSION_HANDLE; CK_SESSION_HANDLE_PTR.................................................................49
 CK_USER_TYPE.................................................................................................................................49
 CK_STATE...........................................................................................................................................49
 CK_SESSION_INFO; CK_SESSION_INFO_PTR.............................................................................50
9.4  OBJECT TYPES.............................................................................................................................. 50
 CK_OBJECT_HANDLE; CK_OBJECT_HANDLE_PTR...................................................................51
 CK_OBJECT_CLASS; CK_OBJECT_CLASS_PTR...........................................................................51
 CK_HW_FEATURE_TYPE.................................................................................................................52
 CK_KEY_TYPE...................................................................................................................................52
 CK_CERTIFICATE_TYPE..................................................................................................................52
 CK_ATTRIBUTE_TYPE......................................................................................................................53
 CK_ATTRIBUTE; CK_ATTRIBUTE_PTR..........................................................................................53
 CK_DATE............................................................................................................................................54
9.5  DATA TYPES FOR MECHANISMS.....................................................................................................54
 CK_MECHANISM_TYPE; CK_MECHANISM_TYPE_PTR..............................................................55
 CK_MECHANISM; CK_MECHANISM_PTR.....................................................................................55
 CK_MECHANISM_INFO; CK_MECHANISM_INFO_PTR..............................................................56
9.6  FUNCTION TYPES.......................................................................................................................... 57
 CK_RV.................................................................................................................................................58
 CK_NOTIFY........................................................................................................................................58
 CK_C_XXX..........................................................................................................................................58
 CK_FUNCTION_LIST; CK_FUNCTION_LIST_PTR; CK_FUNCTION_LIST_PTR_PTR..............59
9.7  LOCKING-RELATED TYPES............................................................................................................ 61
 CK_CREATEMUTEX..........................................................................................................................61
 CK_DESTROYMUTEX........................................................................................................................61
 CK_LOCKMUTEX and CK_UNLOCKMUTEX.................................................................................61
 CK_C_INITIALIZE_ARGS; CK_C_INITIALIZE_ARGS_PTR...........................................................63
10  OBJECTS................................................................................................................................................65
10.1  CREATING, MODIFYING, AND COPYING OBJECTS..........................................................................66
10.1.1  Creating objects.......................................................................................................................66
10.1.2  Modifying objects.....................................................................................................................68
10.1.3  Copying objects........................................................................................................................68
10.2  COMMON ATTRIBUTES................................................................................................................ 69
10.3  HARDWARE FEATURE OBJECTS...................................................................................................70
10.3.1  Definitions................................................................................................................................70
10.3.2  Overview...................................................................................................................................70
10.3.3  Clock.........................................................................................................................................70
10.3.4  Monotonic Counter Objects.....................................................................................................71
10.3.5  User Interface Objects.............................................................................................................72
Copyright © 2004 RSA Security Inc. June 2004

III

10.4 STORAGE OBJECTS..................................................................................................................... 74

10.5 DATA OBJECTS........................................................................................................................... 75

10.5.1 Definitions................................................................................................................................75

10.5.2 Overview...................................................................................................................................75

10.6 CERTIFICATE OBJECTS................................................................................................................ 76

10.6.1 Definitions................................................................................................................................76

10.6.2 Overview...................................................................................................................................76

10.6.3 X.509 public key certificate objects.........................................................................................77

10.6.4 WTLS public key certificate objects.........................................................................................79

10.6.5 X.509 attribute certificate objects...........................................................................................81

10.7 KEY OBJECTS............................................................................................................................. 82

10.7.1 Definitions................................................................................................................................82

10.7.2 Overview...................................................................................................................................82

10.8 PUBLIC KEY OBJECTS..................................................................................................................84

10.9 PRIVATE KEY OBJECTS................................................................................................................85

10.10 SECRET KEY OBJECTS............................................................................................................... 87

10.11 DOMAIN PARAMETER OBJECTS.................................................................................................. 90

10.11.1 Definitions..............................................................................................................................90

10.11.2 Overview.................................................................................................................................90

10.12 MECHANISM OBJECTS............................................................................................................... 91

10.12.1 Definitions..............................................................................................................................91

10.12.2 Overview.................................................................................................................................91

11 FUNCTIONS...........................................................................................................................................92

11.1 FUNCTION RETURN VALUES........................................................................................................93

11.1.1 Universal Cryptoki function return values.............................................................................93

11.1.2 Cryptoki function return values for functions that use a session handle...............................94

11.1.3 Cryptoki function return values for functions that use a token..............................................95

11.1.4 Special return value for application-supplied callbacks.......................................................95

11.1.5 Special return values for mutex-handling functions...............................................................96

11.1.6 All other Cryptoki function return values...............................................................................96

11.1.7 More on relative priorities of Cryptoki errors.....................................................................103

11.1.8 Error code “gotchas”...........................................................................................................104

11.2 CONVENTIONS FOR FUNCTIONS RETURNING OUTPUT IN A VARIABLE-LENGTH BUFFER.................104

11.3 DISCLAIMER CONCERNING SAMPLE CODE..................................................................................105

11.4 GENERAL-PURPOSE FUNCTIONS................................................................................................. 105

C_Initialize........................................................................................................................................105

C_Finalize..........................................................................................................................................107

C_GetInfo...........................................................................................................................................108

C_GetFunctionList............................................................................................................................109

11.5 SLOT AND TOKEN MANAGEMENT FUNCTIONS.............................................................................109

C_GetSlotList.....................................................................................................................................109

C_GetSlotInfo....................................................................................................................................111

C_GetTokenInfo.................................................................................................................................112

C_WaitForSlotEvent..........................................................................................................................113

C_GetMechanismList........................................................................................................................114

C_GetMechanismInfo........................................................................................................................115

C_InitToken.......................................................................................................................................116

C_InitPIN...........................................................................................................................................118

C_SetPIN...........................................................................................................................................119

11.6 SESSION MANAGEMENT FUNCTIONS...........................................................................................120

C_OpenSession..................................................................................................................................121

C_CloseSession..................................................................................................................................122

C_CloseAllSessions...........................................................................................................................123

C_GetSessionInfo..............................................................................................................................123

IV PKCS #11 V2.20: CRYPTOGRAPHIC TOKEN INTERFACE STANDARD

C_GetOperationState........................................................................................................................124

C_SetOperationState.........................................................................................................................126

C_Login..............................................................................................................................................129

C_Logout...........................................................................................................................................130

11.7 OBJECT MANAGEMENT FUNCTIONS............................................................................................131

C_CreateObject.................................................................................................................................131

C_CopyObject....................................................................................................................................133

C_DestroyObject...............................................................................................................................135

C_GetObjectSize................................................................................................................................135

C_GetAttributeValue.........................................................................................................................137

C_SetAttributeValue..........................................................................................................................139

C_FindObjectsInit.............................................................................................................................140

C_FindObjects...................................................................................................................................141

C_FindObjectsFinal..........................................................................................................................142

11.8 ENCRYPTION FUNCTIONS.......................................................................................................... 143

C_EncryptInit....................................................................................................................................143

C_Encrypt..........................................................................................................................................144

C_EncryptUpdate..............................................................................................................................145

C_EncryptFinal.................................................................................................................................145

11.9 DECRYPTION FUNCTIONS.......................................................................................................... 148

C_DecryptInit....................................................................................................................................148

C_Decrypt..........................................................................................................................................149

C_DecryptUpdate..............................................................................................................................150

C_DecryptFinal.................................................................................................................................150

11.10 MESSAGE DIGESTING FUNCTIONS............................................................................................152

C_DigestInit.......................................................................................................................................152

C_Digest............................................................................................................................................153

C_DigestUpdate................................................................................................................................154

C_DigestKey......................................................................................................................................154

C_DigestFinal....................................................................................................................................155

11.11 SIGNING AND MACING FUNCTIONS.........................................................................................156

C_SignInit..........................................................................................................................................156

C_Sign................................................................................................................................................157

C_SignUpdate....................................................................................................................................158

C_SignFinal.......................................................................................................................................159

C_SignRecoverInit.............................................................................................................................160

C_SignRecover..................................................................................................................................161

11.12 FUNCTIONS FOR VERIFYING SIGNATURES AND MACS..............................................................162

C_VerifyInit.......................................................................................................................................162

C_Verify.............................................................................................................................................163

C_VerifyUpdate.................................................................................................................................164

C_VerifyFinal....................................................................................................................................164

C_VerifyRecoverInit..........................................................................................................................165

C_VerifyRecover................................................................................................................................166

11.13 DUAL-FUNCTION CRYPTOGRAPHIC FUNCTIONS.........................................................................167

C_DigestEncryptUpdate....................................................................................................................168

C_DecryptDigestUpdate...................................................................................................................170

C_SignEncryptUpdate.......................................................................................................................174

C_DecryptVerifyUpdate....................................................................................................................176

11.14 KEY MANAGEMENT FUNCTIONS...............................................................................................180

C_GenerateKey..................................................................................................................................180

C_GenerateKeyPair..........................................................................................................................181

C_WrapKey........................................................................................................................................183

C_UnwrapKey...................................................................................................................................185

C_DeriveKey......................................................................................................................................187

11.15 RANDOM NUMBER GENERATION FUNCTIONS............................................................................189

C_SeedRandom..................................................................................................................................189

C_GenerateRandom..........................................................................................................................190

11.16 PARALLEL FUNCTION MANAGEMENT FUNCTIONS......................................................................190

C_GetFunctionStatus........................................................................................................................191

C_CancelFunction.............................................................................................................................191

11.17 CALLBACK FUNCTIONS........................................................................................................... 191

11.17.1 Surrender callbacks..............................................................................................................191

11.17.2 Vendor-defined callbacks.....................................................................................................192

12 MECHANISMS....................................................................................................................................193

12.1 RSA........................................................................................................................................ 197

12.1.1 Definitions..............................................................................................................................197

12.1.2 RSA public key objects...........................................................................................................198

12.1.3 RSA private key objects..........................................................................................................199

12.1.4 PKCS #1 RSA key pair generation........................................................................................201

12.1.5 X9.31 RSA key pair generation..............................................................................................202

12.1.6 PKCS #1 v1.5 RSA.................................................................................................................202

12.1.7 PKCS #1 RSA OAEP mechanism parameters.......................................................................204

CK_RSA_PKCS_MGF_TYPE; CK_RSA_PKCS_MGF_TYPE_PTR...............................................204

CK_RSA_PKCS_OAEP_SOURCE_TYPE; CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR.........204

CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTR................................205

12.1.8 PKCS #1 RSA OAEP..............................................................................................................205

12.1.9 PKCS #1 RSA PSS mechanism parameters...........................................................................206

CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTR........................................206

12.1.10 PKCS #1 RSA PSS................................................................................................................207

12.1.11 ISO/IEC 9796 RSA...............................................................................................................208

12.1.12 X.509 (raw) RSA...................................................................................................................209

12.1.13 ANSI X9.31 RSA...................................................................................................................210

12.1.14 PKCS #1 v1.5 RSA signature with MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,

RIPE-MD 128 or RIPE-MD 160........................................................................................................211

12.1.15 PKCS #1 RSA PSS signature with SHA-1, SHA-256, SHA-384 or SHA-512.....................212

12.1.16 ANSI X9.31 RSA signature with SHA-1...............................................................................213

12.2 DSA........................................................................................................................................ 214

12.2.1 Definitions..............................................................................................................................214

12.2.2 DSA public key objects...........................................................................................................214

12.2.3 DSA private key objects.........................................................................................................215

12.2.4 DSA domain parameter objects.............................................................................................216

12.2.5 DSA key pair generation........................................................................................................217

12.2.6 DSA domain parameter generation.......................................................................................217

12.2.7 DSA without hashing..............................................................................................................218

12.2.8 DSA with SHA-1.....................................................................................................................218

12.2.9 FORTEZZA timestamp...........................................................................................................219

12.3 ELLIPTIC CURVE....................................................................................................................... 219

12.3.1 EC Signatures.........................................................................................................................221

12.3.2 Definitions..............................................................................................................................221

12.3.3 ECDSA public key objects.....................................................................................................222

12.3.4 Elliptic curve private key objects...........................................................................................223

12.3.5 Elliptic curve key pair generation.........................................................................................224

12.3.6 ECDSA without hashing.........................................................................................................225

12.3.7 ECDSA with SHA-1................................................................................................................226

12.3.8 EC mechanism parameters.....................................................................................................226

12.3.9 Elliptic curve Diffie-Hellman key derivation........................................................................229

12.3.10 Elliptic curve Diffie-Hellman with cofactor key derivation................................................230

12.3.11 Elliptic curve Menezes-Qu-Vanstone key derivation..........................................................231

12.4 DIFFIE-HELLMAN..................................................................................................................... 232

12.4.1 Definitions..............................................................................................................................232

剩余63页未读，继续阅读

nnina

2014-06-20

英文版本，比中文版更容易读懂，谢谢

lyzoking

粉丝: 0
资源: 1

会员权益专享

PKCS#11 v2.2（DOC）

评论3

会员权益专享

最新资源

PKCS#11 v2.2（DOC）

评论3

使用数字证书进行PKCS#7数字签名

PKCS#7 加密消息语法标准.doc

PKCS#5 基于口令的密码标准.doc

delphi pkcs1

rsa2签名遭遇异常,请检查私钥格式是否正确。

pki-pkcs9规范

python rsa/ecb/pkcs1padding

java里RSA加密怎么设置PKCS1

java如何解析pkcs1格式的私钥

p11-kit库底层调用realpath造成内存泄漏，如何修复

java生成pkcs1 rsa密钥对

openssl certchain

如何重新生成证书并重新签名应用程序？

怎么用文本格式的秘钥生成.cer文件

会员权益专享

最新资源