libpkcs11(3lib) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

libpkcs11(3lib)

libpkcs11(3LIB)               Interface Libraries              libpkcs11(3LIB)



NAME
       libpkcs11 - PKCS#11 Cryptographic Framework library

SYNOPSIS
       cc [ flag... ] file... -lpkcs11 [ library... ]
       #include <security/cryptoki.h>
       #include <security/pkcs11.h>

DESCRIPTION
       The  libpkcs11 library implements the OASIS PKCS#11 Cryptographic Token
       Interface (Cryptoki), v2.40, specification by using plug-ins to provide
       the slots.


       Each plug-in, which also implements OASIS PKCS#11 v2.40, represents one
       or more slots.


       The libpkcs11 library provides a special slot called the meta slot. The
       meta  slot provides a virtual union of capabilities of all other slots.
       When available, the meta slot is always  the  first  slot  provided  by
       libpkcs11. The order of the rest of the slots is not guaranteed and may
       vary with every load of this library.


       The meta slot feature can be configured either system-wide or by  indi‐
       vidual  users. System-wide configuration for meta slot features is done
       with the cryptoadm(8) utility. User configuration for  meta  slot  fea‐
       tures is performed with environment variables.


       By  default,  the  following  is the system-wide configuration for meta
       slot. Meta slot is enabled. Meta slot provides token-based object  sup‐
       port  with  the Software OASIS PKCS#11 softtoken (pkcs11_softtoken(7)).
       Meta slot is allowed to move sensitive token objects to other slots  if
       that is necessary to perform an operation.


       Users  can  overwrite one or more system-wide configuration options for
       meta slot using these environment variables.


       The  ${METASLOT_OBJECTSTORE_SLOT}   and   ${METASLOT_OBJECTSTORE_TOKEN}
       environment  variables  are  used  to specify an alternate token object
       store. A user can specify either slot-description in ${METASLOT_OBJECT‐
       STORE_SLOT}  or  token-label in ${METASLOT_OBJECTSTORE_TOKEN}, or both.
       If metaslot is unable to honor both the slot and token  configurations,
       then  it  will  default  to  the first available slot. Valid values for
       slot-description and token-label are available from output of the  com‐
       mand:

         cryptoadm list -v



       While  setting  the  ${METASLOT_OBJECTSTORE_SLOT} environment variable,
       whitespaces are required to be padded up to 64th byte. For example,

         export METASLOT_OBJECTSTORE_SLOT="my slot description (pad whitespace up to 64th byte in here...)"



       Similarly, while setting the ${METASLOT_OBJECTSTORE_TOKEN}  environment
       variable,  whitespaces  are  required to be padded up to 32nd byte. For
       example,

         export METASLOT_OBJECTSTORE_TOKEN="KMS (pad whitespace up to 32nd byte in here...)"



       The ${METASLOT_ENABLED} environment variable is used to specify whether
       the  user wants to turn the metaslot feature on or off. Only two values
       are recognized. The value "true" means meta slot will be on. The  value
       "false" means meta slot will be off.


       The  ${METASLOT_AUTO_KEY_MIGRATE} environment variable is used to spec‐
       ify whether the user wants sensitive token objects  to  move  to  other
       slots for cryptographic operations. Only two values are recognized. The
       value "true" means meta slot will migrate sensitive  token  objects  to
       other  slots  if  necessary. The value "false" means meta slot will not
       migrate sensitive token objects to other slots even if it is necessary.


       When the meta slot feature is enabled, the slot  that  provides  token-
       based object support is not shown as one of the available slots. All of
       its functionality can be used with the meta slot.


       This library filters the list of  mechanisms  available  from  plug-ins
       based on the policy set by cryptoadm(8).


       This library provides entry points for all PKCS#11 v2.40 functions. See
       the   OASIS   PKCS#11   v2.40   specification   at   https://www.oasis-
       open.org/committees/pkcs11/ .


       The  cryptoadm(8)  command  can be used to add plugins to libpkcs11, as
       well as to administer the available mechanisms.


       Plug-ins are added to libpkcs11 by the cryptoadm(8) install subcommand,
       and available mechanisms are administered by the cryptoadm(8) utility.


       Plug-ins must have all of their library dependencies specified, includ‐
       ing libc(3LIB). Libraries that have unresolved symbols, including those
       from  libc,  will  be rejected and a message will be sent to syslog(3C)
       for such plug-ins.


       Any plug-in that is not a compatible version of PKCS#11 will be dropped
       by  libpkcs11.  When a plug-in is dropped, the administrator is alerted
       by the syslog(3C) utility.


       The <security/pkcs11f.h>  header  contains  function  definitions.  The
       <security/pkcs11t.h> header contains type definitions. Applications can
       include either of these headers in place of <security/pkcs11.h>,  which
       contains both function and type definitions.

INTERFACES
       The shared object libpkcs11.so.1 provides the public interfaces defined
       below. See intro(3) for additional information on shared object  inter‐
       faces.

   PKCS#11 Standard
       tab();  lw(2.75i)  lw(2.75i) C_CloseAllSessionsC_CloseSession C_CopyOb‐
       jectC_CreateObject     C_DecryptC_DecryptDigestUpdate      C_DecryptFi‐
       nalC_DecryptInit     C_DecryptUpdateC_DecryptVerifyUpdate    C_DeriveK‐
       eyC_DestroyObject  C_DigestC_DigestEncryptUpdate  C_DigestFinalC_Diges‐
       tInit   C_DigestKeyC_DigestUpdate   C_EncryptC_EncryptFinal   C_Encryp‐
       tInitC_EncryptUpdate C_FinalizeC_FindObjects  C_FindObjectsFinalC_Find‐
       ObjectsInit   C_GenerateKeyC_GenerateKeyPair   C_GenerateRandomC_GetAt‐
       tributeValue  C_GetFunctionListC_GetInfo  C_GetMechanismInfoC_GetMecha‐
       nismList  C_GetObjectSizeC_GetOperationState C_GetSessionInfoC_GetSlot‐
       Info   C_GetSlotListC_GetTokenInfo   C_InitPINC_InitToken    C_Initial‐
       izeC_Login C_LogoutC_OpenSession C_SeedRandomC_SetAttributeValue C_Set‐
       OperationStateC_SetPIN C_SignC_SignEncryptUpdate  C_SignFinalC_SignInit
       C_SignRecoverC_SignRecoverInit  C_SignUpdateC_UnwrapKey C_VerifyC_Veri‐
       fyFinal  C_VerifyInitC_VerifyRecover  C_VerifyRecoverInitC_VerifyUpdate
       C_WaitForSlotEventC_WrapKey


   SUNW Extensions
       tab(); lw(2.75i) lw(2.75i) SUNW_C_GetMechSessionSUNW_C_KeyToObject


FILES
       /usr/lib/libpkcs11.so.1       shared object


       /usr/lib/64/libpkcs11.so.1    64-bit shared object


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/library/security/pkcs11 _  Interface
       StabilityCommitted  _  MT-LevelT{  MT-Safe with exceptions. See section
       1.9.3 of OASIS PKCS#11 v2.40 Usage Guide T} _ StandardPKCS#11 v2.40



       The PKCS#11 Standard functions conform to PKCS#11 v2.40.

SEE ALSO
       syslog(3C),   SUNW_C_GetMechSession(3EXT),   intro(3),   attributes(7),
       pkcs11_softtoken(7), cryptoadm(8)

       OASIS PKCS#11 v2.40 specification

           https://www.oasis-open.org/committees/pkcs11/


NOTES
       If an application calls C_WaitForSlotEvent() without the CKF_DONT_BLOCK
       flag set,  libpkcs11  must  create  threads  internally.  If,  however,
       CKF_LIBRARY_CANT_CREATE_OS_THREADS is set, C_WaitForSlotEvent() returns
       CKR_FUNCTION_FAILED.


       Because C_Initialize() might have been called by  both  an  application
       and  a  library,  it  is  not safe for a library or its plugins to call
       C_Finalize(). A library can be finished calling  functions  from  libp‐
       kcs11, while an application might not.



Oracle Solaris 11.4               14 May 2018                  libpkcs11(3LIB)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3