Sun and OracleChannel SunHow to BuyLog InEnglish

man pages section 5: Standards, Environments, and Macros
  Search only this book
Search Help
View this book in:
Contained Within
Find More Documentation
Featured Support Resources
 Download this book in PDF (1975 KB)

pkcs11_kernel(5)

Name | Synopsis | Description | Return Values | Attributes | See Also | Notes

Name

    pkcs11_kernel– PKCS#11 interface to Kernel Cryptographic Framework

Synopsis

    /usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so

Description

    The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20 specification by using a private interface to communicate with the Kernel Cryptographic Framework.

    Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots.

    The PKCS#11 mechanisms provided by this library is determined by the available hardware providers.

    Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB).

    All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following:

    C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent

    A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

    Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext.

    The maximum number of object handles that can be returned by a call to C_FindObjects() is 512.

    The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control.

Return Values

    The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com.

Attributes

    See attributes(5) for a description of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Interface Stability 

    Standard: PKCS#11 v2.20 

    MT-Level 

    MT-Safe with exceptions. See section 6.5.2 of RSA PKCS#11 v2.20 

See Also

Notes

    Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable.

SunOS 5.10  Last Revised 27 Oct 2005

Name | Synopsis | Description | Return Values | Attributes | See Also | Notes