PKCS #11 v2.11---Cryptographic Token Interface Standard 密码令牌接口标准
组织: PKI 论坛 (http://www.pki.com.cn)
PKCS/PKIX 中文翻译计划
论坛 E-mail:pki@pki.com.cn
译者: don’t know
版权:本中文翻译文档版权归 PKI 论坛的注册用户所共有。可以用于非商业用途自由转载,但必须保留
本
文档的翻译及版权信息。如用于商业目的,所得利润需用于 PKI 论坛的发展。
更改记录
日期 修改章节 类型 修改描述 修改人
C
创建文档
Don’t konw
2003-7-30 M
校对并升级到 V2.11
PKI
* 修改类型分为 C-CREATE A - ADDED M - MODIFIED D - DELETED
PKCS #11 v2.11 密码令牌接口标准
(PKCS #11 v2.11: Cryptographic Token Interface Standard)
RSA
实验室
修订版
1
2001
年
10
月
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard 密码令牌接口标准
目录
1. 引言..................................................................................................................................................................................1
2. 适用范围..........................................................................................................................................................................2
3. 参考文献..........................................................................................................................................................................2
4. 定义..................................................................................................................................................................................4
5. 符号与缩写......................................................................................................................................................................7
6. 概述..................................................................................................................................................................................9
6.1 设计目的...................................................................................................................................................................9
6.2 通用模型.................................................................................................................................................................10
6.3 令牌的逻辑视图.....................................................................................................................................................11
6.4 用户.........................................................................................................................................................................12
6.5 应用程序和它们的 CRYPTOKI 使用.......................................................................................................................12
6.5.1
应用程序和进程
..............................................................................................................................................12
6.5.2
应用程序和线程
..............................................................................................................................................12
6.6 会话.........................................................................................................................................................................13
6.6.1
只读会话状态
..................................................................................................................................................13
6.6.2
读
/
写会话状态
.................................................................................................................................................14
6.6.3
由会话限制的对象访问
..................................................................................................................................15
6.6.4
会话事件
..........................................................................................................................................................16
6.6.5
会话句柄和对象句柄
......................................................................................................................................16
6.6.6
会话的能力
......................................................................................................................................................17
6.6.7
会话使用的范例
..............................................................................................................................................17
6.7 二次鉴别(反对).................................................................................................................................................18
6.7.1
使用由二次鉴别保护的密钥
..........................................................................................................................19
6.7.2
产生由二次鉴别保护的私钥
..........................................................................................................................19
6.7.3
改变二次鉴别
PIN
值
......................................................................................................................................19
6.7.4
二次鉴别
PIN
搜集机制
..................................................................................................................................19
6.8 函数概述.................................................................................................................................................................20
7. 安全考虑........................................................................................................................................................................23
8. 独立的平台和自动编译器指示 C 或 C++...................................................................................................................23
8.1 结构填充.................................................................................................................................................................23
8.2 相关指针的宏.........................................................................................................................................................24
CK_PTR....................................................................................................................................................................24
CK_DEFINE_FUNCTION.......................................................................................................................................24
CK_DECLARE_FUNCTION....................................................................................................................................24
CK_DECLARE_FUNCTION_POINTER..................................................................................................................24
CK_CALLBACK_FUNCTION..................................................................................................................................25
NULL_PTR................................................................................................................................................................25
8.3 示范独立的平台和自动编译器编码.....................................................................................................................25
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard 密码令牌接口标准
8.3.1 Win32...............................................................................................................................................................25
8.3.2 Win16...............................................................................................................................................................26
8.3.3
类属
UNIX.......................................................................................................................................................26
9. 通用数据类型................................................................................................................................................................27
9.1 通用信息.................................................................................................................................................................27
CK_VERSION; CK_VERSION_PTR........................................................................................................................27
CK_INFO; CK_INFO_PTR......................................................................................................................................28
CK_NOTIFICATION................................................................................................................................................28
9.2 槽和令牌类型.........................................................................................................................................................28
CK_SLOT_ID; CK_SLOT_ID_PTR.........................................................................................................................28
CK_SLOT_INFO; CK_SLOT_INFO_PTR...............................................................................................................29
CK_TOKEN_INFO; CK_TOKEN_INFO_PTR........................................................................................................30
9.3 会话类型.................................................................................................................................................................36
CK_SESSION_HANDLE; CK_SESSION_HANDLE_PTR.......................................................................................36
CK_USER_TYPE......................................................................................................................................................36
CK_STATE................................................................................................................................................................36
CK_SESSION_INFO; CK_SESSION_INFO_PTR...................................................................................................37
9.4 对象类型.................................................................................................................................................................37
CK_OBJECT_HANDLE; CK_OBJECT_HANDLE_PTR.........................................................................................37
CK_OBJECT_CLASS; CK_OBJECT_CLASS_PTR.................................................................................................38
CK_HW_FEATURE_TYPE......................................................................................................................................38
CK_KEY_TYPE.........................................................................................................................................................38
CK_CERTIFICATE_TYPE.......................................................................................................................................39
CK_ATTRIBUTE_TYPE...........................................................................................................................................39
CK_ATTRIBUTE; CK_ATTRIBUTE_PTR...............................................................................................................41
CK_DATE.................................................................................................................................................................41
9.5 机制的数据类型.....................................................................................................................................................42
CK_MECHANISM_TYPE; CK_MECHANISM_TYPE_PTR....................................................................................42
CK_MECHANISM; CK_MECHANISM_PTR..........................................................................................................46
CK_MECHANISM_INFO; CK_MECHANISM_INFO_PTR....................................................................................46
9.6 函数类型.................................................................................................................................................................49
CK_RV......................................................................................................................................................................49
CK_NOTIFY..............................................................................................................................................................51
CK_C_XXX...............................................................................................................................................................51
CK_FUNCTION_LIST; CK_FUNCTION_LIST_PTR; CK_FUNCTION_LIST_PTR_PTR....................................51
9.7 相关锁定类型.........................................................................................................................................................53
CK_CREATEMUTEX...............................................................................................................................................53
CK_DESTROYMUTEX.............................................................................................................................................54
CK_LOCKMUTEX
和
CK_UNLOCKMUTEX.........................................................................................................54
CK_C_INITIALIZE_ARGS; CK_C_INITIALIZE_ARGS_PTR.................................................................................55
10. 对象..............................................................................................................................................................................57
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard 密码令牌接口标准
10.1 创建、修改和复制对象.......................................................................................................................................58
10.1.1
创建对象
........................................................................................................................................................58
10.1.2
修改对象
........................................................................................................................................................59
10.1.3
复制对象
........................................................................................................................................................59
10.2 公共属性...............................................................................................................................................................59
10.3 硬件特征对象.......................................................................................................................................................60
10.3.1
时钟对象
........................................................................................................................................................60
10.3.2
单调计数器对象
............................................................................................................................................61
10.4 存储对象...............................................................................................................................................................61
10.5 数据对象...............................................................................................................................................................62
10.6 证书对象...............................................................................................................................................................63
10.6.1 X.509
公钥证书对象
.....................................................................................................................................63
10.6.2 X.509
属性证书对象
.....................................................................................................................................64
10.7 密钥对象...............................................................................................................................................................66
10.8 公钥对象...............................................................................................................................................................67
10.8.1 RSA
公钥对象
................................................................................................................................................68
10.8.2 DSA
公钥对象
................................................................................................................................................69
10.8.3 ECDSA
公共密钥对象
..................................................................................................................................70
10.8.4 Diffie-Hellman
公共密钥对象
......................................................................................................................70
10.8.5 KEA
公共密钥对象
.......................................................................................................................................71
10.9 私钥对象...............................................................................................................................................................72
10.9.1 RSA
私钥对象
................................................................................................................................................73
10.9.2 ECDSA
公共密钥对象
..................................................................................................................................75
10.9.3 Diffie-Hellman
公共密钥对象
......................................................................................................................76
10.9.4 KEA
公共密钥对象
.......................................................................................................................................76
10.10 私钥对象.............................................................................................................................................................77
10.10.1 RSA
私钥对象
..............................................................................................................................................79
10.10.2 DSA
私钥对象
.............................................................................................................................................81
10.10.3 ECDSA
私钥对象
........................................................................................................................................82
10.10.4 Diffie-Hellman
私钥对象
............................................................................................................................82
10.10.5 KEA
私钥对象
.............................................................................................................................................83
10.11 保密密钥对象.....................................................................................................................................................84
10.11.1
类属保密密钥对象
......................................................................................................................................85
10.11.2 RC2
保密密钥对象
......................................................................................................................................86
10.11.3 RC4
保密密钥对象
......................................................................................................................................87
10.11.4 RC5
保密密钥对象
......................................................................................................................................87
10.11.5 AES
保密密钥对象
......................................................................................................................................88
10.11.6 DES
保密密钥对象
.....................................................................................................................................88
10.11.7 DES2
保密密钥对象
...................................................................................................................................89
10.11.8 DES3
保密密钥对象
...................................................................................................................................90
10.11.9 CAST
保密密钥对象
...................................................................................................................................90
10.11.10 CAST3
保密密钥对象
...............................................................................................................................91
10.11.11 CAST128 (CAST5)
保密密钥对象
............................................................................................................91
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard 密码令牌接口标准
10.11.12 IDEA
保密密钥对象
..................................................................................................................................92
10.11.13 CDMF
保密密钥对象
...............................................................................................................................92
10.11.14 SKIPJACK
保密密钥对象
.........................................................................................................................93
10.11.15 BATON
保密 密钥对象
.............................................................................................................................94
10.11.16 JUNIPER
保密密钥对象
...........................................................................................................................95
11. 函数..............................................................................................................................................................................97
11.1 函数返回值...........................................................................................................................................................97
11.1.1
通用
Cryptoki
函数返回值
............................................................................................................................98
11.1.2
使用一个对话句柄的函数的
Cryptoki
函数返回值
....................................................................................98
11.1.3
使用一个令牌的函数的
Cryptoki
函数返回值
...........................................................................................98
11.1.4
应用提供回叫的特殊返回值
.......................................................................................................................99
11.1.5 Mutex
管理函数的特殊返回值
....................................................................................................................99
11.1.6
所有其他的
Cryptoki
函数返回值
...............................................................................................................99
11.1.7 Cryptoki
错误的相关优先权的细节
...........................................................................................................102
11.1.8
错误码 “
gotchas”.......................................................................................................................................103
11.2 在可变长度缓冲器中返回函数的惯例.............................................................................................................103
11.3 关于样本代码的否认声明.................................................................................................................................103
11.4 通用函数.............................................................................................................................................................104
C_Initialize..............................................................................................................................................................104
C_Finalize...............................................................................................................................................................105
C_GetInfo................................................................................................................................................................105
C_GetFunctionList..................................................................................................................................................106
11.5 槽和令牌管理函数.............................................................................................................................................106
C_GetSlotList..........................................................................................................................................................106
C_GetSlotInfo..........................................................................................................................................................108
C_GetTokenInfo......................................................................................................................................................108
C_WaitForSlotEvent...............................................................................................................................................109
C_GetMechanismList..............................................................................................................................................110
C_GetMechanismInfo.............................................................................................................................................111
C_InitToken.............................................................................................................................................................112
C_InitPIN................................................................................................................................................................113
C_SetPIN.................................................................................................................................................................114
11.6 对话管理函数.....................................................................................................................................................115
C_OpenSession.......................................................................................................................................................115
C_CloseSession.......................................................................................................................................................115
C_CloseAllSessions.................................................................................................................................................116
C_GetSessionInfo....................................................................................................................................................117
C_GetOperationState..............................................................................................................................................118
C_SetOperationState...............................................................................................................................................119
C_Login...................................................................................................................................................................121
C_Logout.................................................................................................................................................................121
11.7 对象管理函数.....................................................................................................................................................122
PKCS/PKIX 中文翻译计划
评论30