pkcs#11 标准中文文档

PKCS #11 V2.11 密码令牌接口标准.................................................................................................................................1

RSA 实验室.........................................................................................................................................................................1

修订版 12001 年 10 月......................................................................................................................................................1

1. 引言..................................................................................................................................................................................1

6. 概述..................................................................................................................................................................................9

6.1 设计目的...................................................................................................................................................................9

6.2 通用模型.................................................................................................................................................................10

6.3 令牌的逻辑视图.....................................................................................................................................................11

6.4 用户.........................................................................................................................................................................12

6.5 应用程序和它们的 CRYPTOKI 使用.......................................................................................................................12

6.5.1 应用程序和进程..............................................................................................................................................12

6.5.2 应用程序和线程..............................................................................................................................................12

6.6 会话.........................................................................................................................................................................13

6.6.1 只读会话状态..................................................................................................................................................13

6.7 二次鉴别（反对）.................................................................................................................................................18

6.7.1 使用由二次鉴别保护的密钥..........................................................................................................................19

6.7.2 产生由二次鉴别保护的私钥..........................................................................................................................19

6.7.3 改变二次鉴别 PIN 值......................................................................................................................................19

6.7.4 二次鉴别 PIN 搜集机制..................................................................................................................................19

6.8 函数概述.................................................................................................................................................................20

7. 安全考虑........................................................................................................................................................................23

8. 独立的平台和自动编译器指示 C 或 C++...................................................................................................................23

8.1 结构填充.................................................................................................................................................................24

8.2 相关指针的宏.........................................................................................................................................................24

8.3.3 类属 UNIX.......................................................................................................................................................26

9. 通用数据类型................................................................................................................................................................27

9.1 通用信息.................................................................................................................................................................27

CK_VERSION_PTR 是 CK_VERSION 的一个指针。...............................................................................................28

CK_INFO_PTR 是 CK_INFO 的一个指针。................................................................................................................28

9.3 会话类型.................................................................................................................................................................35

CK_SESSION_HANDLE_PTR 是 CK_SESSION_HANDLE 的一个指针。............................................................35

CK_SESSION_INFO_PTR 是 CK_SESSION_INFO 的一个指针。..........................................................................36

9.4 对象类型.................................................................................................................................................................37

CK_ATTRIBUTE_PTR 是 CK_ATTRIBUTE 的一个指针。.....................................................................................41

9.5 机制的数据类型.....................................................................................................................................................41

CK_MECHANISM_TYPE_PTR 是 CK_MECHANISM_TYPE 的一个指针。.......................................................45

9.6 函数类型.................................................................................................................................................................48

CK_FUNCTION_LIST_PTR_PTR 是 CK_FUNCTION_LIST_PTR 的一个指针。...............................................52

9.7 相关锁定类型.........................................................................................................................................................52

CK_LOCKMUTEX 和 CK_UNLOCKMUTEX.........................................................................................................53

10.1.1 创建对象........................................................................................................................................................56

10.3.2 单调计数器对象............................................................................................................................................59

10.4 存储对象...............................................................................................................................................................59

10.5 数据对象...............................................................................................................................................................60

10.6 证书对象...............................................................................................................................................................61

10.6.1 X.509 公钥证书对象.....................................................................................................................................61

10.6.2 X.509 属性证书对象.....................................................................................................................................62

10.7 密钥对象...............................................................................................................................................................64

10.8 公钥对象...............................................................................................................................................................65

10.8.1 RSA 公钥对象................................................................................................................................................66

10.8.2 DSA 公钥对象................................................................................................................................................67

10.8.3 ECDSA 公共密钥对象..................................................................................................................................68

10.9.3 Diffie-Hellman 公共密钥对象......................................................................................................................74

10.9.4 KEA 公共密钥对象.......................................................................................................................................74

CKA_PRIME, CKA_SUBPRIME 和 CKA_BASE “属性值总的来说是 KEA ”参数。 ...........................................74

10.10 私钥对象.............................................................................................................................................................75

10.10.1 RSA 私钥对象..............................................................................................................................................77

10.10.2 DSA 私钥对象.............................................................................................................................................79

10.10.3 ECDSA 私钥对象........................................................................................................................................80

10.10.4 Diffie-Hellman 私钥对象............................................................................................................................80

10.10.5 KEA 私钥对象.............................................................................................................................................81

10.11 保密密钥对象.....................................................................................................................................................82

10.11.1 类属保密密钥对象......................................................................................................................................83