pkcs11_softtoken man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

pkcs11_softtoken(5)   Standards, Environments, and Macros  pkcs11_softtoken(5)

NAME
       pkcs11_softtoken - Software RSA PKCS#11 softtoken

SYNOPSIS
       /usr/lib/security/pkcs11_softtoken.so
       /usr/lib/security/64/pkcs11_softtoken.so
       /usr/lib/security/pkcs11_softtoken_extra.so
       /usr/lib/security/64/pkcs11_softtoken_extra.so

DESCRIPTION
       The pkcs11_softtoken.so object implements the RSA Security Inc. PKCS#11
       Cryptographic Token Interface (Cryptoki), v2.20, specification in soft‐
       ware.  Persistent storage for token objects is provided by this PKCS#11
       implementation.

       The pkcs11_softtoken.so object contains only implementations of symmet‐
       ric   key   algorithms  of  up  to  128-bit  keylength.	pkcs11_softto‐
       ken_extra.so, if available, might contain longer key lengths.

       Application developers should link to  libpkcs11.so  rather  than  link
       directly to pkcs11_softtoken.so. See libpkcs11(3LIB).

       The following cryptographic algorithms are implemented: DES, 3DES, AES,
       Blowfish, RC4, MD5, SHA1, RSA, DSA, and DH.

       All of the Standard PKCS#11 functions  listed  on  libpkcs11(3LIB)  are
       implemented except for the following:

	 C_GetObjectSize
	 C_InitPIN
	 C_InitToken
	 C_WaitForSlotEvent

       A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

       The following RSA PKCS#11 v2.20 mechanisms are supported:

	 CKM_RSA_PKCS_KEY_PAIR_GEN
	 CKM_RSA_PKCS
	 CKM_RSA_X_509

	 CKM_DSA_KEY_PAIR_GEN
	 CKM_DSA
	 CKM_DSA_SHA1

	 CKM_DH_PKCS_KEY_PAIR_GEN
	 CKM_DH_PKCS_DERIVE

	 CKM_DES_KEY_GEN
	 CKM_DES_ECB
	 CKM_DES_CBC
	 CKM_DES_CBC_PAD

	 CKM_DES3_KEY_GEN
	 CKM_DES3_ECB
	 CKM_DES3_CBC
	 CKM_DES3_CBC_PAD

	 CKM_AES_KEY_GEN
	 CKM_AES_ECB
	 CKM_AES_CBC
	 CKM_AES_CBC_PAD

	 CKM_BLOWFISH_KEY_GEN
	 CKM_BLOWFISH_CBC

	 CKM_RC4_KEY_GEN
	 CKM_RC4

	 CKM_MD5_RSA_PKCS
	 CKM_SHA1_RSA_PKCS
	 CKM_SHA256_RSA_PKCS
	 CKM_SHA384_RSA_PKCS
	 CKM_SHA512_RSA_PKCS

	 CKM_MD5
	 CKM_SHA_1
	 CKM_SHA256
	 CKM_SHA384
	 CKM_SHA512

	 CKM_MD5_HMAC
	 CKM_MD5_HMAC_GENERAL
	 CKM_SHA_1_HMAC
	 CKM_SHA_1_HMAC_GENERAL
	 CKM_SHA256_HMAC
	 CKM_SHA256_HMAC_GENERAL
	 CKM_SHA384_HMAC
	 CKM_SHA384_HMAC_GENERAL

	 CKM_MD5_KEY_DERIVATION
	 CKM_SHA1_KEY_DERIVATION
	 CKM_SHA256_KEY_DERIVATION
	 CKM_SHA384_KEY_DERIVATION
	 CKM_SHA512_KEY_DERIVATION

	 CKM_SSL3_PRE_MASTER_KEY_GEN
	 CKM_SSL3_MASTER_KEY_DERIVE
	 CKM_SSL3_KEY_AND_MAC_DERIVE
	 CKM_SSL3_MASTER_KEY_DERIVE_DH
	 CKM_TLS_PRE_MASTER_KEY_GEN
	 CKM_TLS_MASTER_KEY_DERIVE
	 CKM_TLS_KEY_AND_MAC_DERIVE
	 CKM_TLS_MASTER_KEY_DERIVE_DH

       Each  of	 the following types of key objects has certain token-specific
       attributes that are set to true by default as a result of  object  cre‐
       ation, key/key pair generation, and key derivation.

       Public key object     CKA_ENCRYPT, CKA_VERIFY, CKA_VERIFY_RECOVER

       Private key object    CKA_DECRYPT,      CKA_SIGN,     CKA_SIGN_RECOVER,
			     CKA_EXTRACTABLE

       Secret key object     CKA_ENCRYPT, CKA_DECRYPT,	CKA_SIGN,  CKA_VERIFY,
			     CKA_EXTRACTABLE

       The following certificate objects are supported:

       CKC_X_509	      For CKC_X_509 certificate objects, the following
			      attributes    are	   supported:	  CKA_SUBJECT,
			      CKA_VALUE,    CKA_LABEL,	 CKA_ID,   CKA_ISSUER,
			      CKA_SERIAL_NUMBER, and CKA_CERTIFICATE_TYPE.

       CKC_X_509_ATTR_CERT    For CKC_X_509_ATTR_CERT certificate objects, the
			      following	 attributes  are supported: CKA_OWNER,
			      CKA_VALUE,     CKA_LABEL,	    CKA_SERIAL_NUMBER,
			      CKA_AC_ISSUER,  CKA_ATTR_TYPES, and CKA_CERTIFI‐
			      CATE_TYPE.

       The search operation of objects matching the template is	 performed  at
       C_FindObjectsInit.  The	matched	 objects  are  cached  for  sublequent
       C_FindObjects operations.

       The pkcs11_softtoken.so object provides a  filesystem-based  persistent
       token  object  store for storing token objects. The default location of
       the token object store is the user's home directory returned  by	 getp‐
       wuid_r().  The  user  can  override  the	 default location by using the
       ${SOFTTOKEN_DIR} environment variable.

       If the token object store has never  been  initialized,	the  C_Login()
       function	 might	return CKR_OK but the user will not be able to create,
       generate,  derive  or  find  any	 private  token	 object	 and  receives
       CKR_PIN_EXPIRED.

       The  user  must	use  the  pktool(1)  setpin  command  with the default
       passphrase "changeme" as the old passphrase to change the passphrase of
       the  object  store.  This  action  is  needed to initialize and set the
       passphrase to a newly created token object store.

       After logging into object store with the new passphrase that was set by
       the  pktool  setpin  command, the user can create and store the private
       token object in this newly created object store. Until the token object
       store  is initialized by setpin, the C_Login() function is allowed, but
       all attempts by the user to create, generate, derive or find  any  pri‐
       vate token object fails with a CKR_PIN_EXPIRED error.

       The  PIN	 provided  for	C_Login()  and C_SetPIN() functions can be any
       string of characters with lengths between 1 and	256  and  no  embedded
       nulls.

       The  default  location  of the token object store is in the user's home
       directory   returned   by   gerpwuid_r().    It	  is	followed    by
       /.sunw/pkcs11_softoken/,	    and	    the	    default	location    is
       ~/.sunw/pkcs11_softtoken().

       The user can override the  default  location  by	 using	the  ${SOFTTO‐
       KEN_DIR}	 environment  variable.	 The  location for the alternate token
       object store is	${SOFTTOKEN_DIR}/pkcs11_softoken/.

RETURN VALUES
       The return values for each of the implemented functions are defined and
       listed  in the RSA PKCS#11 v2.20 specification. See http://www.rsasecu‐
       rity.com

FILES
       user_home_directory/.sunw/pkcs11_softtoken

	   user's default token object store

       ${SOFTTOKEN_DIR}/pkcs11_softtoken

	   alternate token object store

ATTRIBUTES
       See attributes(5) for a description of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Committed			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │MT-Level		     │MT-Safe  with   exceptions.  │
       │			     │See  section  6.6.2  of RSA  │
       │			     │PKCS#11 v2.20.		   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Standard		     │PKCS#11 v2.20		   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       pktool(1), cryptoadm(1M), libpkcs11(3LIB),  attributes(5),  pkcs11_ker‐
       nel(5)

       RSA PKCS#11 v2.20 http://www.rsasecurity.com

SunOS 5.10			  14 Nov 2011		   pkcs11_softtoken(5)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net