Manual Pages for UNIX Operating System command usage for man pkcs11_kernel

Standards, Environments, and Macros              pkcs11_kernel(5)



NAME
     pkcs11_kernel - PKCS#11 interface  to  Kernel  Cryptographic
     Framework

SYNOPSIS
     /usr/lib/security/pkcs11_kernel.so
     /usr/lib/security/64/pkcs11_kernel.so


DESCRIPTION
     The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20
     specification  by  using  a private interface to communicate
     with the Kernel Cryptographic Framework.


     Each unique hardware provider is represented  by  a  PKCS#11
     slot.  In  a  system  with  no hardware Kernel Cryptographic
     Framework providers, this PKCS#11 library presents no slots.


     The PKCS#11 mechanisms provided by this  library  is  deter-
     mined by the available hardware providers.


     Application developers should link  to  libpkcs11.so  rather
     than link directly to pkcs11_kernel.so. See libpkcs11(3LIB).


     All  of   the   Standard   PKCS#11   functions   listed   on
     libpkcs11(3LIB) are implemented except for the following:

       C_DecryptDigestUpdate
       C_DecryptVerifyUpdate
       C_DigestEncryptUpdate
       C_GetOperationState
       C_InitToken
       C_InitPIN
       C_SetOperationState
       C_SignEncryptUpdate
       C_WaitForSlotEvent



     A      call      to      these       functions       returns
     CKR_FUNCTION_NOT_SUPPORTED.


     Buffers cannot be greater than  2  megabytes.  For  example,
     C_Encrypt() can be called with a 2 megabyte buffer of plain-
     text and a 2 megabyte buffer for the ciphertext.





SunOS 5.11          Last change: 27 Oct 2005                    1






Standards, Environments, and Macros              pkcs11_kernel(5)



     The maximum number of object handles that can be returned by
     a call to C_FindObjects() is 512.


     The maximum amount of kernel memory that  can  be  used  for
     crypto  operations  is  limited  by  the project.max-crypto-
     memory resource  control.  Allocations  in  the  kernel  for
     buffers  and  session-related structures are charged against
     this resource control.

RETURN VALUES
     The return values of each of the implemented  functions  are
     defined  and  listed in the RSA PKCS#11 v2.20 specification.
     See http://www.rsasecurity.com.

ATTRIBUTES
     See attributes(5) for a description of the following  attri-
     butes:



     ____________________________________________________________
   |        ATTRIBUTE TYPE       |        ATTRIBUTE VALUE      |
   | ____________________________|_____________________________|_
   |  Interface Stability        |  Committed                  |
   | ____________________________|_____________________________|_
   |  MT-Level                   |  MT-Safe  with   exceptions.|
   |                             |  See  section  6.5.2  of RSA|
   |                             |  PKCS#11 v2.20              |
   |_____________________________|_____________________________|
   | Standard                    | PKCS#11 v2.20               |
   |_____________________________|_____________________________|


SEE ALSO
     cryptoadm(1M), rctladm(1M), libpkcs11(3LIB),  attributes(5),
     pkcs11_softtoken(5)


     RSA PKCS#11 v2.20 http://www.rsasecurity.com

NOTES
     Applications that have an open session  to  a  PKCS#11  slot
     make  the corresponding hardware provider driver not unload-
     able. An administrator must close the applications that have
     an PKCS#11 session open to the hardware provider to make the
     driver unloadable.








SunOS 5.11          Last change: 27 Oct 2005                    2