The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

libpkcs11 (3)
  • >> libpkcs11 (3) ( Solaris man: Библиотечные вызовы )
  •  

    NAME

    libpkcs11 - PKCS#11 Cryptographic Framework library
     
    

    SYNOPSIS

    cc [ flag... ] file... -lpkcs11 [ library... ]
    #include <security/cryptoki.h>
    #include <security/pkcs11.h>
    

     

    DESCRIPTION

    The libpkcs11 library implements the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki), v2.20 specification by using plug-ins to provide the slots.

    Each plug-in, which also implements RSA PKCS#11 v2.20, represents one or more slots.

    The libpkcs11 library provides a special slot called the meta slot. The meta slot provides a virtual union of capabilities of all other slots. When available, the meta slot is always the first slot provided by libpkcs11.

    The meta slot feature can be configured either system-wide or by individual users. System-wide configuration for meta slot features is done with the cryptoadm(1M) utility. User configuration for meta slot features is performed with environment variables.

    By default, the following is the system-wide configuration for meta slot. Meta slot is enabled. Meta slot provides token-based object support with the Software RSA PKCS#11 softtoken (pkcs11_softtoken(5)). Meta slot is allowed to move sensitive token objects to other slots if that is necessary to perform an operation.

    Users can overwrite one or more system-wide configuration options for meta slot using these environment variables.

    The ${METASLOT_OBJECTSTORE_SLOT} and ${METASLOT_OBJECTSTORE_TOKEN} environment variables are used to specify an alternate token object store. A user can specify either slot-description in ${METASLOT_OBJECTSTORE_SLOT} or token-label in ${METASLOT_OBJECTSTORE_TOKEN}, or both. Valid values for slot-description and token-label are available from output of the command:

    cryptoadm list -v
    

    The ${METASLOT_ENABLED} environment variable is used to specify whether the user wants to turn the metaslot feature on or off. Only two values are recognized. The value "true" means meta slot will be on. The value "false" means meta slot will be off.

    The ${METASLOT_AUTO_KEY_MIGRATE} environment variable is used to specify whether the user wants sensitive token objects to move to other slots for cryptographic operations. Only two values are recognized. The value "true" means meta slot will migrate sensitive token objects to other slots if necessary. The value "false" means meta slot will not migrate sensitive token objects to other slots even if it is necessary.

    When the meta slot feature is enabled, the slot that provides token-based object support is not shown as one of the available slots. All of its functionality can be used with the meta slot.

    This library filters the list of mechanisms available from plug-ins based on the policy set by cryptoadm(1M).

    This library provides entry points for all PKCS#11 v2.20 functions. See the RSA PKCS#11 v2.20 specification at http://www.rsasecurity.com.

    Plug-ins are added to libpkcs11 by the pkcs11conf class action script during execution of pkgadd(1M). The available mechanisms are administered by the cryptoadm(1M) utility.

    Plug-ins must have all of their library dependancies specified, including libc(3LIB). Libraries that have unresolved symbols, including those from libc, will be rejected and a message will be sent to syslog(3C) for such plug-ins.

    Due to U.S. Export regulations, all plug-ins are required to be cryptographically signed using the elfsign utility.

    Any plug-in that is not signed or is not a compatible version of PKCS#11 will be dropped by libpkcs11. When a plug-in is dropped, the administrator is alerted by the syslog(3C) utility.

    The <security/pkcs11f.h> header contains function definitions. The <security/pkcs11t.h> header contains type definitions. Applications can include either of these headers in place of <security/pkcs11.h>, which contains both function and type definitions.  

    INTERFACES

    The shared object libpkcs11.so.1 provides the public interfaces defined below. See Intro(3) for additional information on shared object interfaces.  

    PKCS#11 Standard

    C_CloseAllSessionsC_CloseSession
    C_CopyObjectC_CreateObject
    C_Decrypt
    C_DecryptFinal
    C_DecryptUpdate
    C_DeriveKey
    C_Digest
    C_DigestFinal
    C_DigestKey
    C_Encrypt
    C_EncryptInit
    C_Finalize
    C_FindObjectsFinal
    C_GenerateKey
    C_GenerateRandom
    C_GetFunctionList
    C_GetMechanismInfo
    C_GetObjectSize
    C_GetSessionInfo
    C_GetSlotList
    C_InitPIN
    C_Initialize
    C_Logout
    C_SeedRandom
    C_SetOperationState
    C_Sign
    C_SignFinal
    C_SignRecover
    C_SignUpdate
    C_Verify
    C_VerifyInit
    C_VerifyRecoverInit
    C_WaitForSlotEvent

     

    SUNW Extensions

    SUNW_C_GetMechSessionSUNW_C_KeyToObject

     

    FILES

    /usr/lib/libpkcs11.so.1

    shared object

    /usr/lib/64/libpkcs11.so.1

    64-bit shared object

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWcsl (32-bit)

    Interface Stability

    MT-Level

    Standard

    The SUNW Extension functions are MT-Safe. The PKCS#11 Standard functions are MT-Safe with exceptions. See Section 6.5.2 of RSA PKCS#11 v2.20.

    The PKCS#11 Standard functions conform to PKCS#11 v2.20.  

    SEE ALSO

    cryptoadm(1M), pkgadd(1M), Intro(3), SUNW_C_GetMechSession(3EXT), syslog(3C), attributes(5) , pkcs11_kernel(5), pkcs11_softtoken(5)

    RSA PKCS#11 v2.20 http://www.rsasecurity.com  

    NOTES

    If an application calls C_WaitForSlotEvent() without the CKF_DONT_BLOCK flag set, libpkcs11 must create threads internally. If, however, CKF_LIBRARY_CANT_CREATE_OS_THREADS is set, C_WaitForSlotEvent() returns CKR_FUNCTION_FAILED.

    The PKCS#11 library does not work with Netscape 4.x but does work with more recent versions of Netscape and Mozilla.

    Because C_Initalize() might have been called by both an application and a library, it is not safe for a library or its plugins to call C_Finalize(). A library can be finished calling functions from libpkcs11, while an application might not.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    INTERFACES
    PKCS#11 Standard
    SUNW Extensions
    FILES
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру