![]() | Cryptographic Token Interface Standard |
PKCS#11 |
Figure 3 shows an integration of PKCS #11 into an application that generates cryptographic keys through the use of CT-KIP. The application invokes C_DeriveKey to derive a key of a particular type on the token. The key may subsequently be used as a basis to e.g., generate one-time password values. The application communicates with a CT-KIP server that participates in the key derivation and stores a copy of the key in its database. The key is transferred to the server in wrapped form, after a call to C_WrapKey. The server authenticates itself to the client and the client verifies the authentication by calls to C_Verify.