Cryptographic Token Interface Standard

PKCS#11


Function overview

The Cryptoki API consists of a number of functions, spanning slot and token management and object management, as well as cryptographic functions. These functions are presented in the following table:

Table 8, Summary of Cryptoki Functions
Category Function Description
General C_Initialize initializes Cryptoki
purpose functions C_Finalize clean up miscellaneous Cryptoki-associated resources
  C_GetInfo obtains general information about Cryptoki
  C_GetFunctionList obtains entry points of Cryptoki library functions
Slot and token C_GetSlotList obtains a list of slots in the system
management C_GetSlotInfo obtains information about a particular slot
functions C_GetTokenInfo obtains information about a particular token
  C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur
  C_GetMechanismList obtains a list of mechanisms supported by a token
  C_GetMechanismInfo obtains information about a particular mechanism
  C_InitToken initializes a token
  C_InitPIN initializes the normal user's PIN
  C_SetPIN modifies the PIN of the current user
Session management functions C_OpenSession opens a connection between an application and a particular token or sets up an application callback for token insertion
  C_CloseSession closes a session
  C_CloseAllSessions closes all sessions with a token
  C_GetSessionInfo obtains information about the session
  C_GetOperationState obtains the cryptographic operations state of a session
  C_SetOperationState sets the cryptographic operations state of a session
  C_Login logs into a token
  C_Logout logs out from a token
Object C_CreateObject creates an object
management C_CopyObject creates a copy of an object
functions C_DestroyObject destroys an object
  C_GetObjectSize obtains the size of an object in bytes
  C_GetAttributeValue obtains an attribute value of an object
  C_SetAttributeValue modifies an attribute value of an object
  C_FindObjectsInit initializes an object search operation
  C_FindObjects continues an object search operation
  C_FindObjectsFinal finishes an object search operation
Encryption C_EncryptInit initializes an encryption operation
functions C_Encrypt encrypts single-part data
  C_EncryptUpdate continues a multiple-part encryption operation
  C_EncryptFinal finishes a multiple-part encryption operation
Decryption C_DecryptInit initializes a decryption operation
functions C_Decrypt decrypts single-part encrypted data
  C_DecryptUpdate continues a multiple-part decryption operation
  C_DecryptFinal finishes a multiple-part decryption operation
Message C_DigestInit initializes a message-digesting operation
digesting C_Digest digests single-part data
functions C_DigestUpdate continues a multiple-part digesting operation
  C_DigestKey digests a key
  C_DigestFinal finishes a multiple-part digesting operation
Signing C_SignInit initializes a signature operation
and MACing C_Sign signs single-part data
functions C_SignUpdate continues a multiple-part signature operation
  C_SignFinal finishes a multiple-part signature operation
  C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature
  C_SignRecover signs single-part data, where the data can be recovered from the signature
Functions for verifying C_VerifyInit initializes a verification operation
signatures C_Verify verifies a signature on single-part data
and MACs C_VerifyUpdate continues a multiple-part verification operation
  C_VerifyFinal finishes a multiple-part verification operation
  C_VerifyRecoverInit initializes a verification operation where the data is recovered from the signature
  C_VerifyRecover verifies a signature on single-part data, where the data is recovered from the signature
Dual-purpose cryptographic C_DigestEncryptUpdate continues simultaneous multiple-part digesting and encryption operations
functions C_DecryptDigestUpdate continues simultaneous multiple-part decryption and digesting operations
  C_SignEncryptUpdate continues simultaneous multiple-part signature and encryption operations
  C_DecryptVerifyUpdate continues simultaneous multiple-part decryption and verification operations
Key C_GenerateKey generates a secret key
management C_GenerateKeyPair generates a public-key/private-key pair
functions C_WrapKey wraps (encrypts) a key
  C_UnwrapKey unwraps (decrypts) a key
  C_DeriveKey derives a key from a base key
Random number generation C_SeedRandom mixes in additional seed material to the random number generator
functions C_GenerateRandom generates random data
Parallel function management C_GetFunctionStatus legacy function which always returns CKR_FUNCTION_NOT_PARALLEL
functions C_CancelFunction legacy function which always returns CKR_FUNCTION_NOT_PARALLEL
Callback function   application-supplied function to process notifications from Cryptoki


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v201