Cryptographic Token Interface Standard
PKCS#11
Cryptographic Token Interface Standard Sections
Here is a list of all sections:
Scope
References
Definitions
Symbols and abbreviations
General overview
Design goals
General model
Logical view of a token
Users
Applications and their use of Cryptoki
Applications and processes
Applications and threads
Sessions
Read-only session states
Read/write session states
Permitted object accesses by sessions
Session events
Session handles and object handles
Capabilities of sessions
Example of use of sessions
Secondary authentication (Deprecated)
Using keys protected by secondary authentication
Generating private keys protected by secondary authentication
Changing the secondary authentication PIN value
Secondary authentication PIN collection mechanisms
Function overview
Security considerations
Platform- and compiler-dependent directives for C or C++
Structure packing
Pointer-related macros
Sample platform- and compiler-dependent code
Win32
Win16
Generic UNIX
General data types
General information
Slot and token types
Session types
Object types
Data types for mechanisms
Function types
Locking-related types
Objects
Creating, modifying, and copying objects
Creating objects
Modifying objects
Copying objects
Common attributes
Hardware Feature Objects
Clock Objects
Monotonic Counter Objects
Storage Objects
Data objects
Certificate objects
X.509 attribute certificate objects
Key objects
Public key objects
RSA public key objects
DSA public key objects
ECDSA public key objects
Diffie-Hellman public key objects
X9.42 Diffie-Hellman public key objects
KEA public key objects
Private key objects
RSA private key objects
DSA private key objects
Elliptic curve private key objects
Diffie-Hellman private key objects
X9.42 Diffie-Hellman private key objects
KEA private key objects
Secret key objects
Generic secret key objects
RC2 secret key objects
RC4 secret key objects
RC5 secret key objects
AES secret key objects
DES secret key objects
DES2 secret key objects
DES3 secret key objects
CAST secret key objects
CAST3 secret key objects
CAST128 (CAST5) secret key objects
IDEA secret key objects
CDMF secret key objects
SKIPJACK secret key objects
BATON secret key objects
JUNIPER secret key objects
Domain parameter objects
DSA domain parameter objects
Diffie-Hellman domain parameter objects
X9.42 Diffie-Hellman domain parameters objects
Functions
Function return values
Universal Cryptoki function return values
Cryptoki function return values for functions that use a session handle
Cryptoki function return values for functions that use a token
Special return value for application-supplied callbacks
Special return values for mutex-handling functions
All other Cryptoki function return values
More on relative priorities of Cryptoki errors
Error code 'gotchas'
Conventions for functions returning output in a variable-length buffer
Disclaimer concerning sample code
General-purpose functions
Slot and token management functions
Session management functions
Object management functions
Encryption functions
Decryption functions
Message digesting functions
Signing and MACing functions
Functions for verifying signatures and MACs
Dual-function cryptographic functions
Key management functions
Random number generation functions
Parallel function management functions
Callback functions
Surrender callbacks
Vendor-defined callbacks
Mechanisms
RSA mechanisms
PKCS #1 RSA key pair generation
X9.31 RSA key pair generation
PKCS #1 RSA
PKCS #1 RSA OAEP mechanism parameters
PKCS #1 RSA OAEP
PKCS #1 RSA PSS mechanism parameters
PKCS #1 RSA PSS
ISO/IEC 9796 RSA
X.509 (raw) RSA
ANSI X9.31 RSA
PKCS #1 RSA signature with MD2, MD5, SHA-1, RIPE-MD 128 or RIPE-MD 160
PKCS #1 RSA PSS signature with SHA-1
ANSI X9.31 RSA signature with SHA-1
DSA mechanisms
DSA key pair generation
DSA domain parameter generation
DSA without hashing
DSA with SHA-1
FORTEZZA timestamp
About Elliptic Curve
Elliptic curve mechanisms
Elliptic curve key pair generation
ECDSA without hashing
ECDSA with SHA-1
EC mechanism parameters
Elliptic curve Diffie-Hellman key derivation
Elliptic curve Diffie-Hellman with cofactor key derivation
Elliptic curve Menezes-Qu-Vanstone key derivation
Diffie-Hellman mechanisms
PKCS #3 Diffie-Hellman key pair generation
PKCS #3 Diffie-Hellman domain parameter generation
PKCS #3 Diffie-Hellman key derivation
X9.42 Diffie-Hellman mechanism parameters
X9.42 Diffie-Hellman mechanisms
X9.42 Diffie-Hellman key pair generation
X9.42 Diffie-Hellman domain parameter generation
X9.42 Diffie-Hellman key derivation
X9.42 Diffie-Hellman hybrid key derivation
X9.42 Diffie-Hellman Menezes-Qu-Vanstone key derivation
KEA mechanism parameters
KEA mechanisms
KEA key pair generation
KEA key derivation
Generic secret key mechanisms
Generic secret key generation
Wrapping/unwrapping private keys
About RC2
RC2 mechanism parameters
RC2 mechanisms
RC2 key generation
RC2-ECB
RC2-CBC
RC2-CBC with PKCS padding
General-length RC2-MAC
RC2-MAC
RC4 mechanisms
RC4 key generation
RC4
About RC5
RC5 mechanism parameters
RC5 mechanisms
RC5 key generation
RC5-ECB
RC5-CBC
RC5-CBC with PKCS padding
General-length RC5-MAC
RC5-MAC
AES mechanisms
AES key generation
AES-ECB
AES-CBC
AES-CBC with PKCS padding
General-length AES-MAC
AES-MAC
General block cipher mechanism parameters
General block cipher mechanisms
General block cipher key generation
General block cipher ECB
General block cipher CBC
General block cipher CBC with PKCS padding
General-length general block cipher MAC
General block cipher MAC
Double and Triple-length DES mechanisms
Double-length DES key generation
Triple-length DES Order of Operations
Triple-length DES in CBC Mode
SKIPJACK mechanism parameters
SKIPJACK mechanisms
SKIPJACK key generation
SKIPJACK-ECB64
SKIPJACK-CBC64
SKIPJACK-OFB64
SKIPJACK-CFB64
SKIPJACK-CFB32
SKIPJACK-CFB16
SKIPJACK-CFB8
SKIPJACK-WRAP
SKIPJACK-PRIVATE-WRAP
SKIPJACK-RELAYX
BATON mechanisms
BATON key generation
BATON-ECB128
BATON-ECB96
BATON-CBC128
BATON-COUNTER
BATON-SHUFFLE
BATON WRAP
JUNIPER mechanisms
JUNIPER key generation
JUNIPER-ECB128
JUNIPER-CBC128
JUNIPER-COUNTER
JUNIPER-SHUFFLE
JUNIPER WRAP
MD2 mechanisms
MD2
General-length MD2-HMAC
MD2-HMAC
MD2 key derivation
MD5 mechanisms
MD5
General-length MD5-HMAC
MD5-HMAC
MD5 key derivation
SHA-1 mechanisms
SHA-1
General-length SHA-1-HMAC
SHA-1-HMAC
SHA-1 key derivation
FASTHASH mechanisms
FASTHASH
Password-based encryption/authentication mechanism parameters
PKCS #5 and PKCS #5-style password-based encryption mechanisms
MD2-PBE for DES-CBC
MD5-PBE for DES-CBC
MD5-PBE for CAST-CBC
MD5-PBE for CAST3-CBC
MD5-PBE for CAST128-CBC (CAST5-CBC)
SHA-1-PBE for CAST128-CBC (CAST5-CBC)
PKCS #5 PBKDF2 key generation mechanism parameters
PKCS #5 PBKD2 key generation
PKCS #12 password-based encryption/authentication mechanisms
SHA-1-PBE for 128-bit RC4
SHA-1-PBE for 40-bit RC4
SHA-1-PBE for 3-key triple-DES-CBC
SHA-1-PBE for 2-key triple-DES-CBC
SHA-1-PBE for 128-bit RC2-CBC
SHA-1-PBE for 40-bit RC2-CBC
SHA-1-PBA for SHA-1-HMAC
SET mechanism parameters
SET mechanisms
OAEP key wrapping for SET
LYNKS mechanisms
LYNKS key wrapping
SSL mechanism parameters
SSL mechanisms
Pre_master key generation
Master key derivation
Master key derivation for Diffie-Hellman
Key and MAC derivation
MD5 MACing in SSL 3.0
SHA-1 MACing in SSL 3.0
TLS mechanisms
Pre_master key generation
Master key derivation
Master key derivation for Diffie-Hellman
Key and MAC derivation
Parameters for miscellaneous simple key derivation mechanisms
Miscellaneous simple key derivation mechanisms
Concatenation of a base key and another key
Concatenation of a base key and data
Concatenation of data and a base key
XORing of a key and data
Extraction of one key from another key
RIPE-MD 128 mechanisms
RIPE-MD 128
General-length RIPE-MD 128-HMAC
RIPE-MD 128-HMAC
RIPE-MD 160 mechanisms
RIPE-MD 160
General-length RIPE-MD 160-HMAC
RIPE-MD 160-HMAC
Cryptoki tips and reminders
Operations, sessions, and threads
Multiple Application Access Behavior
Objects, attributes, and templates
Signing with recovery
Token profiles
Government authentication-only
Cellular Digital Packet Data
Comparison of Cryptoki and other APIs
FORTEZZA CIPG, Rev. 1.52
GCS-API
Intellectual property considerations
Method for Exposing Multiple-PINs on a Token Through Cryptoki
Virtual Slots and Tokens
Object Visibility
Revision History
Revision 1, November 2001
RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211