Cryptographic Token Interface Standard
PKCS#11
Cryptographic Token Interface Standard Sections
Here is a list of all sections:
Scope
References
Definitions
Symbols and abbreviations
General overview
Design goals
General model
Logical view of a token
Users
Applications and their use of Cryptoki
Applications and processes
Applications and threads
Sessions
Read-only session states
Read/write session states
Permitted object accesses by sessions
Session events
Session handles and object handles
Capabilities of sessions
Example of use of sessions
Secondary authentication (Deprecated)
Function overview
Security considerations
Platform- and compiler-dependent directives for C or C++
Structure packing
Pointer-related macros
Sample platform- and compiler-dependent code
Win32
Win16
Generic UNIX
General data types
General information
Slot and token types
Session types
Object types
Data types for mechanisms
Function types
Locking-related types
Objects
Creating, modifying, and copying objects
Creating objects
Modifying objects
Copying objects
Common attributes
Hardware Feature Objects
Clock
Monotonic Counter Objects
User Interface Objects
Storage Objects
Data objects
Certificate objects
X.509 public key certificate objects
WTLS public key certificate objects
X.509 attribute certificate objects
Key objects
Public key objects
Private key objects
Secret key objects
Domain parameter objects
Mechanism objects
Functions
Function return values
Universal Cryptoki function return values
Cryptoki function return values for functions that use a session handle
Cryptoki function return values for functions that use a token
Special return value for application-supplied callbacks
Special return values for mutex-handling functions
All other Cryptoki function return values
More on relative priorities of Cryptoki errors
Error code 'gotchas'
Conventions for functions returning output in a variable-length buffer
Disclaimer concerning sample code
General-purpose functions
Slot and token management functions
Session management functions
Object management functions
Encryption functions
Decryption functions
Message digesting functions
Signing and MACing functions
Functions for verifying signatures and MACs
Dual-function cryptographic functions
Key management functions
Random number generation functions
Parallel function management functions
Callback functions
Surrender callbacks
Vendor-defined callbacks
Mechanisms
RSA
RSA public key objects
RSA private key objects
PKCS #1 RSA key pair generation
X9.31 RSA key pair generation
PKCS #1 v1.5 RSA
PKCS #1 RSA OAEP mechanism parameters
PKCS #1 RSA OAEP
PKCS #1 RSA PSS mechanism parameters
PKCS #1 RSA PSS
ISO/IEC 9796 RSA
X.509 (raw) RSA
ANSI X9.31 RSA
PKCS #1 v1.5 RSA signature with MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPE-MD 128 or RIPE-MD 160
PKCS #1 RSA PSS signature with SHA-1, SHA-256, SHA-384 or SHA-512
ANSI X9.31 RSA signature with SHA-1
DSA
DSA public key objects
DSA private key objects
DSA domain parameter objects
DSA key pair generation
DSA domain parameter generation
DSA without hashing
DSA with SHA-1
FORTEZZA timestamp
Elliptic Curve
EC Signatures
ECDSA public key objects
Elliptic curve private key objects
Elliptic curve key pair generation
ECDSA without hashing
ECDSA with SHA-1
EC mechanism parameters
Elliptic curve Diffie-Hellman key derivation
Elliptic curve Diffie-Hellman with cofactor key derivation
Elliptic curve Menezes-Qu-Vanstone key derivation
Diffie-Hellman
Diffie-Hellman public key objects
X9.42 Diffie-Hellman public key objects
Diffie-Hellman private key objects
X9.42 Diffie-Hellman private key objects
Diffie-Hellman domain parameter objects
X9.42 Diffie-Hellman domain parameters objects
PKCS #3 Diffie-Hellman key pair generation
PKCS #3 Diffie-Hellman domain parameter generation
PKCS #3 Diffie-Hellman key derivation
X9.42 Diffie-Hellman mechanism parameters
X9.42 Diffie-Hellman key pair generation
X9.42 Diffie-Hellman domain parameter generation
X9.42 Diffie-Hellman key derivation
X9.42 Diffie-Hellman hybrid key derivation
X9.42 Diffie-Hellman Menezes-Qu-Vanstone key derivation
KEA
KEA mechanism parameters
KEA public key objects
KEA private key objects
KEA key pair generation
KEA key derivation
Wrapping/unwrapping private keys
Generic secret key
Generic secret key objects
Generic secret key generation
HMAC mechanisms
RC2
RC2 secret key objects
RC2 mechanism parameters
RC2 key generation
RC2-ECB
RC2-CBC
RC2-CBC with PKCS padding
General-length RC2-MAC
RC2-MAC
RC4
RC4 secret key objects
RC4 key generation
RC4 mechanism
RC5
RC5 secret key objects
RC5 mechanism parameters
RC5 key generation
RC5-ECB
RC5-CBC
RC5-CBC with PKCS padding
General-length RC5-MAC
RC5-MAC
AES
AES secret key objects
AES key generation
AES-ECB
AES-CBC
AES-CBC with PKCS padding
General-length AES-MAC
AES-MAC
General block cipher
DES secret key objects
CAST secret key objects
CAST3 secret key objects
CAST128 (CAST5) secret key objects
IDEA secret key objects
CDMF secret key objects
General block cipher mechanism parameters
General block cipher key generation
General block cipher ECB
General block cipher CBC
General block cipher CBC with PKCS padding
General-length general block cipher MAC
General block cipher MAC
Key derivation by data encryption - DES & AES
Mechanism Parameters
Mechanism Description
Double and Triple-length DES
DES2 secret key objects
DES3 secret key objects
Double-length DES key generation
Triple-length DES Order of Operations
Triple-length DES in CBC Mode
DES and Triple length DES in OFB Mode
DES and Triple length DES in CFB Mode
SKIPJACK
SKIPJACK secret key objects
SKIPJACK Mechanism parameters
SKIPJACK key generation
SKIPJACK-ECB64
SKIPJACK-CBC64
SKIPJACK-OFB64
SKIPJACK-CFB64
SKIPJACK-CFB32
SKIPJACK-CFB16
SKIPJACK-CFB8
SKIPJACK-WRAP
SKIPJACK-PRIVATE-WRAP
SKIPJACK-RELAYX
BATON
BATON secret key objects
BATON key generation
BATON-ECB128
BATON-ECB96
BATON-CBC128
BATON-COUNTER
BATON-SHUFFLE
BATON WRAP
JUNIPER
JUNIPER secret key objects
JUNIPER key generation
JUNIPER-ECB128
JUNIPER-CBC128
JUNIPER-COUNTER
JUNIPER-SHUFFLE
JUNIPER WRAP
MD2
MD2 digest
General-length MD2-HMAC
MD2-HMAC
MD2 key derivation
MD5
MD5 digest
General-length MD5-HMAC
MD5-HMAC
MD5 key derivation
SHA-1
SHA-1 digest
General-length SHA-1-HMAC
SHA-1-HMAC
SHA-1 key derivation
SHA-256
SHA-256 digest
General-length SHA-256-HMAC
SHA-256-HMAC
SHA-256 key derivation
SHA-384
SHA-384 digest
General-length SHA-384-HMAC
SHA-384-HMAC
SHA-384 key derivation
SHA-512
SHA-512 digest
General-length SHA-512-HMAC
SHA-512-HMAC
SHA-512 key derivation
FASTHASH
FASTHASH digest
PKCS #5 and PKCS #5-style password-based encryption (PBE)
Password-based encryption/authentication mechanism parameters
MD2-PBE for DES-CBC
MD5-PBE for DES-CBC
MD5-PBE for CAST-CBC
MD5-PBE for CAST3-CBC
MD5-PBE for CAST128-CBC (CAST5-CBC)
SHA-1-PBE for CAST128-CBC (CAST5-CBC)
PKCS #5 PBKDF2 key generation mechanism parameters
PKCS #5 PBKD2 key generation
PKCS #12 password-based encryption/authentication mechanisms
SHA-1-PBE for 128-bit RC4
SHA-1-PBE for 40-bit RC4
SHA-1-PBE for 3-key triple-DES-CBC
SHA-1-PBE for 2-key triple-DES-CBC
SHA-1-PBE for 128-bit RC2-CBC
SHA-1-PBE for 40-bit RC2-CBC
SHA-1-PBA for SHA-1-HMAC
RIPE-MD
RIPE-MD 128 digest
General-length RIPE-MD 128-HMAC
RIPE-MD 128-HMAC
RIPE-MD 160
General-length RIPE-MD 160-HMAC
RIPE-MD 160-HMAC
SET
SET mechanism parameters
OAEP key wrapping for SET
LYNKS
LYNKS key wrapping
SSL
SSL mechanism parameters
Pre_master key generation
Master key derivation
Master key derivation for Diffie-Hellman
Key and MAC derivation
MD5 MACing in SSL 3.0
SHA-1 MACing in SSL 3.0
TLS
TLS mechanism parameters
TLS PRF (pseudorandom function)
Pre_master key generation
Master key derivation
Master key derivation for Diffie-Hellman
Key and MAC derivation
WTLS
WTLS mechanism parameters
Pre master secret key generation for RSA key exchange suite
Master secret key derivation
Master secret key derivation for Diffie-Hellman and Elliptic Curve Cryptography
WTLS PRF (pseudorandom function)
Server Key and MAC derivation
Client key and MAC derivation
Miscellaneous simple key derivation mechanisms
Parameters for miscellaneous simple key derivation mechanisms
Concatenation of a base key and another key
Concatenation of a base key and data
Concatenation of data and a base key
XORing of a key and data
Extraction of one key from another key
CMS
CMS Signature Mechanism Objects
CMS mechanism parameters
CMS signatures
Blowfish
BLOWFISH secret key objects
Blowfish key generation
Blowfish -CBC
Twofish
Twofish secret key objects
Twofish key generation
Twofish -CBC
Cryptoki tips and reminders
Operations, sessions, and threads
Multiple Application Access Behavior
Objects, attributes, and templates
Signing with recovery
Manifest constants
Token profiles
Government authentication-only
Cellular Digital Packet Data
Other profiles
Comparison of Cryptoki and other APIs
FORTEZZA CIPG, Rev. 1.52
GCS-API
Intellectual property considerations
Revision History
RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220