Cryptographic Token Interface Standard

PKCS#11


Definitions

For the purposes of this standard, the following definitions apply:
APIApplication programming interface.
ApplicationAny computer program that calls the Cryptoki interface.
ASN.1Abstract Syntax Notation One, as defined in X.680.
AttributeA characteristic of an object.
BATONMISSI's BATON block cipher.
BERBasic Encoding Rules, as defined in X.690.
CASTEntrust Technologies' proprietary symmetric block cipher.
CAST3Entrust Technologies' proprietary symmetric block cipher.
CAST5Another name for Entrust Technologies' symmetric block cipher CAST128. CAST128 is the preferred name.
CAST128Entrust Technologies' symmetric block cipher.
CBCCipher-Block Chaining mode, as defined in FIPS PUB 81.
CDMFCommercial Data Masking Facility, a block encipherment method specified by International Business Machines Corporation and based on DES.
CertificateA signed message binding a subject name and a public key, or a subject name and a set of attributes.
CMSCryptographic Message Syntax (see RFC 2630)
Cryptographic DeviceA device storing cryptographic information and possibly performing cryptographic functions. May be implemented as a smart card, smart disk, PCMCIA card, or with some other technology, including software-only.
CryptokiThe Cryptographic Token Interface defined in this standard.
Cryptoki libraryA library that implements the functions specified in this standard.
DERDistinguished Encoding Rules, as defined in X.690.
DESData Encryption Standard, as defined in FIPS PUB 46-3.
DSADigital Signature Algorithm, as defined in FIPS PUB 186-2.
ECElliptic Curve
ECBElectronic Codebook mode, as defined in FIPS PUB 81.
ECDHElliptic Curve Diffie-Hellman.
ECDSAElliptic Curve DSA, as in ANSI X9.62.
ECMQVElliptic Curve Menezes-Qu-Vanstone
FASTHASHMISSI's FASTHASH message-digesting algorithm.
IDEAAscom Systec's symmetric block cipher.
IVInitialization Vector.
JUNIPERMISSI's JUNIPER block cipher.
KEAMISSI's Key Exchange Algorithm.
LYNKSA smart card manufactured by SPYRUS.
MACMessage Authentication Code.
MD2RSA Security's MD2 message-digest algorithm, as defined in RFC 1319.
MD5RSA Security's MD5 message-digest algorithm, as defined in RFC 1321.
MechanismA process for implementing a cryptographic operation.
MQVMenezes-Qu-Vanstone
OAEPOptimal Asymmetric Encryption Padding for RSA.
ObjectAn item that is stored on a token. May be data, a certificate, or a key.
PINPersonal Identification Number.
PKCSPublic-Key Cryptography Standards.
PRFPseudo random function.
PTDPersonal Trusted Device, as defined in MeT-PTD
RSAThe RSA public-key cryptosystem.
RC2RSA Security's RC2 symmetric block cipher.
RC4RSA Security's proprietary RC4 symmetric stream cipher.
RC5RSA Security's RC5 symmetric block cipher.
ReaderThe means by which information is exchanged with a device.
SessionA logical connection between an application and a token.
SETThe Secure Electronic Transaction protocol.
SHA-1The (revised) Secure Hash Algorithm with a 160-bit message digest, as defined in FIPS PUB 180-2.
SHA-256The Secure Hash Algorithm with a 256-bit message digest, as defined in FIPS PUB 180-2.
SHA-384The Secure Hash Algorithm with a 384-bit message digest, as defined in FIPS PUB 180-2.
SHA-512The Secure Hash Algorithm with a 512-bit message digest, as defined in FIPS PUB 180-2.
SlotA logical reader that potentially contains a token.
SKIPJACKMISSI's SKIPJACK block cipher.
SSLThe Secure Sockets Layer 3.0 protocol.
Subject NameThe X.500 distinguished name of the entity to which a key is assigned.
SOA Security Officer user.
TLSTransport Layer Security.
TokenThe logical view of a cryptographic device defined by Cryptoki.
UserThe person using an application that interfaces to Cryptoki.
UTF-8Universal Character Set (UCS) transformation format (UTF) that represents ISO 10646 and UNICODE strings with a variable number of octets.
WIMWireless Identification Module.
WTLSWireless Transport Layer Security.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220