![]() | Cryptographic Token Interface Standard |
PKCS#11 |
The Cryptoki API consists of a number of functions, spanning slot and token management and object management, as well as cryptographic functions. These functions are presented in the following table:
Table 8, Summary of Cryptoki Functions
Category | Function | Description |
General | C_Initialize | initializes Cryptoki |
purpose functions | C_Finalize | clean up miscellaneous Cryptoki-associated resources |
C_GetInfo | obtains general information about Cryptoki | |
C_GetFunctionList | obtains entry points of Cryptoki library functions | |
Slot and token | C_GetSlotList | obtains a list of slots in the system |
management | C_GetSlotInfo | obtains information about a particular slot |
functions | C_GetTokenInfo | obtains information about a particular token |
C_WaitForSlotEvent | waits for a slot event (token insertion, removal, etc.) to occur | |
C_GetMechanismList | obtains a list of mechanisms supported by a token | |
C_GetMechanismInfo | obtains information about a particular mechanism | |
C_InitToken | initializes a token | |
C_InitPIN | initializes the normal user's PIN | |
C_SetPIN | modifies the PIN of the current user | |
Session management functions | C_OpenSession | opens a connection between an application and a particular token or sets up an application callback for token insertion |
C_CloseSession | closes a session | |
C_CloseAllSessions | closes all sessions with a token | |
C_GetSessionInfo | obtains information about the session | |
C_GetOperationState | obtains the cryptographic operations state of a session | |
C_SetOperationState | sets the cryptographic operations state of a session | |
C_Login | logs into a token | |
C_Logout | logs out from a token | |
Object | C_CreateObject | creates an object |
management | C_CopyObject | creates a copy of an object |
functions | C_DestroyObject | destroys an object |
C_GetObjectSize | obtains the size of an object in bytes | |
C_GetAttributeValue | obtains an attribute value of an object | |
C_SetAttributeValue | modifies an attribute value of an object | |
C_FindObjectsInit | initializes an object search operation | |
C_FindObjects | continues an object search operation | |
C_FindObjectsFinal | finishes an object search operation | |
Encryption | C_EncryptInit | initializes an encryption operation |
functions | C_Encrypt | encrypts single-part data |
C_EncryptUpdate | continues a multiple-part encryption operation | |
C_EncryptFinal | finishes a multiple-part encryption operation | |
Decryption | C_DecryptInit | initializes a decryption operation |
functions | C_Decrypt | decrypts single-part encrypted data |
C_DecryptUpdate | continues a multiple-part decryption operation | |
C_DecryptFinal | finishes a multiple-part decryption operation | |
Message | C_DigestInit | initializes a message-digesting operation |
digesting | C_Digest | digests single-part data |
functions | C_DigestUpdate | continues a multiple-part digesting operation |
C_DigestKey | digests a key | |
C_DigestFinal | finishes a multiple-part digesting operation | |
Signing | C_SignInit | initializes a signature operation |
and MACing | C_Sign | signs single-part data |
functions | C_SignUpdate | continues a multiple-part signature operation |
C_SignFinal | finishes a multiple-part signature operation | |
C_SignRecoverInit | initializes a signature operation, where the data can be recovered from the signature | |
C_SignRecover | signs single-part data, where the data can be recovered from the signature | |
Functions for verifying | C_VerifyInit | initializes a verification operation |
signatures | C_Verify | verifies a signature on single-part data |
and MACs | C_VerifyUpdate | continues a multiple-part verification operation |
C_VerifyFinal | finishes a multiple-part verification operation | |
C_VerifyRecoverInit | initializes a verification operation where the data is recovered from the signature | |
C_VerifyRecover | verifies a signature on single-part data, where the data is recovered from the signature | |
Dual-purpose cryptographic | C_DigestEncryptUpdate | continues simultaneous multiple-part digesting and encryption operations |
functions | C_DecryptDigestUpdate | continues simultaneous multiple-part decryption and digesting operations |
C_SignEncryptUpdate | continues simultaneous multiple-part signature and encryption operations | |
C_DecryptVerifyUpdate | continues simultaneous multiple-part decryption and verification operations | |
Key | C_GenerateKey | generates a secret key |
management | C_GenerateKeyPair | generates a public-key/private-key pair |
functions | C_WrapKey | wraps (encrypts) a key |
C_UnwrapKey | unwraps (decrypts) a key | |
C_DeriveKey | derives a key from a base key | |
Random number generation | C_SeedRandom | mixes in additional seed material to the random number generator |
functions | C_GenerateRandom | generates random data |
Parallel function management | C_GetFunctionStatus | legacy function which always returns CKR_FUNCTION_NOT_PARALLEL |
functions | C_CancelFunction | legacy function which always returns CKR_FUNCTION_NOT_PARALLEL |
Callback function | application-supplied function to process notifications from Cryptoki |