# PKCS#11 O padrão/protocolo PKCS#11 é amplamente utilizado por aplicações que utilizam operações criptográficas com chaves **não** exportáveis, o protocolo define uma especificação padronizada para interação com hardwares criptográficos (Smartcards, Tokens e HSMs) o driver é oferecido pela maioria dos fabricantes de hardware no segmento, no cenário do uso de certificado em nuvem é utilizado principalmente para autenticação, listagem de objetos e assinatura. O driver oferece compatibilidade com as melhores bibliotecas de criptografia e pode ser utilizado com os principais sistemas operacionais do mercado, possibilitando uma integração rápida e garantindo uma interoperabilidade na solução que está sendo integrada. Também já funciona para uso final em aplicações que já utilizam certificados do tipo A3. Como o protocolo também faz parte dos requisitos técnicos no processo de homologação de hardwares (tokens/smartcards) no âmbito da ICP Brasil ([DOC-ICP-10.05 2.1-b](https://www.iti.gov.br/images/repositorio/legislacao/documentos-principais/10.5/DOC-ICP-10.05_-_v_1.0.pdf)) muitas aplicações já suportam a configuração da biblioteca/driver em sua versão nativa, não demandando nenhuma integração adicional para a utilização do certificado em nuvem. A referência completa sobre o padrão[ PKCS#11](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html) pode ser consultada no site oficial da[ OASIS](https://www.oasis-open.org/) (Advancing open standards for the information society). As informações deste manual tratam das especificidades do driver PKCS#11 BirdID. ### Instalação #### Windows: #### Linux: #### Mac OSx: ### Binários #### Windows: #### Linux: #### Mac OSx: ### Funções disponíveis **Status classification** | Type | Description | | ----- | ----------------------- | | OK | Feature implemented | | QUEUE | Implementation queue | | x | Will not be implemented | **General purpose functions** | Status | Category | Description | | ------ | ------------------ | ---------------------------------------------------- | | OK | C\_Initialize | initializes Cryptoki | | OK | C\_Finalize | clean up miscellaneous Cryptoki-associated resources | | OK | C\_GetInfo | obtains general information about Cryptoki | | OK | C\_GetFunctionList | obtains entry points of Cryptoki library functions | **Slot and token management functions** | Status | Category | Description | | ------ | ------------------- | ------------------------------------------------------------------------------- | | OK | C\_GetSlotList | obtains a list of slots in the system | | OK | C\_GetSlotInfo | obtains information about a particular slot | | OK | C\_GetTokenInfo | obtains information about a particular token | | x | C\_WaitForSlotEvent | waits for a slot event (token insertion, removal, etc.) to occur | | OK | C\_GetMechanismList | obtains a list of mechanisms supported by a token | | OK | C\_GetMechanismInfo | obtains information about a particular mechanism | | x | C\_InitToken | initializes a token (Use User's Portal to manage your account) | | x | C\_InitPIN | initializes the normal user’s PIN (Use User's Portal to manage your account) | | x | C\_SetPIN | modifies the PIN of the current user (Use User's Portal to manage your account) | **Session management functions** | Status | Category | Description | | ------ | -------------------- | ----------------------------------------------------------------------------------------------------------------------- | | OK | C\_OpenSession | opens a connection between an application and a particular token or sets up an application callback for token insertion | | OK | C\_CloseSession | closes a session | | OK | C\_CloseAllSessions | closes all sessions with a token | | OK | C\_GetSessionInfo | obtains information about the session | | OK | C\_GetOperationState | obtains the cryptographic operations state of a session | | OK | C\_SetOperationState | sets the cryptographic operations state of a session | | OK | C\_Login | logs into a token | | OK | C\_Logout | logs out from a token | **Object management functions** | Status | Category | Description | | ------ | -------------------- | ----------------------------------------------------------------------------------- | | x | C\_CreateObject | creates an object (Use User's Portal to manage your account) | | x | C\_CopyObject | creates a copy of an object (Use User's Portal to manage your account) | | x | C\_DestroyObject | destroys an object (Use User's Portal to manage your account) | | OK | C\_GetObjectSize | obtains the size of an object in bytes | | OK | C\_GetAttributeValue | obtains an attribute value of an object | | x | C\_SetAttributeValue | modifies an attribute value of an object (Use User's Portal to manage your account) | | OK | C\_FindObjectsInit | initializes an object search operation | | OK | C\_FindObjects | continues an object search operation | | OK | C\_FindObjectsFinal | finishes an object search operation | **Encryption functions** | Status | Category | Description | | ------ | ---------------- | ---------------------------------------------------------------- | | x | C\_EncryptInit | initializes an encryption operation (NOT IMPLEMENTED) | | x | C\_Encrypt | encrypts single-part data (NOT IMPLEMENTED) | | x | C\_EncryptUpdate | continues a multiple-part encryption operation (NOT IMPLEMENTED) | | x | C\_EncryptFinal | finishes a multiple-part encryption operation (NOT IMPLEMENTED) | **Decryption functions** | Status | Category | Description | | ------ | ---------------- | ---------------------------------------------------------------- | | x | C\_DecryptInit | initializes a decryption operation (NOT IMPLEMENTED) | | x | C\_Decrypt | decrypts single-part encrypted data (NOT IMPLEMENTED) | | x | C\_DecryptUpdate | continues a multiple-part decryption operation (NOT IMPLEMENTED) | | x | C\_DecryptFinal | finishes a multiple-part decryption operation (NOT IMPLEMENTED) | **Message digesting functions** | Status | Category | Description | | ------ | --------------- | --------------------------------------------------------------- | | x | C\_DigestInit | initializes a message-digesting operation (NOT IMPLEMENTED) | | x | C\_Digest | digests single-part data (NOT IMPLEMENTED) | | x | C\_DigestUpdate | continues a multiple-part digesting operation (NOT IMPLEMENTED) | | x | C\_DigestKey | digests a key (NOT IMPLEMENTED) | | x | C\_DigestFinal | finishes a multiple-part digesting operation (NOT IMPLEMENTED) | **Signing and MACing functions** | Status | Category | Description | | ------ | ------------------ | ------------------------------------------------------------------------------------- | | OK | C\_SignInit | initializes a signature operation | | OK | C\_Sign | signs single-part data | | OK | C\_SignUpdate | continues a multiple-part signature operation | | OK | C\_SignFinal | finishes a multiple-part signature operation | | OK | C\_SignRecoverInit | initializes a signature operation, where the data can be recovered from the signature | | OK | C\_SignRecover | signs single-part data, where the data can be recovered from the signature | **Functions for verifying signatures and MACs** | Status | Category | Description | | ------ | -------------------- | ---------------------------------------------------------------------------------------- | | x | C\_VerifyInit | initializes a verification operation | | x | C\_Verify | verifies a signature on single-part data | | x | C\_VerifyUpdate | continues a multiple-part verification operation | | x | C\_VerifyFinal | finishes a multiple-part verification operation | | x | C\_VerifyRecoverInit | initializes a verification operation where the data is recovered from the signature | | x | C\_VerifyRecover | verifies a signature on single-part data, where the data is recovered from the signature | **Dual-purpose cryptographic functions** | Status | Category | Description | | ------ | ---------------------- | --------------------------------------------------------------------------- | | x | C\_DigestEncryptUpdate | continues simultaneous multiple-part digesting and encryption operations | | x | C\_DecryptDigestUpdate | continues simultaneous multiple-part decryption and digesting operations | | x | C\_SignEncryptUpdate | continues simultaneous multiple-part signature and encryption operations | | x | C\_DecryptVerifyUpdate | continues simultaneous multiple-part decryption and verification operations | **Key management functions** | Status | Category | Description | | ------ | ------------------ | --------------------------------------- | | x | C\_GenerateKey | generates a secret key | | x | C\_GenerateKeyPair | generates a public-key/private-key pair | | x | C\_WrapKey | wraps (encrypts) a key | | x | C\_UnwrapKey | unwraps (decrypts) a key | | x | C\_DeriveKey | derives a key from a base key | **Random number generation functions** | Status | Category | Description | | ------ | ----------------- | ---------------------------------------------------------------- | | x | C\_SeedRandom | mixes in additional seed material to the random number generator | | x | C\_GenerateRandom | generates random data | **Parallel function management functions** | Status | Category | Description | | ------ | -------------------- | ----------------------------------------------------------------- | | x | C\_GetFunctionStatus | legacy function which always returns CKR\_FUNCTION\_NOT\_PARALLEL | | x | C\_CancelFunction | legacy function which always returns CKR\_FUNCTION\_NOT\_PARALLEL | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vaultid.com.br/workspace/middleware/pkcs-11.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.