PKCS#11

O padrão/protocolo PKCS#11 é amplamente utilizado por aplicações que utilizam operações criptográficas com chaves não exportáveis, o protocolo define uma especificação padronizada para interação com hardwares criptográficos (Smartcards, Tokens e HSMs) o driver é oferecido pela maioria dos fabricantes de hardware no segmento, no cenário do uso de certificado em nuvem é utilizado principalmente para autenticação, listagem de objetos e assinatura.

O driver oferece compatibilidade com as melhores bibliotecas de criptografia e pode ser utilizado com os principais sistemas operacionais do mercado, possibilitando uma integração rápida e garantindo uma interoperabilidade na solução que está sendo integrada.

Também já funciona para uso final em aplicações que já utilizam certificados do tipo A3. Como o protocolo também faz parte dos requisitos técnicos no processo de homologação de hardwares (tokens/smartcards) no âmbito da ICP Brasil (DOC-ICP-10.05 2.1-b) muitas aplicações já suportam a configuração da biblioteca/driver em sua versão nativa, não demandando nenhuma integração adicional para a utilização do certificado em nuvem.

A referência completa sobre o padrão PKCS#11 pode ser consultada no site oficial da OASIS (Advancing open standards for the information society). As informações deste manual tratam das especificidades do driver PKCS#11 BirdID.

Instalação

Windows:

Linux:

Mac OSx:

Binários

Windows:

Linux:

Mac OSx:

Funções disponíveis

Status classification

Type

Description

OK

Feature implemented

QUEUE

Implementation queue

x

Will not be implemented

General purpose functions

Status

Category

Description

OK

C_Initialize

initializes Cryptoki

OK

C_Finalize

clean up miscellaneous Cryptoki-associated resources

OK

C_GetInfo

obtains general information about Cryptoki

OK

C_GetFunctionList

obtains entry points of Cryptoki library functions

Slot and token management functions

Status

Category

Description

OK

C_GetSlotList

obtains a list of slots in the system

OK

C_GetSlotInfo

obtains information about a particular slot

OK

C_GetTokenInfo

obtains information about a particular token

x

C_WaitForSlotEvent

waits for a slot event (token insertion, removal, etc.) to occur

OK

C_GetMechanismList

obtains a list of mechanisms supported by a token

OK

C_GetMechanismInfo

obtains information about a particular mechanism

x

C_InitToken

initializes a token (Use User's Portal to manage your account)

x

C_InitPIN

initializes the normal user’s PIN (Use User's Portal to manage your account)

x

C_SetPIN

modifies the PIN of the current user (Use User's Portal to manage your account)

Session management functions

Status

Category

Description

OK

C_OpenSession

opens a connection between an application and a particular token or sets up an application callback for token insertion

OK

C_CloseSession

closes a session

OK

C_CloseAllSessions

closes all sessions with a token

OK

C_GetSessionInfo

obtains information about the session

OK

C_GetOperationState

obtains the cryptographic operations state of a session

OK

C_SetOperationState

sets the cryptographic operations state of a session

OK

C_Login

logs into a token

OK

C_Logout

logs out from a token

Object management functions

Status

Category

Description

x

C_CreateObject

creates an object (Use User's Portal to manage your account)

x

C_CopyObject

creates a copy of an object (Use User's Portal to manage your account)

x

C_DestroyObject

destroys an object (Use User's Portal to manage your account)

OK

C_GetObjectSize

obtains the size of an object in bytes

OK

C_GetAttributeValue

obtains an attribute value of an object

x

C_SetAttributeValue

modifies an attribute value of an object (Use User's Portal to manage your account)

OK

C_FindObjectsInit

initializes an object search operation

OK

C_FindObjects

continues an object search operation

OK

C_FindObjectsFinal

finishes an object search operation

Encryption functions

Status

Category

Description

x

C_EncryptInit

initializes an encryption operation (NOT IMPLEMENTED)

x

C_Encrypt

encrypts single-part data (NOT IMPLEMENTED)

x

C_EncryptUpdate

continues a multiple-part encryption operation (NOT IMPLEMENTED)

x

C_EncryptFinal

finishes a multiple-part encryption operation (NOT IMPLEMENTED)

Decryption functions

Status

Category

Description

x

C_DecryptInit

initializes a decryption operation (NOT IMPLEMENTED)

x

C_Decrypt

decrypts single-part encrypted data (NOT IMPLEMENTED)

x

C_DecryptUpdate

continues a multiple-part decryption operation (NOT IMPLEMENTED)

x

C_DecryptFinal

finishes a multiple-part decryption operation (NOT IMPLEMENTED)

Message digesting functions

Status

Category

Description

x

C_DigestInit

initializes a message-digesting operation (NOT IMPLEMENTED)

x

C_Digest

digests single-part data (NOT IMPLEMENTED)

x

C_DigestUpdate

continues a multiple-part digesting operation (NOT IMPLEMENTED)

x

C_DigestKey

digests a key (NOT IMPLEMENTED)

x

C_DigestFinal

finishes a multiple-part digesting operation (NOT IMPLEMENTED)

Signing and MACing functions

Status

Category

Description

OK

C_SignInit

initializes a signature operation

OK

C_Sign

signs single-part data

OK

C_SignUpdate

continues a multiple-part signature operation

OK

C_SignFinal

finishes a multiple-part signature operation

OK

C_SignRecoverInit

initializes a signature operation, where the data can be recovered from the signature

OK

C_SignRecover

signs single-part data, where the data can be recovered from the signature

Functions for verifying signatures and MACs

Status

Category

Description

x

C_VerifyInit

initializes a verification operation

x

C_Verify

verifies a signature on single-part data

x

C_VerifyUpdate

continues a multiple-part verification operation

x

C_VerifyFinal

finishes a multiple-part verification operation

x

C_VerifyRecoverInit

initializes a verification operation where the data is recovered from the signature

x

C_VerifyRecover

verifies a signature on single-part data, where the data is recovered from the signature

Dual-purpose cryptographic functions

Status

Category

Description

x

C_DigestEncryptUpdate

continues simultaneous multiple-part digesting and encryption operations

x

C_DecryptDigestUpdate

continues simultaneous multiple-part decryption and digesting operations

x

C_SignEncryptUpdate

continues simultaneous multiple-part signature and encryption operations

x

C_DecryptVerifyUpdate

continues simultaneous multiple-part decryption and verification operations

Key management functions

Status

Category

Description

x

C_GenerateKey

generates a secret key

x

C_GenerateKeyPair

generates a public-key/private-key pair

x

C_WrapKey

wraps (encrypts) a key

x

C_UnwrapKey

unwraps (decrypts) a key

x

C_DeriveKey

derives a key from a base key

Random number generation functions

Status

Category

Description

x

C_SeedRandom

mixes in additional seed material to the random number generator

x

C_GenerateRandom

generates random data

Parallel function management functions

Status

Category

Description

x

C_GetFunctionStatus

legacy function which always returns CKR_FUNCTION_NOT_PARALLEL

x

C_CancelFunction

legacy function which always returns CKR_FUNCTION_NOT_PARALLEL

PreviousUsuário selecionadoNextCSP (Microsoft Crypto API)

Last updated

Was this helpful?