Tribblix: manual page: pkcs11

PKCS11_KERNEL(7) Standards, Environments, and Macros PKCS11_KERNEL(7)

NAME

pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework

SYNOPSIS

/usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so

DESCRIPTION

The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20
specification by using a private interface to communicate with the
Kernel Cryptographic Framework.

Each unique hardware provider is represented by a PKCS#11 slot. In a
system with no hardware Kernel Cryptographic Framework providers,
this PKCS#11 library presents no slots.

The PKCS#11 mechanisms provided by this library is determined by the
available hardware providers.

Application developers should link to libpkcs11.so rather than link
directly to pkcs11_kernel.so. See libpkcs11(3LIB).

All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are
implemented except for the following:

C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent

A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.

Buffers cannot be greater than 2 megabytes. For example, C_Encrypt()
can be called with a 2 megabyte buffer of plaintext and a 2 megabyte
buffer for the ciphertext.

The maximum number of object handles that can be returned by a call
to C_FindObjects() is 512.

The maximum amount of kernel memory that can be used for crypto
operations is limited by the project.max-crypto-memory resource
control. Allocations in the kernel for buffers and session-related
structures are charged against this resource control.

RETURN VALUES

The return values of each of the implemented functions are defined
and listed in the RSA PKCS#11 v2.20 specification. See
http://www.rsasecurity.com.

ATTRIBUTES

NOTES