1pkcs11_kernel(5)      Standards, Environments, and Macros     pkcs11_kernel(5)
2
3
4

NAME

6       pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework
7

SYNOPSIS

9       /usr/lib/security/pkcs11_kernel.so
10       /usr/lib/security/64/pkcs11_kernel.so
11
12

DESCRIPTION

14       The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20 specifica‐
15       tion by using a private interface to communicate with the Kernel  Cryp‐
16       tographic Framework.
17
18
19       Each  unique  hardware  provider is represented by a PKCS#11 slot. In a
20       system with no hardware Kernel Cryptographic Framework providers,  this
21       PKCS#11 library presents no slots.
22
23
24       The  PKCS#11  mechanisms  provided by this library is determined by the
25       available hardware providers.
26
27
28       Application developers should link to  libpkcs11.so  rather  than  link
29       directly to pkcs11_kernel.so. See libpkcs11(3LIB).
30
31
32       All  of  the  Standard  PKCS#11 functions listed on libpkcs11(3LIB) are
33       implemented except for the following:
34
35         C_DecryptDigestUpdate
36         C_DecryptVerifyUpdate
37         C_DigestEncryptUpdate
38         C_GetOperationState
39         C_InitToken
40         C_InitPIN
41         C_SetOperationState
42         C_SignEncryptUpdate
43         C_WaitForSlotEvent
44
45
46
47       A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.
48
49
50       Buffers cannot be greater than 2 megabytes.  For  example,  C_Encrypt()
51       can  be  called  with a 2 megabyte buffer of plaintext and a 2 megabyte
52       buffer for the ciphertext.
53
54
55       The maximum number of object handles that can be returned by a call  to
56       C_FindObjects() is 512.
57
58
59       The  maximum amount of kernel memory that can be used for crypto opera‐
60       tions is limited by  the  project.max-crypto-memory  resource  control.
61       Allocations  in  the  kernel for buffers and session-related structures
62       are charged against this resource control.
63

RETURN VALUES

65       The return values of each of the implemented functions are defined  and
66       listed  in the RSA PKCS#11 v2.20 specification. See http://www.rsasecu
67       rity.com.
68

ATTRIBUTES

70       See attributes(5) for a description of the following attributes:
71
72
73
74
75       ┌─────────────────────────────┬─────────────────────────────┐
76       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
77       ├─────────────────────────────┼─────────────────────────────┤
78       │Interface Stability          │Standard: PKCS#11 v2.20      │
79       ├─────────────────────────────┼─────────────────────────────┤
80       │MT-Level                     │MT-Safe  with   exceptions.  │
81       │                             │See  section  6.5.2  of RSA  │
82       │                             │PKCS#11 v2.20                │
83       └─────────────────────────────┴─────────────────────────────┘
84

SEE ALSO

86       cryptoadm(1M),     rctladm(1M),     libpkcs11(3LIB),     attributes(5),
87       pkcs11_softtoken(5)
88
89
90       RSA PKCS#11 v2.20 http://www.rsasecurity.com
91

NOTES

93       Applications  that have an open session to a PKCS#11 slot make the cor‐
94       responding hardware provider driver not  unloadable.  An  administrator
95       must  close  the  applications that have an PKCS#11 session open to the
96       hardware provider to make the driver unloadable.
97
98
99
100SunOS 5.11                        27 Oct 2005                 pkcs11_kernel(5)
Impressum