侧边栏壁纸
博主头像
银河驿站博主等级

行动起来,活在当下

  • 累计撰写 85 篇文章
  • 累计创建 17 个标签
  • 累计收到 0 条评论

目 录CONTENT

文章目录

#PKCS11使用总结

Administrator
2022-05-16 / 0 评论 / 0 点赞 / 495 阅读 / 16673 字

#PKCS11使用总结

PKCS11函数概述

种类 函数 描述
通用函数 C_Initialize 初始化 Cryptoki
C_Finalize 整理各种适合 Cryptoki 的资源
C_GetInfo 获得关于 Cryptoki的通用信息
C_GetFunctionList 获得 Cryptoki 库函数的进入点
槽和令牌管理函数 GetSlotList 获取系统槽位列表
C_GetSlotInfo 获取指定槽位信息
C_GetTokenInfo 获取指定令牌信息
C_WaitForSlotEvent 等待槽事件(令牌插入,转移等) 的发生
C_GetMechanismList 获取令牌支持的机制的名单
C_GetMechanismInfo 获得关于特殊机制的信息
C_InitToken 初始化一个令牌
C_InitPIN 初始化普通用户的 PIN
C_SetPIN 修改现在用户的 PIN
会话管理函数 C_OpenSession 打开一个会话
C_CloseSession 关闭一个会话
C_CloseAllSessions 用令牌关闭所有的会话
C_GetSessionInfo 获得关于会话的信息
C_GetOperationState 获得会话的加密操作状态
C_SetOperationState 设置会话的加密操作状态
C_Login 注册一个令牌
C_Logout 从一个令牌注销
对象管理函数 C_CreateObject 建立一个对象
C_CopyObject 建立一个对象的拷贝
C_DestroyObject 销毁一个对象
C_GetObjectSize 获取字节中一个对象的大小
C_GetAttributeValue 获取对象的属性值
C_SetAttributeValue 设置对象的属性值
C_FindObjectsInit 初始化一个对象的搜索操作
C_FindObjects 继续一个对象搜索操作
C_FindObjectsFinal 完成一个对象搜索操作
加密函数 C_EncryptInit 初始化加密操作
C_Encrypt 加密单部分数据
C_EncryptUpdate 继续一个多部分加密操作
C_EncryptFinal 完成一个多部分加密操作
解密函数 C_DecryptInit 初始化一个解密操作
C_Decrypt 解密单部分加密数据
C_DecryptUpdate 继续一个多部分解密操作
C_DecryptFinal 完成一个多部分解密操作
摘要函数 C_DigestInit 初始化一个消息摘要操作
C_Digest 摘要单部分数据
C_DigestUpdate 继续一个多部分摘要操作
C_DigestFinal 完成一个多部分摘要操作
签名函数 C_SignInit 初始化一个签名操作
C_Sign 签名单部分数据
C_SignUpdate 继续一个多部分签名操作
C_SignFinal 完成一个多部分签名操作
验签函数 C_VerifyInit 初始化一个验签操作
C_Verify 在单部分数据上鉴定一个签名
C_VerifyUpdate 继续一个多部分鉴定操作
C_VerifyFinal 完成一个多部分鉴定操作
密钥管理函数 C_GenerateKey 产生对称密钥
C_GenerateKeyPair 产生密钥对
C_WrapKey 打包密钥
C_UnwrapKey 解包密钥
C_DeriveKey 密钥衍生
随机数产生函数 C_GenerateRandom 产生随机数

常用属性

  • CK_OBJECT_CLASS

    对象类别

    #define CKO_DATA 		0x00000000	/**数据对象**/
    #define CKO_CERTIFICATE 0x00000001	/**证书对象**/
    #define CKO_PUBLIC_KEY 	0x00000002	/**公钥对象**/
    #define CKO_PRIVATE_KEY 0x00000003	/**私钥对象**/
    #define CKO_SECRET_KEY 	0x00000004	/**密钥对象**/
    
  • CK_KEY_TYPE

    密钥类型

    #define CKK_RSA 0x00000000
    #define CKK_DSA 0x00000001
    #define CKK_DH 	0x00000002
    ……
    
  • CK_ATTRIBUTE_TYPE

    属性类型

    #define CKA_CLASS 				0x00000000
    #define CKA_TOKEN 				0x00000001
    #define CKA_PRIVATE 			0x00000002	// CKA_PRIVATE 属性为 TRUE 时,未登录不能访问
    #define CKA_LABEL 				0x00000003
    #define CKA_APPLICATION 		0x00000010
    #define CKA_VALUE 				0x00000011
    #define CKA_OBJECT_ID 			0x00000012
    #define CKA_CERTIFICATE_TYPE	0x00000080
    #define CKA_ISSUER 				0x00000081
    #define CKA_SERIAL_NUMBER 		0x00000082
    #define CKA_AC_ISSUER 			0x00000083
    #define CKA_OWNER 				0x00000084
    #define CKA_ATTR_TYPES 			0x00000085
    #define CKA_TRUSTED 			0x00000086
    #define CKA_KEY_TYPE 			0x00000100
    #define CKA_SUBJECT 			0x00000101
    #define CKA_ID 					0x00000102
    #define CKA_SENSITIVE 			0x00000103	//如果CKA_SENSITIVE属性为CK_TRUE,则密钥的某些属性不能以令牌外的明文显示。
    #define CKA_ENCRYPT 			0x00000104
    #define CKA_DECRYPT 			0x00000105
    #define CKA_WRAP 				0x00000106
    #define CKA_UNWRAP 				0x00000107
    #define CKA_SIGN 				0x00000108
    #define CKA_SIGN_RECOVER 		0x00000109
    #define CKA_VERIFY 				0x0000010A
    #define CKA_VERIFY_RECOVER 		0x0000010B
    #define CKA_DERIVE 				0x0000010C
    #define CKA_START_DATE 			0x00000110
    #define CKA_END_DATE 			0x00000111
    #define CKA_MODULUS 			0x00000120
    #define CKA_MODULUS_BITS 		0x00000121
    #define CKA_PUBLIC_EXPONENT 	0x00000122
    #define CKA_PRIVATE_EXPONENT 	0x00000123
    #define CKA_PRIME_1 			0x00000124
    #define CKA_PRIME_2 			0x00000125
    #define CKA_EXPONENT_1 			0x00000126
    #define CKA_EXPONENT_2 			0x00000127
    #define CKA_COEFFICIENT 		0x00000128
    #define CKA_PRIME 				0x00000130
    #define CKA_SUBPRIME 			0x00000131
    #define CKA_BASE 				0x00000132
    #define CKA_PRIME_BITS 			0x00000133
    #define CKA_SUB_PRIME_BITS 		0x00000134
    #define CKA_VALUE_BITS 			0x00000160
    #define CKA_VALUE_LEN 			0x00000161
    #define CKA_EXTRACTABLE 		0x00000162	//CKA_EXTRACTABLE属性为CK_FALSE,则密钥的某些属性不能以令牌外的明文显示。
    #define CKA_LOCAL 				0x00000163
    #define CKA_NEVER_EXTRACTABLE 	0x00000164
    #define CKA_ALWAYS_SENSITIVE 	0x00000165
    #define CKA_KEY_GEN_MECHANISM 	0x00000166
    #define CKA_MODIFIABLE 			0x00000170
    /* CKA_ECDSA_PARAMS is deprecated in v2.11 */
    #define CKA_ECDSA_PARAMS 		0x00000180
    #define CKA_EC_PARAMS 			0x00000180
    #define CKA_EC_POINT 			0x00000181
    #define CKA_SECONDARY_AUTH 		0x00000200
    #define CKA_AUTH_PIN_FLAGS 		0x00000201
    #define CKA_HW_FEATURE_TYPE 	0x00000300
    #define CKA_RESET_ON_INIT 		0x00000301
    #define CKA_HAS_RESET 			0x00000302
    #define CKA_VENDOR_DEFINED 		0x80000000
    
  • CK_ATTRIBUTE

    typedef struct CK_ATTRIBUTE {
     CK_ATTRIBUTE_TYPE type;
     CK_VOID_PTR pValue;
     CK_ULONG ulValueLen;
    } CK_ATTRIBUTE;
    
  • CK_MECHANISM_TYPE

    机制类型

    #define CKM_RSA_PKCS_KEY_PAIR_GEN 	0x00000000
    #define CKM_RSA_PKCS 				0x00000001
    #define CKM_RSA_9796 				0x00000002
    #define CKM_RSA_X_509 				0x00000003
    #define CKM_MD2_RSA_PKCS			0x00000004
    #define CKM_MD5_RSA_PKCS 			0x00000005
    #define CKM_SHA1_RSA_PKCS 			0x00000006
    #define CKM_RIPEMD128_RSA_PKCS 		0x00000007
    #define CKM_RIPEMD160_RSA_PKCS 		0x00000008
    #define CKM_RSA_PKCS_OAEP 			0x00000009
    #define CKM_RSA_X9_31_KEY_PAIR_GEN 	0x0000000A
    #define CKM_RSA_X9_31 				0x0000000B
    #define CKM_SHA1_RSA_X9_31 			0x0000000C
    #define CKM_RSA_PKCS_PSS 			0x0000000D
    #define CKM_SHA1_RSA_PKCS_PSS 		0x0000000E
    #define CKM_DSA_KEY_PAIR_GEN 		0x00000010
    #define CKM_DSA 					0x00000011
    #define CKM_DSA_SHA1 				0x00000012
    #define CKM_DH_PKCS_KEY_PAIR_GEN 	0x00000020
    #define CKM_DH_PKCS_DERIVE 			0x00000021
    #define CKM_X9_42_DH_KEY_PAIR_GEN 	0x00000030
    #define CKM_X9_42_DH_DERIVE 		0x00000031
    #define CKM_X9_42_DH_HYBRID_DERIVE 	0x00000032
    #define CKM_X9_42_MQV_DERIVE 		0x00000033
    #define CKM_RC2_KEY_GEN 			0x00000100
    #define CKM_RC2_ECB 				0x00000101
    #define CKM_RC2_CBC 				0x00000102
    #define CKM_RC2_MAC 				0x00000103
    #define CKM_RC2_MAC_GENERAL 		0x00000104
    #define CKM_RC2_CBC_PAD 			0x00000105
    #define CKM_RC4_KEY_GEN 			0x00000110
    #define CKM_RC4 					0x00000111
    #define CKM_DES_KEY_GEN 			0x00000120
    #define CKM_DES_ECB 				0x00000121
    #define CKM_DES_CBC 				0x00000122
    #define CKM_DES_MAC 				0x00000123
    #define CKM_DES_MAC_GENERAL 		0x00000124
    #define CKM_DES_CBC_PAD 			0x00000125
    #define CKM_DES2_KEY_GEN 			0x00000130
    #define CKM_DES3_KEY_GEN 			0x00000131
    #define CKM_DES3_ECB 				0x00000132
    #define CKM_DES3_CBC 				0x00000133
    #define CKM_DES3_MAC 				0x00000134
    #define CKM_DES3_MAC_GENERAL 		0x00000135
    #define CKM_DES3_CBC_PAD 			0x00000136
    #define CKM_CDMF_KEY_GEN 			0x00000140
    #define CKM_CDMF_ECB 				0x00000141
    #define CKM_CDMF_CBC 				0x00000142
    #define CKM_CDMF_MAC 				0x00000143
    #define CKM_CDMF_MAC_GENERAL 		0x00000144
    #define CKM_CDMF_CBC_PAD 			0x00000145
    #define CKM_MD2 					0x00000200
    #define CKM_MD2_HMAC 				0x00000201
    #define CKM_MD2_HMAC_GENERAL 		0x00000202
    #define CKM_MD5 					0x00000210
    #define CKM_MD5_HMAC 				0x00000211
    #define CKM_MD5_HMAC_GENERAL 		0x00000212
    #define CKM_SHA_1 					0x00000220
    #define CKM_SHA_1_HMAC 				0x00000221
    #define CKM_SHA_1_HMAC_GENERAL 		0x00000222
    #define CKM_RIPEMD128 				0x00000230
    #define CKM_RIPEMD128_HMAC 			0x00000231
    #define CKM_RIPEMD128_HMAC_GENERAL 	0x00000232
    #define CKM_RIPEMD160 				0x00000240
    #define CKM_RIPEMD160_HMAC 			0x00000241
    #define CKM_RIPEMD160_HMAC_GENERAL 	0x00000242
    #define CKM_CAST_KEY_GEN 			0x00000300
    #define CKM_CAST_ECB 				0x00000301
    #define CKM_CAST_CBC 				0x00000302
    #define CKM_CAST_MAC 				0x00000303
    #define CKM_CAST_MAC_GENERAL 		0x00000304
    #define CKM_CAST_CBC_PAD 			0x00000305
    #define CKM_CAST3_KEY_GEN 			0x00000310
    #define CKM_CAST3_ECB 				0x00000311
    #define CKM_CAST3_CBC 				0x00000312
    #define CKM_CAST3_MAC 				0x00000313
    #define CKM_CAST3_MAC_GENERAL 		0x00000314
    #define CKM_CAST3_CBC_PAD 			0x00000315
    #define CKM_CAST5_KEY_GEN 			0x00000320
    #define CKM_CAST128_KEY_GEN 		0x00000320
    #define CKM_CAST5_ECB 				0x00000321
    #define CKM_CAST128_ECB 			0x00000321
    #define CKM_CAST5_CBC 				0x00000322
    #define CKM_CAST128_CBC 			0x00000322
    #define CKM_CAST5_MAC 				0x00000323
    #define CKM_CAST128_MAC 			0x00000323
    #define CKM_CAST5_MAC_GENERAL 		0x00000324
    #define CKM_CAST128_MAC_GENERAL 	0x00000324
    #define CKM_CAST5_CBC_PAD 			0x00000325
    #define CKM_CAST128_CBC_PAD 		0x00000325
    #define CKM_RC5_KEY_GEN 			0x00000330
    #define CKM_RC5_ECB 				0x00000331
    #define CKM_RC5_CBC 				0x00000332
    #define CKM_RC5_MAC 				0x00000333
    #define CKM_RC5_MAC_GENERAL 		0x00000334
    #define CKM_RC5_CBC_PAD 			0x00000335
    #define CKM_IDEA_KEY_GEN 			0x00000340
    #define CKM_IDEA_ECB 				0x00000341
    #define CKM_IDEA_CBC 				0x00000342
    #define CKM_IDEA_MAC 				0x00000343
    #define CKM_IDEA_MAC_GENERAL 		0x00000344
    #define CKM_IDEA_CBC_PAD 			0x00000345
    #define CKM_GENERIC_SECRET_KEY_GEN 	0x00000350
    #define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
    #define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
    #define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
    #define CKM_XOR_BASE_AND_DATA 		0x00000364
    #define CKM_EXTRACT_KEY_FROM_KEY 	0x00000365
    #define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
    #define CKM_SSL3_MASTER_KEY_DERIVE 	0x00000371
    #define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
    #define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
    #define CKM_TLS_PRE_MASTER_KEY_GEN 	0x00000374
    #define CKM_TLS_MASTER_KEY_DERIVE 	0x00000375
    #define CKM_TLS_KEY_AND_MAC_DERIVE 	0x00000376
    #define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
    #define CKM_SSL3_MD5_MAC 			0x00000380
    #define CKM_SSL3_SHA1_MAC 			0x00000381
    #define CKM_MD5_KEY_DERIVATION 		0x00000390
    #define CKM_MD2_KEY_DERIVATION 		0x00000391
    #define CKM_SHA1_KEY_DERIVATION 	0x00000392
    #define CKM_PBE_MD2_DES_CBC 		0x000003A0
    #define CKM_PBE_MD5_DES_CBC 		0x000003A1
    #define CKM_PBE_MD5_CAST_CBC 		0x000003A2
    #define CKM_PBE_MD5_CAST3_CBC 		0x000003A3
    #define CKM_PBE_MD5_CAST5_CBC 		0x000003A4
    #define CKM_PBE_MD5_CAST128_CBC 	0x000003A4
    #define CKM_PBE_SHA1_CAST5_CBC 		0x000003A5
    #define CKM_PBE_SHA1_CAST128_CBC 	0x000003A5
    #define CKM_PBE_SHA1_RC4_128 		0x000003A6
    #define CKM_PBE_SHA1_RC4_40 		0x000003A7
    #define CKM_PBE_SHA1_DES3_EDE_CBC 	0x000003A8
    #define CKM_PBE_SHA1_DES2_EDE_CBC 	0x000003A9
    #define CKM_PBE_SHA1_RC2_128_CBC 	0x000003AA
    #define CKM_PBE_SHA1_RC2_40_CBC 	0x000003AB
    #define CKM_PKCS5_PBKD2 			0x000003B0
    #define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
    #define CKM_KEY_WRAP_LYNKS 			0x00000400
    #define CKM_KEY_WRAP_SET_OAEP 		0x00000401
    #define CKM_SKIPJACK_KEY_GEN 		0x00001000
    #define CKM_SKIPJACK_ECB64 			0x00001001
    #define CKM_SKIPJACK_CBC64 			0x00001002
    #define CKM_SKIPJACK_OFB64 			0x00001003
    #define CKM_SKIPJACK_CFB64 			0x00001004
    #define CKM_SKIPJACK_CFB32 			0x00001005
    #define CKM_SKIPJACK_CFB16 			0x00001006
    #define CKM_SKIPJACK_CFB8 			0x00001007
    #define CKM_SKIPJACK_WRAP 			0x00001008
    #define CKM_SKIPJACK_PRIVATE_WRAP 	0x00001009
    #define CKM_SKIPJACK_RELAYX 		0x0000100a
    #define CKM_KEA_KEY_PAIR_GEN 		0x00001010
    #define CKM_KEA_KEY_DERIVE 			0x00001011
    #define CKM_FORTEZZA_TIMESTAMP 		0x00001020
    #define CKM_BATON_KEY_GEN 			0x00001030
    #define CKM_BATON_ECB128 			0x00001031
    #define CKM_BATON_ECB96 			0x00001032
    #define CKM_BATON_CBC128 			0x00001033
    #define CKM_BATON_COUNTER 			0x00001034
    #define CKM_BATON_SHUFFLE 			0x00001035
    #define CKM_BATON_WRAP 				0x00001036
    /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11 */
    #define CKM_ECDSA_KEY_PAIR_GEN 		0x00001040
    #define CKM_EC_KEY_PAIR_GEN 		0x00001040 
    #define CKM_ECDSA 					0x00001041
    #define CKM_ECDSA_SHA1 				0x00001042
    #define CKM_ECDH1_DERIVE 			0x00001050
    #define CKM_ECDH1_COFACTOR_DERIVE 	0x00001051
    #define CKM_ECMQV_DERIVE 			0x00001052
    #define CKM_JUNIPER_KEY_GEN 		0x00001060
    #define CKM_JUNIPER_ECB128 			0x00001061
    #define CKM_JUNIPER_CBC128 			0x00001062
    #define CKM_JUNIPER_COUNTER 		0x00001063
    #define CKM_JUNIPER_SHUFFLE 		0x00001064
    #define CKM_JUNIPER_WRAP 			0x00001065
    #define CKM_FASTHASH 				0x00001070
    #define CKM_AES_KEY_GEN 			0x00001080
    #define CKM_AES_ECB 				0x00001081
    #define CKM_AES_CBC 				0x00001082
    #define CKM_AES_MAC 				0x00001083
    #define CKM_AES_MAC_GENERAL 		0x00001084
    #define CKM_AES_CBC_PAD 			0x00001085
    #define CKM_DSA_PARAMETER_GEN 		0x00002000
    #define CKM_DH_PKCS_PARAMETER_GEN 	0x00002001
    #define CKM_X9_42_DH_PARAMETER_GEN 	0x00002002
    #define CKM_VENDOR_DEFINED		 	0x80000000
    
  • CK_MECHANISM

    typedef struct CK_MECHANISM {
     CK_MECHANISM_TYPE mechanism;
     CK_VOID_PTR pParameter;
     CK_ULONG ulParameterLen;
    } CK_MECHANISM;
    

对象管理

0

评论区