pkcs11_kernel(5) Standards, Environments, and Macros pkcs11_kernel(5)NAMEpkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework
SYNOPSIS
/usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so
DESCRIPTION
The pkcs11_kernel.so object implements the RSA Security Inc. PKCS#11
Cryptographic Token Interface (Cryptoki), v2.20, specification by
using a private interface to communicate with the Kernel Cryptographic
Framework.
Each unique hardware provider is represented by a PKCS#11 slot. In a
system with no hardware Kernel Cryptographic Framework providers, this
PKCS#11 library presents no slots.
The PKCS#11 mechanisms provided by this library is determined by the
available hardware providers.
Application developers should link to libpkcs11.so rather than link
directly to pkcs11_kernel.so. See libpkcs11(3LIB).
All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are
implemented except for the following:
C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent
A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.
Buffers cannot be greater than 2 megabytes. For example, C_Encrypt()
can be called with a 2 megabyte buffer of plaintext and a 2 megabyte
buffer for the ciphertext.
The maximum number of object handles that can be returned by a call to
C_FindObjects() is 512.
The maximum amount of kernel memory that can be used for crypto opera‐
tions is limited by the project.max-crypto-memory resource control.
Allocations in the kernel for buffers and session-related structures
are charged against this resource control.
RETURN VALUES
The return values of each of the implemented functions are defined and
listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecu‐
rity.com.
ATTRIBUTES
See attributes(5) for a description of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Standard: PKCS#11 v2.20 │
├─────────────────────────────┼─────────────────────────────┤
│MT-Level │MT-Safe with exceptions. │
│ │See section 6.6.2 of RSA │
│ │PKCS#11 v2.20 │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOcryptoadm(1M), rctladm(1M), libpkcs11(3LIB), attributes(5),
pkcs11_softtoken(5)
RSA PKCS#11 v2.20 http://www.rsasecurity.com
NOTES
Applications that have an open session to a PKCS#11 slot make the cor‐
responding hardware provider driver not unloadable. An administrator
must close the applications that have an PKCS#11 session open to the
hardware provider to make the driver unloadable.
SunOS 5.10 22 Oct 2010 pkcs11_kernel(5)