| blob | 79fb4b6b6536700864b6924cd0496eac4db73865 |
1 '\" te
2 .\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH PKCS11_KERNEL 5 "Oct 27, 2005"
7 .SH NAME
8 pkcs11_kernel \- PKCS#11 interface to Kernel Cryptographic Framework
9 .SH SYNOPSIS
10 .LP
11 .nf
12 /usr/lib/security/pkcs11_kernel.so
13 /usr/lib/security/64/pkcs11_kernel.so
14 .fi
16 .SH DESCRIPTION
17 .sp
18 .LP
19 The \fBpkcs11_kernel.so\fR object implements the RSA PKCS#11 v2.20
20 specification by using a private interface to communicate with the Kernel
21 Cryptographic Framework.
22 .sp
23 .LP
24 Each unique hardware provider is represented by a PKCS#11 slot. In a system
25 with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library
26 presents no slots.
27 .sp
28 .LP
29 The PKCS#11 mechanisms provided by this library is determined by the available
30 hardware providers.
31 .sp
32 .LP
33 Application developers should link to \fBlibpkcs11.so\fR rather than link
34 directly to \fBpkcs11_kernel.so\fR. See \fBlibpkcs11\fR(3LIB).
35 .sp
36 .LP
37 All of the Standard PKCS#11 functions listed on \fBlibpkcs11\fR(3LIB) are
38 implemented except for the following:
39 .sp
40 .in +2
41 .nf
42 C_DecryptDigestUpdate
43 C_DecryptVerifyUpdate
44 C_DigestEncryptUpdate
45 C_GetOperationState
46 C_InitToken
47 C_InitPIN
48 C_SetOperationState
49 C_SignEncryptUpdate
50 C_WaitForSlotEvent
51 .fi
52 .in -2
54 .sp
55 .LP
56 A call to these functions returns \fBCKR_FUNCTION_NOT_SUPPORTED\fR.
57 .sp
58 .LP
59 Buffers cannot be greater than 2 megabytes. For example, \fBC_Encrypt()\fR can
60 be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the
61 ciphertext.
62 .sp
63 .LP
64 The maximum number of object handles that can be returned by a call to
65 \fBC_FindObjects()\fR is 512.
66 .sp
67 .LP
68 The maximum amount of kernel memory that can be used for crypto operations is
69 limited by the \fBproject.max-crypto-memory\fR resource control. Allocations in
70 the kernel for buffers and session-related structures are charged against this
71 resource control.
72 .SH RETURN VALUES
73 .sp
74 .LP
75 The return values of each of the implemented functions are defined and listed
76 in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com.
77 .SH ATTRIBUTES
78 .sp
79 .LP
80 See \fBattributes\fR(5) for a description of the following attributes:
81 .sp
83 .sp
84 .TS
85 box;
86 c | c
87 l | l .
88 ATTRIBUTE TYPE ATTRIBUTE VALUE
89 _
90 Interface Stability Standard: PKCS#11 v2.20
91 _
92 MT-Level T{
93 MT-Safe with exceptions. See section 6.5.2 of RSA PKCS#11 v2.20
94 T}
95 .TE
97 .SH SEE ALSO
98 .sp
99 .LP
100 \fBcryptoadm\fR(1M), \fBrctladm\fR(1M), \fBlibpkcs11\fR(3LIB),
101 \fBattributes\fR(5), \fBpkcs11_softtoken\fR(5)
102 .sp
103 .LP
104 RSA PKCS#11 v2.20 http://www.rsasecurity.com
105 .SH NOTES
106 .sp
107 .LP
108 Applications that have an open session to a PKCS#11 slot make the corresponding
109 hardware provider driver not unloadable. An administrator must close the
110 applications that have an PKCS#11 session open to the hardware provider to make
111 the driver unloadable.