第1页 / 共261页
第2页 / 共261页
第3页 / 共261页
第4页 / 共261页
第5页 / 共261页
第6页 / 共261页
第7页 / 共261页
第8页 / 共261页
PKCS11标准(中文版).doc
PKCS #11 v2.11密码令牌接口标准
(PKCS #11 v2.11: Cryptographic Token Interface Sta
RSA实验室
修订版1(2001年10月
1.引言
2.适用范围
3.参考文献
4.定义
Cryptographic Device(密码设备)
Cryptoki library (Cryptoki库)
5.符号与缩写
6.概述
6.1设计目的
6.2通用模型
6.3令牌的逻辑视图
6.4用户
6.5应用程序和它们的Cryptoki使用
6.5.1应用程序和进程
6.5.2应用程序和线程
6.6会话
6.6.1只读会话状态
6.6.2读/写会话状态
6.6.3由会话限制的对象访问
6.6.4会话事件
6.6.5会话句柄和对象句柄
6.6.6会话的能力
6.6.7会话使用的范例
6.7二次鉴别(反对)
6.7.1使用由二次鉴别保护的密钥
6.7.2产生由二次鉴别保护的私钥
6.7.3改变二次鉴别PIN值
6.7.4二次鉴别PIN搜集机制
6.8函数概述68
7.安全考虑
8.独立的平台和自动编译器指示C 或 C++
8.1结构填充
8.2相关指针的宏
8.3示范独立的平台和自动编译器编码
8.3.1Win32
8.3.2Win16
8.3.3类属 UNIX
9.通用数据类型
9.1通用信息
CK_VERSION_PTR 是CK_VERSION的一个指针。
CK_INFO_PTR 是CK_INFO的一个指针。
9.2槽和令牌类型
CK_SLOT_ID_PTR 是 CK_SLOT_ID的一个指针。
CK_SLOT_INFO_PTR 是CK_SLOT_INFO的一个指针。
/* Application can open as many sessions as it w
/* ulMaxSessionCount really does contain what it
CK_TOKEN_INFO_PTR 是CK_TOKEN_INFO的一个指针。
9.3会话类型
CK_SESSION_HANDLE_PTR 是CK_SESSION_HANDLE的一个指针。
CK_SESSION_INFO_PTR 是CK_SESSION_INFO的一个指针。
9.4对象类型
CK_OBJECT_HANDLE_PTR 是CK_OBJECT_HANDLE的一个指针。
CK_OBJECT_CLASS_PTR 是CK_OBJECT_CLASS的一个指针。
CK_ATTRIBUTE_PTR 是CK_ATTRIBUTE的一个指针。
9.5机制的数据类型
#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
CK_MECHANISM_TYPE_PTR 是CK_MECHANISM_TYPE的一个指针。
CK_MECHANISM_PTR 是CK_MECHANISM的一个指针。
CK_MECHANISM_INFO_PTR 是CK_MECHANISM_INFO的一个指针。
9.6函数类型
CK_FUNCTION_LIST_PTR 是CK_FUNCTION_LIST的一个指针。
CK_FUNCTION_LIST_PTR_PTR 是CK_FUNCTION_LIST_PTR的一个指
9.7相关锁定类型
CK_VOID_PTR_PTR ppMutex
CK_VOID_PTR pMutex
CK_VOID_PTR pMutex
CK_VOID_PTR pMutex
CK_C_INITIALIZE_ARGS_PTR 是CK_C_INITIALIZE_ARGS的一个指
10.对象
10.1创建、修改和复制对象
10.1.1创建对象
10.1.2修改对象
10.1.3复制对象
10.2公共属性
10.3硬件特征对象
10.3.1时钟对象
10.3.2单调计数器对象
10.4存储对象
10.5数据对象
10.6证书对象
10.6.1X.509公钥证书对象
10.6.2X.509属性证书对象
10.7密钥对象
10.8公钥对象
10.8.1RSA公钥对象
10.8.2DSA公钥对象
10.8.3ECDSA 公共密钥对象
10.8.4Diffie-Hellman 公共密钥对象
10.8.5KEA 公共密钥对象
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
10.9私钥对象
10.9.1RSA 私钥对象
10.9.2ECDSA 公共密钥对象
10.9.3Diffie-Hellman 公共密钥对象
10.9.4KEA 公共密钥对象
CKA_PRIME, CKA_SUBPRIME 和CKA_BASE 属性值总的来说是“KEA 参数。
10.10私钥对象
10.10.1RSA 私钥对象
10.10.2DSA 私钥对象
10.10.3ECDSA 私钥对象
10.10.4Diffie-Hellman 私钥对象
10.10.5KEA 私钥对象
10.11保密密钥对象
10.11.1类属保密密钥对象
10.11.2RC2 保密密钥对象
10.11.3RC4 保密密钥对象
10.11.4RC5 保密密钥对象
10.11.5AES 保密密钥对象
10.11.6DES 保密密钥对象
10.11.7DES2 保密密钥对象
10.11.8DES3 保密密钥对象
10.11.9CAST 保密密钥对象
10.11.10CAST3 保密密钥对象
10.11.11CAST128 (CAST5) 保密密钥对象
10.11.12IDEA 保密密钥对象
10.11.13CDMF 保密密钥对象
10.11.14SKIPJACK 保密密钥对象
10.11.15BATON 保密 密钥对象
10.11.16JUNIPER 保密密钥对象
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
11.函数
11.1函数返回值
11.1.1通用 Cryptoki函数返回值
11.1.2使用一个对话句柄的函数的Cryptoki函数返回值
11.1.3使用一个令牌的函数的Cryptoki 函数返回值
11.1.4应用提供回叫的特殊返回值
11.1.5Mutex管理函数的特殊返回值
11.1.6所有其他的 Cryptoki函数返回值
11.1.7Cryptoki错误的相关优先权的细节
11.1.8错误码 “gotchas”
11.2在可变长度缓冲器中返回函数的惯例
11.3关于样本代码的否认声明
11.4通用函数
11.5槽和令牌管理函数
11.6对话管理函数
11.7对象管理函数
CK_OBJECT_HANDLE
CK_OBJECT_CLASS
CK_ATTRIBUTE certificateTemplate[] = {
CK_ATTRIBUTE keyTemplate[] = {
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
CK_RV rv;
CK_ATTRIBUTE copyTemplate[] = {
CK_RV rv;
/* Create a copy which is a token object */
CK_RV rv;
CK_RV rv;
11.8加密函数
&encryptedData[ulEncryptedData1Len+ulEncrypted
11.9解密函数
11.10消息摘要函数
CKM_MD5, NULL_PTR, 0
11.11签名和 MACing函数
CKM_DES_MAC, NULL_PTR, 0
CKM_RSA_9796, NULL_PTR, 0
11.12校验签名和MACs的函数
CKM_DES_MAC, NULL_PTR, 0
CKM_RSA_9796, NULL_PTR, 0
11.13双重目的的密码函数
CKM_MD5, NULL_PTR, 0
CK_MECHANISM encryptionMechanism = {
CK_MECHANISM digestMechanism = {
CKM_MD5, NULL_PTR, 0
CKM_DES_MAC, NULL_PTR, 0
CK_MECHANISM encryptionMechanism = {
CK_BYTE MAC[4];
CK_MECHANISM verifyMechanism = {
CKM_DES_MAC, NULL_PTR, 0
CK_BYTE MAC[4];
11.14密钥管理函数
CKM_DES_KEY_GEN, NULL_PTR, 0
CK_RV rv;
CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0
CK_ATTRIBUTE privateKeyTemplate[] = {
CK_RV rv;
CKM_DES3_ECB, NULL_PTR, 0
CKM_DES3_ECB, NULL_PTR, 0
CK_RV rv;
CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0
CK_ATTRIBUTE pTemplate[] = {
CK_ATTRIBUTE privateKeyTemplate[] = {
{CKA_DERIVE, &true, sizeof(true)}
CK_ATTRIBUTE template[] = {
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
CK_RV rv;
/* Put other guy’s public value in otherPublic
11.15随机数生成函数
11.16并行功能管理函数
11.17回调函数
11.17.1放弃回调
11.17.2卖商定义的回调
12.机制
12.1RSA 机制
12.1.1PKCS #1 RSA 密钥对生成
12.1.2PKCS #1 RSA
12.1.3PKCS #1 RSA OAEP 机制参数
CK_RSA_PKCS_MGF_TYPE_PTR 是CK_RSA_PKCS_ MGF_TYPE的指针
CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR 是 CK_RSA_PKCS_OAE
CK_RSA_PKCS_OAEP_PARAMS_PTR 是CK_RSA_PKCS_OAEP_PARA
12.1.4PKCS #1 RSA OAEP
12.1.5ISO/IEC 9796 RSA
12.1.6X.509 (raw) RSA
12.1.7ANSI X9.31 RSA
12.1.8 带有MD2, MD5, 或SHA-1 的PKCS #1 RSA
12.1.9带有SHA-1的ANSI X9.31 RSA 签名
12.2DSA 机制
12.2.1DSA 密钥对生成
12.2.2没有散列的DSA
12.2.3带有SHA-1的DSA
12.2.4FORTEZZA 时间戳记
12.3关于ECDSA
12.4ECDSA 机制
12.4.1ECDSA 密钥对生成
12.4.2没有散列的ECDSA
12.4.3带有SHA-1的ECDSA
12.5Diffie-Hellman 机制
12.5.1PKCS #3 Diffie-Hellman 密钥对生成
12.5.2PKCS #3 Diffie-Hellman 密钥派生
12.6KEA 机制参数
CK_KEA_DERIVE_PARAMS_PTR 是一个指向一个CK_KEA_DERIVE_PARA
12.7KEA 机制
12.7.1KEA 密钥对生成
12.7.2KEA 密钥派生
12.8类属保密密钥机制
12.8.1类属保密密钥生成
CK_OBJECT_CLASS = CKO_SECRET_KEY;
CK_KEY_TYPE = CKK_GENERIC_SECRET;
12.9加密/脱密私钥(RSA, Diffie-Hellman, 和 DSA)
NULL
DHParameter ::= SEQUENCE {
Dss-Parms ::= SEQUENCE {
DSAParameters ::= SEQUENCE {
12.10关于RC2
12.11RC2 机制参数
CK_RC2_PARAMS_PTR 是CK_RC2_PARAMS的一个指针。
CK_RC2_CBC_PARAMS_PTR 是CK_RC2_CBC_PARAMS的一个指针。
12.12RC2 机制
12.12.1RC2 密钥生成
12.12.2RC2-ECB
12.12.3RC2-CBC
12.12.4带有PKCS填充的RC2-CBC
12.12.5通用长度RC2-MAC
12.12.6RC2-MAC
12.13RC4 机制
12.13.1RC4 密钥生成
12.13.2RC4
12.14关于RC5
12.15RC5 机制参数
CK_RC5_PARAMS_PTR 是CK_RC5_PARAMS的一个指针。
CK_RC5_CBC_PARAMS_PTR 是CK_RC5_CBC_PARAMS的一个指针。
CK_RC5_MAC_GENERAL_PARAMS_PTR 是CK_RC5_MAC_GENERAL_
12.16RC5 机制
12.16.1RC5 密钥生成
12.16.2RC5-ECB
12.16.3RC5-CBC
12.16.4带有PKCS填充的RC5-CBC
12.16.5通用长度RC5-MAC
12.16.6RC5-MAC
12.17AES 机制参数
CK_AES_PARAMS_PTR 是CK_AES_PARAMS的指针。
CK_AES_CBC_PARAMS_PTR 是CK_AES_CBC_PARAMS的一个指针。
CK_AES_MAC_GENERAL_PARAMS_PTR 是CK_AES_MAC_GENERAL_
12.18AES 机制
12.18.1AES 密钥生成
12.18.2AES-ECB
12.18.3AES-CBC
12.18.4带有PKCS填充的AES-CBC
12.18.5通用长度AES-MAC
12.18.6AES-MAC
12.19通用块密码机制参数
CK_MAC_GENERAL_PARAMS_PTR 是CK_MAC_GENERAL_PARAMS的一
12.20通用块密码机制
12.20.1通用块密码密钥生成
12.20.2通用块密码ECB
12.20.3通用块密码 CBC
12.20.4带有PKCS填充的通用块密码CBC
12.20.5通用长度通用块密码MAC
12.20.6通用块密码MAC
12.21双倍和三倍长度DES 机制
12.21.1双倍长度DES 密钥生成
12.21.2操作的三倍长DES顺序
DES3-E( {K1,K2,K3}, P ) = E( K3, D( K2, E( K1, P )
12.21.3CBC方式中的DES
DES3-CBC-E( {K1,K2,K3}, P ) = E( K3, D( K2, E( K1,
12.22SKIPJACK 机制参数
CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR 是CK_PRIVATE_WR
CK_SKIPJACK_RELAYX_PARAMS_PTR 是CK_SKIPJACK_RELAYX_
12.23SKIPJACK 机制
12.23.1SKIPJACK 密钥生成
12.23.2SKIPJACK-ECB64
12.23.3SKIPJACK-CBC64
12.23.4SKIPJACK-OFB64
12.23.5SKIPJACK-CFB64
12.23.6SKIPJACK-CFB32
12.23.7SKIPJACK-CFB16
12.23.8SKIPJACK-CFB8
12.23.9SKIPJACK-WRAP
12.23.10SKIPJACK-PRIVATE-WRAP
12.23.11SKIPJACK-RELAYX
12.24BATON 机制
12.24.1BATON 密钥生成
12.24.2BATON-ECB128
12.24.3BATON-ECB96
12.24.4BATON-CBC128
12.24.5BATON-COUNTER
12.24.6BATON-SHUFFLE
12.24.7BATON 加密
12.25JUNIPER 机制
12.25.1JUNIPER 密钥生成
12.25.2JUNIPER-ECB128
12.25.3JUNIPER-CBC128
12.25.4JUNIPER-COUNTER
12.25.5JUNIPER-SHUFFLE
12.25.6JUNIPER 加密
12.26MD2 机制
12.26.1MD2
12.26.2通用长度MD2-HMAC
12.26.3MD2-HMAC
12.26.4MD2 密钥派生
12.27MD5 机制
12.27.1MD5
12.27.2通用长度 MD5-HMAC
Table表118, 通用长度MD5-HMAC: 密钥和数据长度
12.27.3MD5-HMAC
12.27.4MD5 密钥派生
12.28SHA-1 机制
12.28.1SHA-1
12.28.2通用长度SHA-1-HMAC
12.28.3SHA-1-HMAC
12.28.4SHA-1 密钥派生
12.29FASTHASH 机制
12.29.1FASTHASH
12.30基于口令鉴别的加密机制参数
CK_PBE_PARAMS_PTR 是CK_PBE_PARAMS的指针。
12.31PKCS #5 和PKCS #5-风格口令的加密机制
12.31.1用于DES-CBC 的MD2-PBE
12.31.2用于DES-CBC 的MD5-PBE
12.31.3用于CAST-CBC的MD5-PBE
12.31.4用于CAST3-CBC 的MD5-PBE
12.31.5用于CAST128-CBC(CAST5-CBC)的 MD5-PBE
12.31.6用于CAST128-CBC (CAST5-CBC)的SHA-1-PBE
12.31.7PKCS #5 PBKDF2 密钥生成机制参数
CK_PKCS5_PBKD2_PARAMS_PTR 是CK_PKCS5_PBKD2_PARAMS的一
12.31.8PKCS #5 PBKD2 密钥生成
12.32PKCS #12 基于口令的加密/鉴别机制
12.32.1用于128-位的RC4 SHA-1-PBE
12.32.2用于40-位的RC4 SHA-1-PBE
12.32.3用于3-密钥三倍(key triple)-DES-CBC的 SHA-1-PBE
12.32.4用于3-密钥三倍(key triple)-DES-CBC的 SHA-1-PBE
12.32.5用于128-位 RC2-CBC 的SHA-1-PBE
12.32.6用于40-位RC2-CBC 的SHA-1-PBE
12.32.7用于SHA-1-HMAC 的SHA-1-PBA
12.33SET 机制参数
CK_KEY_WRAP_SET_OAEP_PARAMS_PTR 是CK_KEY_WRAP_SET_O
12.34SET 机制
12.34.1用于SET的OAEP密钥加密
12.35LYNKS 机制
12.35.1LYNKS 密钥加密
12.36SSL 机制参数
CK_SSL3_KEY_MAT_OUT_PTR 是CK_SSL3_KEY_MAT_OUT的指针。
CK_SSL3_KEY_MAT_PARAMS_PTR 是CK_SSL3_KEY_MAT_PARAMS
12.37SSL 机制
12.37.1Pre_master密钥生成
12.37.2Master 密钥派生
12.37.3密钥和MAC派生
10.37.4 SSL 3.0中的MD5 MACing
10.37.5 SSL 3.0中的SHA-1 MACing
12.38混杂简单密钥派生机制的参数
CK_EXTRACT_PARAMS_PTR 是CK_EXTRACT_PARAMS的一个指针。
12.39混杂简单密钥派生机制
12.39.1一个基本密钥和另一密钥的连接
12.39.2一个基本密钥和数据的连接
12.39.3数据和一个基本密钥的连接
12.39.4将一个密钥和数据执行“异或”运算
12.39.5一个密钥从另一个密钥中折取
12.40RIPE-MD 128 机制
12.40.1RIPE-MD 128
12.40.2通用长度RIPE-MD 128-HMAC
12.40.3RIPE-MD 128-HMAC
12.41RIPE-MD 160 机制
12.41.1RIPE-MD 160
12.41.2通用长度RIPE-MD 160-HMAC
12.41.3RIPE-MD 160-HMAC
13.Cryptoki 警告和提示
13.1操作、会话和线程
13.2多应用程序访问特性
13.3目标,属性和属性单元
13.4带恢复的签名
A.令牌剖析
SHA-1
A.2 单元数字包数据
B.Cryptoki 和其它API的比较
B.1 FORTEZZA CIPG, 修订版 1.52
C.明智的性能考虑
D.通过Cryptoki显示一个令牌上多个PIN的方法
虚拟槽和令牌
目标可视度
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
PKCS #11 v2.11 密码令牌接口标准
(PKCS #11 v2.11: Cryptographic Token Interface Standard)
RSA 实验室
修订版12001 年10 月
目录
1. 前言......................................................................................................................错误!未定义书签。
2. 范围........................................................................................................................................................2
3. 参考........................................................................................................................................................2
4. 定义........................................................................................................................................................4
5. 信号和缩写............................................................................................................................................7
6. 概述......................................................................................................................................................10
6.1
6.2
6.3
6.4
6.5
6.6
设计目标.................................................................................................................................... 10
通用模型.................................................................................................... 错误!未定义书签。
令牌的逻辑视图........................................................................................................................ 12
用户 ............................................................................................................................................ 12
应用程序及其 CRYPTOKI 的使用............................................................................................. 13
6.5.1 应用程序和进程....................................................................................................................13
6.5.2 应用程序和线程....................................................................................................................13
会话 ............................................................................................................................................ 14
6.6.1 只读会话状态........................................................................................................................14
6.6.2 读/写会话状态.......................................................................................................................15
6.6.3 会话容许的访问对象............................................................................................................16
66.6.4 会话事件................................................................................................................................17
.6.5 会话句柄和对象句柄............................................................................................................17
6.6.6 会话能力................................................................................................................................17
6.6.7 使用会话的举例....................................................................................................................18
二级身份验证 (反对)..............................................................................................................19
6.7
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
6.7.1 使用由二级身份验证保护的密钥........................................................................................20
6.7.2 生成由二级身份验证保护的私钥........................................................................................20
6.7.3 改变二级身份验证 PIN 值.................................................................................................. 20
6.7.4 二级身份验证 PIN 收集机制.............................................................................................. 20
函数概述.................................................................................................................................... 20
6.8
7. 安全考虑..............................................................................................................................................23
8. 依平台和编译器而定的 C 或 C++指令.......................................................................................... 23
结构压缩.................................................................................................................................... 24
指针相关的宏............................................................................................................................ 24
CK_PTR ......................................................................................................................................24
CK_DEFINE_FUNCTION......................................................................................................... 24
CK_DECLARE_FUNCTION ......................................................................................................24
CK_DECLARE_FUNCTION_POINTER ................................................................................... 24
CK_CALLBACK_FUNCTION ....................................................................................................25
NULL_PTR ................................................................................................................................. 25
依抽样平台和编译器而定的代码 ............................................................................................ 25
8.3.1 Win32..................................................................................................................................... 25
8.3.2 Win16..................................................................................................................................... 26
8.3.3 类属 UNIX............................................................................................................................ 26
9. 通用数据类型 ......................................................................................................................................27
8.1
8.2
8.3
9.1
9.2
9.3
9.4
通用信息.................................................................................................................................... 27
CK_VERSION; CK_VERSION_PTR..........................................................................................27
CK_INFO; CK_INFO_PTR........................................................................................................28
CK_NOTIFICATION..................................................................................................................28
槽和令牌类型............................................................................................................................ 29
CK_SLOT_ID; CK_SLOT_ID_PTR........................................................................................... 29
CK_SLOT_INFO; CK_SLOT_INFO_PTR .................................................................................29
CK_TOKEN_INFO; CK_TOKEN_INFO_PTR ..........................................................................30
会话类型.................................................................................................................................... 35
CK_SESSION_HANDLE; CK_SESSION_HANDLE_PTR .........................................................35
CK_USER_TYPE........................................................................................................................35
CK_STATE ..................................................................................................................................36
CK_SESSION_INFO; CK_SESSION_INFO_PTR .....................................................................36
对象类型.................................................................................................................................... 37
CK_OBJECT_HANDLE; CK_OBJECT_HANDLE_PTR .......................................................... 37
CK_OBJECT_CLASS; CK_OBJECT_CLASS_PTR...................................................................37
CK_HW_FEATURE_TYPE ........................................................................................................ 37
CK_KEY_TYPE .......................................................................................................................... 38
CK_CERTIFICATE_TYPE.........................................................................错误!未定义书签。
CK_ATTRIBUTE_TYPE ............................................................................................................. 39
CK_ATTRIBUTE; CK_ATTRIBUTE_PTR .................................................................................40
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
9.5
9.6
9.7
CK_DATE ................................................................................................................................... 41
机制的数据类型........................................................................................................................ 41
CK_MECHANISM_TYPE; CK_MECHANISM_TYPE_PTR ..................................................... 41
CK_MECHANISM; CK_MECHANISM_PTR ............................................................................ 45
CK_MECHANISM_INFO; CK_MECHANISM_INFO_PTR ..................................................... 46
函数数据类型............................................................................................................................ 48
CK_RV........................................................................................................................................ 48
CK_NOTIFY............................................................................................................................... 50
CK_C_XXX................................................................................................................................. 50
CK_FUNCTION_LIST; CK_FUNCTION_LIST_PTR; CK_FUNCTION_LIST_PTR_PTR......51
与封锁相关的类型 .................................................................................................................... 52
CK_CREATEMUTEX ................................................................................................................. 53
CK_DESTROYMUTEX ...............................................................................................................53
CK_LOCKMUTEX and CK_UNLOCKMUTEX .........................................................................53
CK_C_INITIALIZE_ARGS; CK_C_INITIALIZE_ARGS_PTR.................................................. 54
10.
对象................................................................................................................................................. 56
10.6.1
10.6.2
10.1 创建、修改和复制对象............................................................................................................ 57
10.1.1 创建对象...........................................................................................................................57
10.1.2 修改对象...........................................................................................................................58
10.1.3 复制对象...........................................................................................................................58
10.2 公共属性.................................................................................................................................... 58
10.3 硬件特征对象............................................................................................................................ 59
10.3.1 时钟对象...........................................................................................................................59
10.3.2 单调计数器对象...............................................................................................................60
10.4 存储器对象 ................................................................................................................................ 60
10.5 数据对象.................................................................................................................................... 61
10.6 证书对象.................................................................................................................................... 62
X.509 公钥证书对象........................................................................................................ 63
X.509 属性证书对象........................................................................................................ 64
10.7 密钥对象.................................................................................................................................... 65
10.8 公钥对象.................................................................................................................................... 66
RSA 公钥对象...................................................................................................................67
9.6.2. DSA 公钥对象........................................................................................................ 68
ECDSA 公钥对象............................................................................................................. 57
Diffie-Hellman 公钥对象.................................................................................................75
KEA 公钥对象................................................................................................................. 76
10.9 私钥对象.................................................................................................................................... 77
RSA 私钥对象...................................................................................................................79
DSA 私钥对象.................................................................................................................. 81
ECDSA 私钥对象............................................................................................................. 82
Diffie-Hellman 私钥对象..................................................................................................82
KEA 私钥对象................................................................................................................. 83
10.8.1
10.8.2
10.8.3
10.8.4
10.8.5
10.9.1
10.9.2
10.9.3
10.9.4
10.9.5
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
10.10 保密密钥对象............................................................................................................................ 84
10.10.1 类属保密密钥对象...........................................................................................................85
10.10.2
RC2 保密密钥对象...........................................................................................................86
RC4 保密密钥对象...........................................................................................................87
10.10.3
RC5 保密密钥对象..........................................................................................................87
10.10.4
10.10.5
AES 保密密钥对象...........................................................................................................88
DES 保密密钥对象.......................................................................................................... 88
10.10.6
DES2 保密密钥对象....................................................................................................... 89
10.10.7
10.10.8
DES3 保密密钥对象....................................................................................................... 89
10.10.9
CAST 保密密钥对象........................................................................................................ 90
10.10.10 CAST3 保密密钥对象...................................................................................................... 91
10.10.11 CAST128 (CAST5)保密密钥对象.................................................................................... 91
10.10.12
IDEA 保密密钥对象.........................................................................................................92
10.10.13 CDMF 保密密钥对象..................................................................................................... 92
SKIPJACK 保密密钥对象...............................................................................................93
10.10.14
10.10.15
BATON 保密密钥对象.................................................................................................... 94
JUNIPER 保密密钥对象..................................................................................................95
10.10.16
11.
函数................................................................................................................. 错误!未定义书签。
11.1 函数返回值 ................................................................................................ 错误!未定义书签。
11.1.1 通用 Cryptoki 函数返回值..............................................................................................98
11.1.2 使用一个会话句柄的函数的Cryptoki 函数返回值.......................................................98
11.1.3 使用一个令牌的函数的Cryptoki 函数返回值...............................................................98
11.1.4 用于应用程序提供的回叫的特殊返回值.......................................................................99
11.1.5 用于互斥处理函数的特殊返回值...................................................................................99
11.1.6 所有Cryptoki 函数返回值...............................................................................................99
11.1.7
Cryptoki 错误的相关优先权的细节................................................错误!未定义书签。
11.1.8 错误代码“gotchas”........................................................................................................103
11.2 在可变长度缓冲器中返回输出的函数的约定 ...................................................................... 103
11.3 关于样本代码的否认声明 ...................................................................................................... 104
11.4 通用函数.................................................................................................................................. 104
C_Initialize ................................................................................................................................104
C_Finalize .................................................................................................................................105
C_GetInfo ..................................................................................................................................105
C_GetFunctionList ....................................................................................................................106
11.5 槽和令牌管理函数 .................................................................................................................. 106
C_GetSlotList ............................................................................................................................107
C_GetSlotInfo........................................................................................................................... 108
C_GetTokenInfo........................................................................................................................108
C_WaitForSlotEvent .................................................................................................................109
C_GetMechanismList ................................................................................................................110
C_GetMechanismInfo ............................................................................................................... 111
C_InitToken.............................................................................................................................. 112
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
C_InitPIN..................................................................................................................................113
C_SetPIN.................................................................................................................................. 114
11.6 会话管理函数.......................................................................................................................... 115
C_OpenSession......................................................................................................................... 115
C_CloseSession .........................................................................................................................116
C_CloseAllSessions .................................................................................................................. 116
C_GetSessionInfo ......................................................................................................................117
C_GetOperationState ................................................................................................................118
C_SetOperationState................................................................................................................ 119
C_Login .................................................................................................................................... 121
C_Logout.................................................................................................................................. 121
11.7 对象管理函数.......................................................................................................................... 122
C_CreateObject ........................................................................................................................ 122
C_CopyObject ...........................................................................................................................124
C_DestroyObject ...................................................................................................................... 125
C_GetObjectSize .......................................................................................................................126
C_GetAttributeValue................................................................................................................ 127
C_SetAttributeValue................................................................................................................. 128
C_FindObjectsInit.................................................................................................................... 129
C_FindObjects..........................................................................................................................130
C_FindObjectsFinal................................................................................................................. 130
11.8 加密函数.................................................................................................................................. 131
C_EncryptInit ............................................................................................................................131
C_Encrypt ................................................................................................................................. 131
C_EncryptUpdate..................................................................................................................... 132
C_EncryptFinal........................................................................................................................ 132
11.9 解密函数.................................................................................................................................. 134
C_DecryptInit ........................................................................................................................... 134
C_Decrypt .................................................................................................................................135
C_DecryptUpdate ..................................................................................................................... 135
C_DecryptFinal ........................................................................................................................ 136
11.10 消息摘要函数.......................................................................................................................... 138
C_DigestInit ..............................................................................................................................138
C_Digest ................................................................................................................................... 138
C_DigestUpdate ........................................................................................................................139
C_DigestKey ............................................................................................................................. 139
C_DigestFinal ...........................................................................................................................139
11.11 签名和 MACING 函数............................................................................................................. 141
C_SignInit ................................................................................................................................. 141
C_Sign.......................................................................................................................................141
C_SignUpdate...........................................................................................................................142
C_SignFinal ..............................................................................................................................142
C_SignRecoverInit ....................................................................................................................143
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
C_SignRecover..........................................................................................................................144
11.12 用于验证签名和 MAC 的函数...............................................................................................145
C_VerifyInit .............................................................................................................................. 145
C_Verify ....................................................................................................................................145
C_VerifyUpdate........................................................................................................................ 146
C_VerifyFinal ........................................................................................................................... 146
C_VerifyRecoverInit ................................................................................................................. 147
C_VerifyRecover .......................................................................................................................148
11.13 双重功能密码函数 .................................................................................................................. 149
C_DigestEncryptUpdate ...........................................................................................................149
C_DecryptDigestUpdate...........................................................................................................151
C_SignEncryptUpdate.............................................................................................................. 154
C_DecryptVerifyUpdate........................................................................................................... 157
11.14 密钥管理函数.......................................................................................................................... 159
C_GenerateKey .........................................................................................................................160
C_GenerateKeyPair ..................................................................................................................161
C_WrapKey ...............................................................................................................................162
C_UnwrapKey .......................................................................................................................... 164
C_DeriveKey .............................................................................................................................165
11.15 随机数生成函数...................................................................................................................... 167
C_SeedRandom.........................................................................................................................167
C_GenerateRandom ..................................................................................................................167
11.16 并行功能管理函数 .................................................................................................................. 168
C_GetFunctionStatus................................................................................................................168
C_CancelFunction....................................................................................................................168
11.17 回叫函数.................................................................................................................................. 169
11.17.1 放弃回叫.........................................................................................................................169
11.17.2 厂商定义的回叫.............................................................................................................169
12.
机制............................................................................................................................................... 169
12.1
RSA 机制..................................................................................................................................173
PKCS #1 RSA 密钥对生成............................................................................................. 173
12.1.1
PKCS #1 RSA.................................................................................................................. 174
12.1.2
12.1.3
PKCS #1 RSA OAEP 机制参数......................................................................................174
CK_RSA_PKCS_MGF_TYPE; CK_RSA_PKCS_MGF_TYPE_PTR.......................................174
CK_RSA_PKCS_OAEP_SOURCE_TYPE; CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR. 175
CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTR........................ 175
PKCS #1 RSA OAEP .......................................................................................................176
12.1.4
12.1.5
ISO/IEC 9796 RSA .......................................................................................................... 176
X.509 (raw) RSA..............................................................................................................177
12.1.6
12.1.7
ANSI X9.31 RSA.............................................................................................................. 178
12.1.8 用 MD2, MD5, 或SHA-1 的PKCS #1 RSA 签名....................................................... 178
12.1.9 用 SHA-1 的ANSI X9.31 RSA 签名.............................................................................. 179
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
12.2
12.5
12.7.1
12.7.2
12.6
12.7
12.5.1
12.5.2
DSA 机制................................................................................................................................. 179
12.2.1
DSA 密钥对生成........................................................................................................... 179
12.2.2 不用散列法的DSA........................................................................................................ 180
12.2.3 用SHA-1 的DSA............................................................................................................180
12.2.4
FORTEZZA 时间戳记.................................................................................................... 180
12.3 关于 ECDSA............................................................................................................................ 181
ECDSA 机制............................................................................................................................ 181
12.4
12.4.1
ECDSA 密钥对生成....................................................................................................... 181
12.4.2 不用散列法的ECDSA ................................................................................................... 182
12.4.3 用SHA-1 的ECDSA.......................................................................................................182
DIFFIE-HELLMAN 机制..............................................................................................................183
PKCS #3 Diffie-Hellman 密钥对生成............................................................................183
PKCS #3 Diffie-Hellman 密钥派生................................................................................183
KEA 机制参数......................................................................................................................... 183
CK_KEA_DERIVE_PARAMS; CK_KEA_DERIVE_PARAMS_PTR.......................................183
KEA 机制................................................................................................................................. 184
KEA 密钥对生成............................................................................................................ 184
KEA 密钥派生................................................................................................................ 184
12.8 类属保密密钥机制 .................................................................................................................. 186
12.8.1 类属保密密钥生成.........................................................................................................186
12.9 加/脱密私钥(RSA, DIFFIE-HELLMAN, 和 DSA) .....................................................................186
12.10 关于 RC2.................................................................................................................................. 187
RC2 机制参数.......................................................................................................................... 187
12.11
CK_RC2_PARAMS; CK_RC2_PARAMS_PTR ........................................................................187
CK_RC2_CBC_PARAMS; CK_RC2_CBC_PARAMS_PTR.................................................... 188
CK_RC2_MAC_GENERAL_PARAMS; CK_RC2_MAC_GENERAL_PARAMS_PTR ............188
RC2 机制.................................................................................................................................. 188
RC2 密钥生成.................................................................................................................188
12.12.1
RC2-ECB .........................................................................................................................189
12.12.2
12.12.3
RC2-CBC .........................................................................................................................189
12.12.4 用PKCS 填充的RC2-CBC............................................................................................190
12.12.5 通用长度的 RC2-MAC..................................................................................................191
RC2-MAC ........................................................................................................................191
12.12.6
RC4 机制.................................................................................................................................. 192
RC4 密钥生成.................................................................................................................192
RC4 ..................................................................................................................................192
12.14 关于 RC5................................................................................................................................. 192
12.15
RC5 机制参数.......................................................................................................................... 193
CK_RC5_PARAMS; CK_RC5_PARAMS_PTR ........................................................................193
CK_RC5_CBC_PARAMS; CK_RC5_CBC_PARAMS_PTR.................................................... 193
CK_RC5_MAC_GENERAL_PARAMS; CK_RC5_MAC_GENERAL_PARAMS_PTR ............193
RC5 机制.................................................................................................................................. 194
RC5 密钥生成................................................................................................................194
12.13.1
12.13.2
12.16
12.16.1
12.12
12.13
PKCS/PKIX 中文翻译计划
PKCS #11 v2.11---Cryptographic Token Interface Standard
密码令牌接口标准
RC5-ECB .........................................................................................................................194
12.16.2
12.16.3
RC5-CBC .........................................................................................................................195
12.16.4 用 PKCS 填充的RC5-CBC ...........................................................................................195
12.16.5 通用长度的RC5-MAC...................................................................................................196
12.16.6
RC5-MAC ........................................................................................................................196
12.17 AES 机制参数..........................................................................................................................197
CK_AES_PARAMS; CK_AES_PARAMS_PTR........................................................................ 197
CK_AES_CBC_PARAMS; CK_AES_CBC_PARAMS_PTR .....................................................197
CK_AES_MAC_GENERAL_PARAMS; CK_AES_MAC_GENERAL_PARAMS_PTR............ 197
12.18 AES 机制..................................................................................................................................198
12.18.1
AES 密钥生成.................................................................................................................198
12.18.2
AES-ECB......................................................................................................................... 198
12.18.3
AES-CBC.........................................................................................................................199
12.18.4 用PKCS 填充的AES-CBC........................................................................................... 200
12.18.5 通用长度的 AES-MAC.................................................................................................. 200
12.18.6
AES-MAC........................................................................................................................ 201
12.19 通用块密码机制参数.............................................................................................................. 201
CK_MAC_GENERAL_PARAMS; CK_MAC_GENERAL_PARAMS_PTR.............................. 201
12.20 通用块密码机制...................................................................................................................... 201
12.20.1 通用块密码密钥生成.....................................................................................................201
12.20.2 通用块密码 ECB........................................................................................................... 202
12.20.3 通用块密码CBC............................................................................................................ 202
12.20.4 用 PKCS 填充的通用块密码 CBC.............................................................................. 203
12.20.5 通用长度通用块密码MAC ........................................................................................... 203
12.20.6 通用块密码MAC........................................................................................................... 204
12.21 双倍和三倍长度 DES 机制.................................................................................................... 204
12.21.1 双倍 DES 密钥生成..................................................................................................... 204
12.21.2 三倍长度DES 操作顺序............................................................................................... 204
12.21.3
CBC 方式下的三倍长度 DES .......................................................................................205
SKIPJACK 机制参数...............................................................................................................205
12.22
12.23
CK_SKIPJACK_PRIVATE_WRAP_PARAMS; CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR205
CK_SKIPJACK_RELAYX_PARAMS; CK_SKIPJACK_RELAYX_PARAMS_PTR..................206
SKIPJACK 机制.......................................................................................................................207
SKIPJACK 密钥生成......................................................................................................207
SKIPJACK-ECB64..........................................................................................................207
SKIPJACK-CBC64 ..........................................................................................................207
SKIPJACK-OFB64 ..........................................................................................................208
SKIPJACK-CFB64..........................................................................................................208
SKIPJACK-CFB32..........................................................................................................208
SKIPJACK-CFB16..........................................................................................................209
SKIPJACK-CFB8 ............................................................................................................209
SKIPJACK-WRAP...........................................................................................................209
SKIPJACK-PRIVATE-WRAP ..........................................................................................210
12.23.1
12.23.2
12.23.3
12.23.4
12.23.5
12.23.6
12.23.7
12.23.8
12.23.9
12.23.10
PKCS/PKIX 中文翻译计划
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
