Home >

Utilities Reference Guide > CKdemo > The TOKEN menu functions

The TOKEN Menu Functions

The TOKEN menu provides the following functions:

( 1) Open Session

Before you can manipulate objects or perform cryptographic operations on a token, you must have an open session on that token. This command prompts you for the number of the slot on which to open the new session. By default, an exclusive, Read/Write session is opened. If you would like to open a read only or non-exclusive session, you must use the (98) Options function and specify that you want to be prompted for session types. See

( 2) Close Session

Session Once you are finished using a session, the session should be closed. The Close Session option allows you to close a single session, or to close all the sessions on a specific token.

( 3) Login

Once a session is opened, you usually log on to the token. You have a choice between logging on as a User  (where you do most of your work with the token) or as Security Officer "SO" (Where you can set up the user PIN and do any token administration operations).

( 4) Logout

When you are finished with the token, you should first log out, then close the session.

( 5) Change PIN

(Not for Luna SA) This option lets you change the logon password (the PIN) of the currently logged in user. You must supply both the old PIN and the new PIN to complete the operation.

( 6) Init Token

(Not for Luna SA) This option allows you to reset a token to its initial state. You are prompted for the following:

the slot containing the token to be initialized

the token label (which is simply a text string that you can use for Token Identification)

a new password for the Security Officer.

Token initialization performs the following actions:

wipes out any token objects (Keys, certificates, etc)

clears the user PIN (so that it must be reset by the Security Officer)

sets the SO PIN to the value that you have specified.

( 7) Init PIN

(Not for Luna SA) This command is used to create a user (and thus overwrites an existing user) and is run when you are logged in as the Security Officer.

( 8) Mechanism List

This option gives a list of all the encryption/authentication/hashing/key-generation mechanisms supported by the token. If you want to know if the token supports a specific type of encryption, you can check for it in the mechanism list.

( 9) Mechanism Info

This option allows you to query a specific mechanism (option #8 - Mechanism List presents a list of them) to find such information as supported key sizes. You are asked for the Mechanism type, which is a numeric value representing the mechanism (these numeric values are given when you request a mechanism list).

(10) Get Info

This option returns basic information on the Dynamic Library that is being used to talk to the token. None of this information is token specific, and it can be viewed even if there is no token present.

11) Slot Info

This option gives specific information on a card slot. The slot description and slot ID are given, as well as some flags to represent if a token is present.

12) Token Info

This option gives information on a token in a specific slot, including the following:

Token Label

Token Manufacturer

Token Model

Token Flags

Session Count

Min and Max PIN Lengths

Private memory size/free

Public memory size/free

13) Session Info

This option gives information on an open session. You must have at least one session opened to query session information. For a particular session you can find the session handle, the slot ID, the session state, and any associated session flags.

14) Get Slot List

This option returns a list of card slots available on the system. You are given the option to view all slots, or just the slots which contain tokens.

15) Wait for Slot Event

Runs CK_WaitforSlotEvent (from PKCS#11 Extensions)

18) Factory Reset

This option resets the HSM to its factory settings.

19) Clone MofN

(Not for Luna SA) Copy a clonable secret-splitting vector from one token to another.