|
Home > |
|---|
The TOKEN menu provides the following functions:
Before you can manipulate objects or perform cryptographic operations on a token, you must have an open session on that token. This command prompts you for the number of the slot on which to open the new session. By default, an exclusive, Read/Write session is opened. If you would like to open a read only or non-exclusive session, you must use the (98) Options function and specify that you want to be prompted for session types. See
Session Once you are finished using a session, the session should be closed. The Close Session option allows you to close a single session, or to close all the sessions on a specific token.
Once a session is opened, you usually log on to the token. You have a choice between logging on as a User (where you do most of your work with the token) or as Security Officer "SO" (Where you can set up the user PIN and do any token administration operations).
When you are finished with the token, you should first log out, then close the session.
(Not for SafeNet Network HSM) This option lets you change the logon password (the PIN) of the currently logged in user. You must supply both the old PIN and the new PIN to complete the operation.
(Not for SafeNet Network HSM) This option allows you to reset a token to its initial state. You are prompted for the following:
•the slot containing the token to be initialized
•the token label (which is simply a text string that you can use for Token Identification)
•a new password for the Security Officer.
Token initialization performs the following actions:
•wipes out any token objects (Keys, certificates, etc)
•clears the user PIN (so that it must be reset by the Security Officer)
•sets the SO PIN to the value that you have specified.
(Not for SafeNet Network HSM) This command is used to create a user (and thus overwrites an existing user) and is run when you are logged in as the Security Officer.
This option gives a list of all the encryption/authentication/hashing/key-generation mechanisms supported by the token. If you want to know if the token supports a specific type of encryption, you can check for it in the mechanism list.
This option allows you to query a specific mechanism (option #8 - Mechanism List presents a list of them) to find such information as supported key sizes. You are asked for the Mechanism type, which is a numeric value representing the mechanism (these numeric values are given when you request a mechanism list).
This option returns basic information on the Dynamic Library that is being used to talk to the token. None of this information is token specific, and it can be viewed even if there is no token present.
This option gives specific information on a card slot. The slot description and slot ID are given, as well as some flags to represent if a token is present.
This option gives information on a token in a specific slot, including the following:
•Token Label
•Token Manufacturer
•Token Model
•Token Flags
• Session Count
•Min and Max PIN Lengths
•Private memory size/free
•Public memory size/free
This option gives information on an open session. You must have at least one session opened to query session information. For a particular session you can find the session handle, the slot ID, the session state, and any associated session flags.
This option returns a list of card slots available on the system. You are given the option to view all slots, or just the slots which contain tokens.
Runs CK_WaitforSlotEvent (from PKCS#11 Extensions)
This option resets the HSM to its factory settings.
(Not for SafeNet Network HSM) Copy a clonable secret-splitting vector from one token to another.