|
Home > |
|---|
This section shows the compliance of SafeNet Software Development Kit HSM products to the PKCS#11 standard, with reference to particular versions of the standard. The text of the standard is not reproduced here.
The table below identifies which PKCS#11 services this version of SafeNet Software Development Kit supports. The table following lists other features of PKCS#11 and identifies the compliance of this version of the SafeNet Software Development Kit to these features.
| Category | Function | Supported SafeNet ver 2.20 |
|---|---|---|
|
General purpose functions
|
C_Initialize |
Yes |
|
C_Finalize |
Yes |
|
|
C_GetInfo |
Yes |
|
|
C_GetFunctionList |
Yes |
|
|
C_Terminate |
Yes |
|
|
Slot and token management functions
|
C_GetSlotList |
Yes |
|
C_GetSlotInfo |
Yes |
|
|
C_GetTokenInfo |
Yes |
|
|
C_WaitForSlotEvent |
No |
|
|
C_GetMechanismList |
Yes |
|
|
C_GetMechanismInfo |
Yes |
|
|
C_InitToken |
Yes |
|
|
C_InitPIN |
Yes |
|
|
C_SetPIN |
Yes |
|
|
Session management functions
|
C_OpenSession |
Yes |
|
C_CloseSession |
Yes |
|
|
C_CloseAllSessions |
Yes |
|
|
C_GetSessionInfo |
Yes |
|
|
C_GetOperationState |
Yes |
|
|
C_SetOperationState |
Yes |
|
|
C_Login |
Yes |
|
|
C_Logout |
Yes |
|
|
Object management functions
|
C_CreateObject |
Yes |
|
C_CopyObject |
Yes |
|
|
C_DestroyObject |
Yes |
|
|
C_GetObjectSize |
Yes |
|
|
C_GetAttributeValue |
Yes |
|
|
C_SetAttributeValue |
Yes |
|
|
C_FindObjectsInit |
Yes |
|
|
C_FindObjects |
Yes |
|
|
C_FindObjectsFinal |
Yes |
|
|
Encryption functions
|
C_EncryptInit |
Yes |
|
C_Encrypt |
Yes |
|
|
C_EncryptUpdate |
Yes |
|
|
C_EncryptFinal |
Yes |
|
|
Decryption functions
|
C_DecryptInit |
Yes |
|
C_Decrypt |
Yes |
|
|
C_DecryptUpdate |
Yes |
|
|
C_DecryptFinal |
Yes |
|
|
Message digesting functions
|
C_DigestInit |
Yes |
|
C_Digest |
Yes |
|
|
C_DigestUpdate |
Yes |
|
|
C_DigestKey |
Yes |
|
|
C_DigestFinal |
Yes |
|
|
Signing and MACing functions
|
C_SignInit |
Yes |
|
C_Sign |
Yes |
|
|
C_SignUpdate |
Yes |
|
|
C_SignFinal |
Yes |
|
|
C_SignRecoverInit |
No |
|
|
C_SignRecover |
No |
|
|
Functions for verifying signatures and MACs
|
C_VerifyInit |
Yes |
|
C_Verify |
Yes |
|
|
C_VerifyUpdate |
Yes |
|
|
C_VerifyFinal |
Yes |
|
|
C_VerifyRecoverInit |
No |
|
|
C_VerifyRecover |
No |
|
|
Dual-purpose cryptographic functions
|
C_DigestEncryptUpdate |
No |
|
C_DecryptDigestUpdate |
No |
|
|
C_SignEncryptUpdate |
No |
|
|
C_DecryptVerifyUpdate |
No |
|
|
Key management functions
|
C_GenerateKey |
Yes |
|
C_GenerateKeyPair |
Yes |
|
|
C_WrapKey |
Yes |
|
|
C_UnwrapKey* |
Yes |
|
|
C_DeriveKey |
Yes |
|
|
Random number generation functions
|
C_SeedRandom |
Yes |
|
C_GenerateRandom |
Yes |
|
|
Parallel function management functions
|
C_GetFunctionStatus |
No |
|
C_CancelFunction |
No |
|
|
Callback function |
|
No |
*C_UnwrapKey has support for the CKA_Unwrap_Template object. All mechanisms that perform the unwrap function support an unwrap template. Nested templates are not supported.
The ability to affect key attributes is controlled by partition policy 11: Allow changing key attributes.
Note: UNWRAP TEMPLATE attribute - Your Backup HSM must have firmware version 6.24.0 or newer, as well. If a key is cloned or backed-up to an HSM with older firmware, the newer attribute will not be recognized and will be dropped from the object. So when the object is restored, it will no longer have a CKA_UNWRAP_TEMPLATE attribute.
| Feature | Supported? |
|---|---|
|
Exclusive sessions |
Yes |
|
Parallel sessions |
No |
Please note that certain additional functions have been implemented by SafeNet as extensions to the standard. These include aspects of object cloning, and are described in detail in SafeNet Luna Extensions to PKCS#11