PKCS#11 Compliance
This section shows the compliance of Luna software Development Kit HSM products to the PKCS#11 standard, with reference to particular versions of the standard. The text of the standard is not reproduced here.
Supported PKCS#11 Services
The table below identifies which PKCS#11 services this version of Luna software Development Kit supports. The table following lists other features of PKCS#11 and identifies the compliance of this version of the Luna software Development Kit to these features.
| Category | Function | Supported SafeNet ver 2.20 |
|---|---|---|
|
General purpose functions
|
C_Initialize |
Yes |
|
C_Finalize |
Yes |
|
|
C_GetInfo |
Yes |
|
|
C_GetFunctionList |
Yes |
|
|
Slot and token management functions
|
C_GetSlotList |
Yes |
|
C_GetSlotInfo |
Yes |
|
|
C_GetTokenInfo |
Yes |
|
|
C_WaitForSlotEvent |
No |
|
|
C_GetMechanismList |
Yes |
|
|
C_GetMechanismInfo |
Yes |
|
|
C_InitToken |
Yes |
|
|
C_InitPIN |
Yes |
|
|
C_SetPIN |
Yes |
|
|
Session management functions
|
C_OpenSession |
Yes |
|
C_CloseSession |
Yes |
|
|
C_CloseAllSessions |
Yes |
|
|
C_GetSessionInfo |
Yes |
|
|
C_GetOperationState |
Yes |
|
|
C_SetOperationState |
Yes |
|
|
C_Login |
Yes |
|
|
C_Logout |
Yes |
|
|
Object management functions
|
C_CreateObject |
Yes |
|
C_CopyObject |
Yes |
|
|
C_DestroyObject |
Yes |
|
|
C_GetObjectSize |
Yes |
|
|
C_GetAttributeValue |
Yes |
|
|
C_SetAttributeValue |
Yes |
|
|
C_FindObjectsInit |
Yes |
|
|
C_FindObjects |
Yes |
|
|
C_FindObjectsFinal |
Yes |
|
|
Encryption functions
|
C_EncryptInit |
Yes |
|
C_Encrypt |
Yes |
|
|
C_EncryptUpdate |
Yes |
|
|
C_EncryptFinal |
Yes |
|
|
Decryption functions
|
C_DecryptInit |
Yes |
|
C_Decrypt |
Yes |
|
|
C_DecryptUpdate |
Yes |
|
|
C_DecryptFinal |
Yes |
|
|
Message digesting functions
|
C_DigestInit |
Yes |
|
C_Digest |
Yes |
|
|
C_DigestUpdate |
Yes |
|
|
C_DigestKey |
Yes |
|
|
C_DigestFinal |
Yes |
|
|
Signing and MACing functions
|
C_SignInit |
Yes |
|
C_Sign |
Yes |
|
|
C_SignUpdate |
Yes |
|
|
C_SignFinal |
Yes |
|
|
C_SignRecoverInit |
No |
|
|
C_SignRecover |
No |
|
|
Functions for verifying signatures and MACs
|
C_VerifyInit |
Yes |
|
C_Verify |
Yes |
|
|
C_VerifyUpdate |
Yes |
|
|
C_VerifyFinal |
Yes |
|
|
C_VerifyRecoverInit |
No |
|
|
C_VerifyRecover |
No |
|
|
Dual-purpose cryptographic functions
|
C_DigestEncryptUpdate |
No |
|
C_DecryptDigestUpdate |
No |
|
|
C_SignEncryptUpdate |
No |
|
|
C_DecryptVerifyUpdate |
No |
|
|
Key management functions
|
C_GenerateKey |
Yes |
|
C_GenerateKeyPair |
Yes |
|
|
C_WrapKey |
Yes |
|
|
C_UnwrapKey* |
Yes |
|
|
C_DeriveKey |
Yes |
|
|
Random number generation functions
|
C_SeedRandom |
Yes |
|
C_GenerateRandom |
Yes |
|
|
Parallel function management functions
|
C_GetFunctionStatus |
No |
|
C_CancelFunction |
No |
|
|
Callback function |
|
No |
*C_UnwrapKey has support for the CKA_Unwrap_Template object. All mechanisms which perform the unwrap function support an unwrap template. Nested templates are not supported.
| Feature | Supported? |
|---|---|
|
Exclusive sessions |
Yes |
|
Parallel sessions |
No |
Additional Functions
Please note that certain additional functions have been implemented by SafeNet as extensions to the standard. These include aspects of object cloning, and are described in detail in Luna Extensions to PKCS#11.
