public class Cryptoki
extends java.lang.Object
The goal of this class is to stay as pure to PKCS#11 as possible whilst incorporating SafeNet extensions. As such, some functions may not be as java'ised as possible (e.g. functions which take a byte[] as well as a length could really just take a byte[] because the length can be obtained).
| Modifier and Type | Method and Description |
|---|---|
static CK_RV |
C_CancelFunction(CK_SESSION_HANDLE hSession)
C_CancelFunction is a legacy function; it cancels a function running in
parallel.
|
static CK_RV |
C_CloseAllSessions(long slotID)
Close all sessions with a token.
|
static CK_RV |
C_CloseSession(CK_SESSION_HANDLE hSession)
Close a session between an application and a token.
|
static CK_RV |
C_CopyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE[] template,
long attributeCount,
CK_OBJECT_HANDLE hNewObject)
Copy an object, creating a new object for the copy.
|
static CK_RV |
C_CreateObject(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE[] template,
long attributeCount,
CK_OBJECT_HANDLE hObject)
Create a new object.
|
static CK_RV |
C_Decrypt(CK_SESSION_HANDLE hSession,
byte[] encryptedData,
long encryptedDataLen,
byte[] data,
LongRef dataLen)
Decrypt encrypted data in a single part.
|
static CK_RV |
C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
byte[] encryptedPart,
long encryptedPartLen,
byte[] part,
LongRef partLen)
Continues a multiple-part decryption and digesting operation.
|
static CK_RV |
C_DecryptFinal(CK_SESSION_HANDLE hSession,
byte[] lastPart,
LongRef lastPartLen)
Finish a multiple-part decryption operation.
|
static CK_RV |
C_DecryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hKey)
Initialise a decryption operation.
|
static CK_RV |
C_DecryptUpdate(CK_SESSION_HANDLE hSession,
byte[] encryptedPart,
long encryptedPartLen,
byte[] part,
LongRef partLen)
Continue a multiple-part decryption operation.
|
static CK_RV |
C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
byte[] encryptedPart,
long encryptedPartLen,
byte[] part,
LongRef partLen)
Continue a multiple-part decryption and verify operation.
|
static CK_RV |
C_DeriveKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE[] template,
long attributeCount,
CK_OBJECT_HANDLE hKey)
Derive a key from a base key, creating a new key object.
|
static CK_RV |
C_DestroyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject)
Destroy an object.
|
static CK_RV |
C_Digest(CK_SESSION_HANDLE hSession,
byte[] data,
long dataLen,
byte[] digest,
LongRef digestLen)
Digests data in a single part.
|
static CK_RV |
C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
byte[] part,
long partLen,
byte[] encryptedPart,
LongRef encryptedPartLen)
Continues a multiple-part digesting and encryption operation.
|
static CK_RV |
C_DigestFinal(CK_SESSION_HANDLE hSession,
byte[] digest,
LongRef digestLen)
Finish a multiple-part message-digesting operation.
|
static CK_RV |
C_DigestInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism)
Initialise a message-digesting operation.
|
static CK_RV |
C_DigestKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey)
Continues a multi-part message-digesting operation, by digesting the
value of a secret key as part of the data already digested.
|
static CK_RV |
C_DigestUpdate(CK_SESSION_HANDLE hSession,
byte[] part,
long partLen)
Continue a multiple-part message-digesting operation.
|
static CK_RV |
C_Encrypt(CK_SESSION_HANDLE hSession,
byte[] data,
long dataLen,
byte[] encryptedData,
LongRef encryptedDataLen)
Encrypt single-part data.
|
static CK_RV |
C_EncryptFinal(CK_SESSION_HANDLE hSession,
byte[] lastEncryptedPart,
LongRef lastEncryptedPartLen)
Finish a multiple-part encryption operation.
|
static CK_RV |
C_EncryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hKey)
Initialise an encryption operation.
|
static CK_RV |
C_EncryptUpdate(CK_SESSION_HANDLE hSession,
byte[] part,
long partLen,
byte[] encryptedPart,
LongRef encryptedPartLen)
Continue a multiple-part encryption operation.
|
static CK_RV |
C_Finalize(java.lang.Object reserved)
Indicates that an application is done with the Cryptoki library.
|
static CK_RV |
C_FindObjects(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE[] hObjects,
long maxObjectCount,
LongRef objectCount)
Continue the search for token and session objects that match a template,
obtaining additional object handles.
|
static CK_RV |
C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
Finish a search for token and session objects.
|
static CK_RV |
C_FindObjectsInit(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE[] template,
long attributeCount)
Initialise a search for token and session objects that match a template.
|
static CK_RV |
C_GenerateKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_ATTRIBUTE[] template,
long attributeCount,
CK_OBJECT_HANDLE hKey)
Generate a secret key, creating a new key object.
|
static CK_RV |
C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_ATTRIBUTE[] publicKeyTemplate,
long publicKeyAttributeCount,
CK_ATTRIBUTE[] privateKeyTemplate,
long privateKeyAttributeCount,
CK_OBJECT_HANDLE hPublicKey,
CK_OBJECT_HANDLE hPrivateKey)
Generate a public-key/private-key pair, creating new key objects.
|
static CK_RV |
C_GenerateRandom(CK_SESSION_HANDLE hSession,
byte[] randomData,
long randomLen)
Generate random data.
|
static CK_RV |
C_GetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE[] template,
long attributeCount)
Obtain the value of one or more object attributes.
|
static CK_RV |
C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
C_GetFunctionStatus is a legacy function; it obtains an updated status
of a function running in parallel with an application.
|
static CK_RV |
C_GetInfo(CK_INFO info)
Retrieve general information about Cryptoki.
|
static CK_RV |
C_GetMechanismInfo(long slotID,
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO info)
Obtain information about a particular mechanism possibly supported by a
token.
|
static CK_RV |
C_GetMechanismList(long slotID,
CK_MECHANISM_TYPE[] mechanismList,
LongRef count)
Obtain a list of mechanism types supported by a token.
|
static CK_RV |
C_GetObjectSize(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
LongRef size)
Get the size of an object in bytes.
|
static CK_RV |
C_GetOperationState(CK_SESSION_HANDLE hSession,
byte[] operationState,
LongRef operationStateLen)
Obtain the state of the cryptographic operation in a session.
|
static CK_RV |
C_GetSessionInfo(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO info)
Obtain information about the session.
|
static CK_RV |
C_GetSlotInfo(long slotID,
CK_SLOT_INFO info)
Obtain information about a particular slot in the system.
|
static CK_RV |
C_GetSlotList(CK_BBOOL tokenPresent,
long[] slotList,
LongRef count)
Obtain a list of slots in the system.
|
static CK_RV |
C_GetTokenInfo(long slotID,
CK_TOKEN_INFO info)
Obtain information about a particular token in the system.
|
static CK_RV |
C_Initialize(CK_C_INITIALIZE_ARGS initArgs)
Initialise the Cryptoki library.
|
static CK_RV |
C_InitPIN(CK_SESSION_HANDLE hSession,
byte[] pin,
long pinLen)
Initialise the normal user's PIN.
|
static CK_RV |
C_InitToken(long slotID,
byte[] pin,
long pinLen,
byte[] label)
Initialise a token.
|
static CK_RV |
C_Login(CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
byte[] pin,
long pinLen)
Log a user into a token.
|
static CK_RV |
C_Logout(CK_SESSION_HANDLE hSession)
Log a user out from a token.
|
static CK_RV |
C_OpenSession(long slotID,
long flags,
java.lang.Object pApplication,
java.lang.Object notifyUnsupported,
CK_SESSION_HANDLE hSession)
Open a session between an application and a token in a particular slot.
|
static CK_RV |
C_SeedRandom(CK_SESSION_HANDLE hSession,
byte[] seed,
long seedLen)
Mix additional seed material into the token's random number generator.
|
static CK_RV |
C_SetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE[] template,
long attributeCount)
Modify the value of one or more object attributes.
|
static CK_RV |
C_SetOperationState(CK_SESSION_HANDLE hSession,
byte[] operationState,
long operationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey)
Restore the state of the cryptographic operation in a session.
|
static CK_RV |
C_SetPIN(CK_SESSION_HANDLE hSession,
byte[] oldPin,
long oldLen,
byte[] newPin,
long newLen)
Modify the PIN of the user who is logged in.
|
static CK_RV |
C_Sign(CK_SESSION_HANDLE hSession,
byte[] data,
long dataLen,
byte[] signature,
LongRef signatureLen)
Sign (encrypts with private key) data in a single part, where the
signature is (will be) an appendix to the data, and plaintext cannot be
recovered from the signature.
|
static CK_RV |
C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
byte[] part,
long partLen,
byte[] encryptedPart,
LongRef encryptedPartLen)
Continue a multiple-part signing and encryption operation.
|
static CK_RV |
C_SignFinal(CK_SESSION_HANDLE hSession,
byte[] signature,
LongRef signatureLen)
Finish a multiple-part signature operation, returning the signature.
|
static CK_RV |
C_SignInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hKey)
Initialise a signature (private key encryption) operation, where the
signature is (will be) an appendix to the data, and plaintext cannot be
recovered from the signature.
|
static CK_RV |
C_SignRecover(CK_SESSION_HANDLE hSession,
byte[] data,
long dataLen,
byte[] signature,
LongRef signatureLen)
Sign data in a single operation, where the data can be recovered from
the signature.
|
static CK_RV |
C_SignRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hKey)
C_SignRecoverInit initializes a signature operation, where
the data can be recovered from the signature.
|
static CK_RV |
C_SignUpdate(CK_SESSION_HANDLE hSession,
byte[] part,
long partLen)
Continue a multiple-part signature operation, where the signature is
(will be) an appendix to the data, and plaintext cannot be recovered
from the signature.
|
static CK_RV |
C_UnwrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
byte[] wrappedKey,
long wrappedKeyLen,
CK_ATTRIBUTE[] template,
long attributeCount,
CK_OBJECT_HANDLE hKey)
Unwraps (decrypts) a wrapped key, creating a new key object.
|
static CK_RV |
C_Verify(CK_SESSION_HANDLE hSession,
byte[] data,
long dataLen,
byte[] signature,
long signatureLen)
Verify a signature in a single-part operation, where the signature is
an appendix to the data, and plaintext cannot be recovered from the
signature.
|
static CK_RV |
C_VerifyFinal(CK_SESSION_HANDLE hSession,
byte[] signature,
long signatureLen)
Finish a multiple-part verification operation, checking the signature.
|
static CK_RV |
C_VerifyInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hKey)
Initialise a verification operation, where the signature is an appendix
to the data, and plaintext cannot cannot be recovered from the signature
(e.g.
|
static CK_RV |
C_VerifyRecover(CK_SESSION_HANDLE hSession,
byte[] signature,
long signatureLen,
byte[] data,
LongRef dataLen)
Verify a signature in a single-part operation, where the data is
recovered from the signature.
|
static CK_RV |
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hKey)
Initialise a signature verification operation, where the data is
recovered from the signature.
|
static CK_RV |
C_VerifyUpdate(CK_SESSION_HANDLE hSession,
byte[] part,
long partLen)
Continue a multiple-part verification operation, where the signature is
an appendix to the data, and plaintext cannot be recovered from the
signature.
|
static CK_RV |
C_WaitForSlotEvent(long flags,
LongRef slot,
java.lang.Object reserved)
Wait for a slot event (token insertion, removal, etc.) to occur.
|
static CK_RV |
C_WrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
byte[] wrappedKey,
LongRef wrappedKeyLen)
Wrap (i.e., encrypts) a key.
|
static CK_RV |
CA_AssignKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey)
Assign a key (e.g.
|
static CK_RV |
CA_AuthorizeKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey,
byte[] authData)
Authorize a key for PKA(Per Key Authentication).
|
static CK_RV |
CA_Bip32ExportPublicKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey,
byte[] key)
Exports the Hierarchical Deterministic public key in Base58-encoded format.
|
static CK_RV |
CA_Bip32ImportPublicKey(CK_SESSION_HANDLE hSession,
byte[] key,
CK_OBJECT_HANDLE hKey)
Imports the Hierarchical Deterministic public key in Base58-encoded format.
|
static CK_RV |
CA_CloneAsSource(CK_SESSION_HANDLE sourceSession,
long sourceObjectType,
CK_OBJECT_HANDLE sourceObjectHandle,
byte[] inputeBLob,
LongRef inputBlobSize,
boolean replicate,
byte[] outputBlob,
LongRef outputBlobLen)
Complete source-side cloning of a key via CA_CloneAsSource
|
static CK_RV |
CA_CloneAsSourceInit(CK_SESSION_HANDLE sourceSession,
byte[] dummy,
LongRef dummySize,
byte[] outputBlob,
LongRef outputBlobLen,
boolean replicate)
Initiate source-side cloning of a key via CA_CloneAsSourceInit
|
static CK_RV |
CA_CloneAsTarget(CK_SESSION_HANDLE targetSession,
byte[] dummy,
LongRef dummySize,
byte[] inputeBlob,
LongRef inputBlobSize,
long sourceObjectType,
CK_OBJECT_HANDLE sourceObjectHandle,
boolean replicate,
CK_OBJECT_HANDLE clonedObjectHandle)
Complete target-side cloning of a key via CA_CloneAsTarget
|
static CK_RV |
CA_CloneAsTargetInit(CK_SESSION_HANDLE targetSession,
byte[] inputBlob,
LongRef inputBlobSize,
byte[] dummy,
LongRef dummySize,
boolean replicate,
byte[] outputBlob,
LongRef outputBlobLen)
Initiate target-side cloning of a key via CA_CloneAsTargetInit
|
static CK_RV |
CA_CloneObject(CK_SESSION_HANDLE targetSession,
CK_SESSION_HANDLE sourceSession,
long objectType,
CK_OBJECT_HANDLE objectHandle,
CK_OBJECT_HANDLE clonedObjectHandle)
Insert a key via CA_CloneObject
|
static CK_RV |
CA_CloseApplicationID(long SlotID,
long ulHigh,
long ulLow)
CA_CloseApplicationID removes the property of an application ID that
prevents it from going dormant.
|
static CK_RV |
CA_DeriveKeyAndWrap(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE[] template,
long attributeCount,
CK_MECHANISM mechanismWrap,
CK_OBJECT_HANDLE hWrappingKey,
byte[] wrappedKey,
LongRef wrappedKeyLen)
Derive a key from a base key, return the key bytes.
|
static CK_RV |
CA_EncodeEdwardsPrivateKey(byte[] curveParams,
byte[] key,
byte[] encKey,
LongRef encKeyLen)
Encode the Edwards EC private key in PKCS8 format.
|
static CK_RV |
CA_EncodeEdwardsPublicKey(byte[] key,
byte[] encKey,
LongRef encKeyLen)
Encode the Edwards EC public key in PKCS8 format.
|
static CK_RV |
CA_GetFirmwareVersion(long slotID,
LongRef major,
LongRef minor,
LongRef subminor)
Obtain full firmware version about a particular token in the system.
|
static CK_RV |
CA_GetHSMPolicySetting(long slotId,
HsmPolicy policy,
LongRef policyValue)
Retrieve a HSM policy.
|
static CK_RV |
CA_GetTokenCertificates(long slotID,
long attributeType,
byte[] attributeValue,
LongRef attributeValueLen)
Creates a login key pair on the primary token
|
static CK_RV |
CA_HAAnswerLoginChallenge(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hLoginPrivateKey,
byte[] pChallengeBlob,
long ulChallengeBlobLen,
byte[] pEncryptedPin,
LongRef pulEncryptedPinLen)
Accepts the login challenge blob and returns the ecrypted PIN (SO or User)
|
static CK_RV |
CA_HAGetLoginChallenge(CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
byte[] pCertificate,
long ulCertificateLen,
byte[] pChallengeBlob,
LongRef pulChallengeBlobLen)
Accepts the TWC blob and returns the secondary token's login challenge blob.
|
static CK_RV |
CA_HAGetMasterPublic_V1_1(CK_SESSION_HANDLE hSession,
byte[] masterPublicData,
LongRef masterPublicDataLen) |
static CK_RV |
CA_HAGetMasterPublic(long slotId,
byte[] pCertificate,
LongRef pulCertificate)
Retrieves the primary token's Token Wrapping Certificate(TWC) and
returns it as a blob (octet string)
|
static CK_RV |
CA_HAGetMasterPublicData(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hPrivateKey,
byte[] masterPublicData,
LongRef masterPublicDataLen) |
static CK_RV |
CA_HAInit(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hLoginPrivateKey)
Creates a login key pair on the primary token
|
static CK_RV |
CA_HAInitExtended(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hLoginPrivateKey,
byte[] loginPrivateKeyPKC,
long loginPrivateKeyPKCLen,
int[] userTypes,
int[] tokenTypes,
long numberOfRole)
Creates a login key pair on the primary token
|
static CK_RV |
CA_HALogin(CK_SESSION_HANDLE hSession,
byte[] pEncryptedPin,
long ulEncryptedPinLen,
byte[] pMofNBlob,
LongRef pulMofNBlobLen)
Accepts the encrypted PIN and logs into the secondary token.
|
static CK_RV |
CA_IncrementFailedAuthCount(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey)
Increment the failed authentication count for a key.
|
static CK_RV |
CA_OpenApplicationID(long SlotID,
long ulHigh,
long ulLow)
CA_OpenApplicationID forces a given application ID on a given token to
remain active, even when all sessions belonging to the application ID
have been closed.
|
static CK_RV |
CA_ResetAuthorizationData(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey,
byte[] authData)
Clobber authentication data with provided data.
|
static CK_RV |
CA_SetApplicationID(long ulHigh,
long ulLow)
CA_SetApplicationID allows an application to set its own application ID,
rather than letting the application ID be generated automatically from
the application's process ID.
|
static CK_RV |
CA_SetAuthorizationData(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey,
byte[] oldAuthData,
byte[] newAuthData)
Change authentication data for a key.
|
static CK_RV |
CA_SIMExtract(CK_SESSION_HANDLE hSession,
long handleCount,
CK_OBJECT_HANDLE[] objectHandles,
long authSecretCount,
long authSubsetCount,
long authForm,
int[] authSecretSizes,
byte[][] authSecretList,
boolean deleteAfterExtract,
LongRef blobLen,
byte[] blob)
Extract a key via SIMExtract
|
static CK_RV |
CA_SIMInsert(CK_SESSION_HANDLE hSession,
long authSubsetCount,
long authForm,
int[] authSecretSizes,
byte[][] authSecretList,
long blobLen,
byte[] blob,
LongRef handleCount,
CK_OBJECT_HANDLE[] handles)
Insert a key via SIMInsert
|
static CK_RV |
CA_SIMMultiSign(CK_SESSION_HANDLE hSession,
CK_MECHANISM mechanism,
long authSubsetCount,
long authForm,
int[] authSecretSizes,
byte[][] authSecretList,
long blobLen,
byte[] blob,
long dataCount,
int[] dataLens,
byte[][] datas,
LongRef[] signatureLens,
byte[][] signatures)
Perform a SIMMultiSign (SKS version)
|
static CK_RV |
CA_SMKRollover(CK_SESSION_HANDLE session,
long value)
Roll over an SMK key via CA_SMKRollover
|
public static CK_RV C_Initialize(CK_C_INITIALIZE_ARGS initArgs)
initArgs - Optional Cryptoki initialisation arguments. This argument is used to
define how multi-threaded access is to be supported.public static CK_RV C_Finalize(java.lang.Object reserved)
reserved - Must be null.public static CK_RV C_GetInfo(CK_INFO info)
info - Location to hold general information retrieved.public static CK_RV C_GetSlotList(CK_BBOOL tokenPresent, long[] slotList, LongRef count)
SafeNet Notes :-
When multiple devices are installed in a single machine, they will
appear as a set of consecutive slots. For example, if there are two
devices with their default configuration, 4 slots will be visible.
the first and third slots will be normal user slots, the second and
fouth slots will be the Admin slots for their respective adapters.
tokenPresent - Indicates if only slots with a token present are to be returned.slotList - Location to hold resulting slot ID list.count - As input, size of slotList. On return, number of entries copied into
slotList.public static CK_RV C_GetSlotInfo(long slotID, CK_SLOT_INFO info)
slotID - ID of the slot to retrieve information about.info - Location to hold slot information retrieved.public static CK_RV C_GetTokenInfo(long slotID, CK_TOKEN_INFO info)
slotID - ID of the slot holding the token to retrieve information about.info - Location to hold token information retrieved.public static CK_RV C_GetMechanismList(long slotID, CK_MECHANISM_TYPE[] mechanismList, LongRef count)
SafeNet Notes :-
The list of mechanisms may vary at run time depending on Mode settings
and other configuration values. For example, the smart card slots do
not support any mechanisms.
slotID - ID of the slot containg the token whose mechanism list is to be
retrieved.mechanismList - Location to hold resulting list of mechanism types supported by the
token.count - As input, size of mechanismList. On return, number of entries copied
into mechanismList.public static CK_RV C_GetMechanismInfo(long slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO info)
SafeNet Notes :-
Normally this will return CKR.MECHANISM_INVALID if the mechanism type is
not recognised, however, if the Entrust Ready Mode is set, the info
structure will be cleared and CKR.OK will be returned.
slotID - ID of the slot containing the token of interest.type - Mechanism type whose information is to be retrieved.info - Location to hold mechanism information retrieved.public static CK_RV C_InitToken(long slotID, byte[] pin, long pinLen, byte[] label)
SafeNet Notes :-
This function is disabled if the No Clear PINs Mode is set - resulting
in CKR.ACCESS_DENIED being returned.
slotID - ID of the slot containing the token to be initialised.pin - SO's initial PIN.pinLen - Length in bytes of the pin.label - Label of the token.public static CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, byte[] pin, long pinLen)
SafeNet Notes :-
If the device is in the No Clear PINs Mode, the library protection
system will encrypt the sensitive material before presenting it to
the adapter.
hSession - Handle to an open session.pin - Normal user's PIN.pinLen - Length in bytes of the pin.public static CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, byte[] oldPin, long oldLen, byte[] newPin, long newLen)
SafeNet Notes :-
If the device is in the No Clear PINs Mode, the library protection
system will encrypt the sensitive material before presenting it to the
adapter.
hSession - Handle to an open session.oldPin - Old PIN of the user.oldLen - Length in bytes of oldPin.newPin - New PIN of the user.newLen - Length in bytes of newPin.public static CK_RV C_OpenSession(long slotID, long flags, java.lang.Object pApplication, java.lang.Object notifyUnsupported, CK_SESSION_HANDLE hSession)
SafeNet Notes :-
Application notification is not supported, as such the
pApplication and notifyUnsupported arguments are ignored.
Also, the CKF.SERIAL_SESSION flag is ignored.
slotID - ID of the slot containing the token to open a session with.flags - Indicates the type of session.pApplication - Unsupported - must be null.notifyUnsupported - Unsupported - must be null.hSession - Resulting session handle.public static CK_RV C_CloseSession(CK_SESSION_HANDLE hSession)
SafeNet Notes :-
There is no capability to eject the token from its reader.
hSession - Handle to an open session.public static CK_RV C_CloseAllSessions(long slotID)
SafeNet Notes :-
There is no capability to eject the token from its reader.
This function will perform a "logout" on each token if necessary.
slotID - ID of the slot containing the token whose sessions are to be closed.public static CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO info)
SafeNet Notes :-
Any non-zero ulDeviceError value is cleared by this operation.
hSession - Handle to an open session.info - Location to hold session information retrieved.public static CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, byte[] operationState, LongRef operationStateLen)
SafeNet Notes :-
Only the current Message Digest state and Object Search state may be
saved and restored.
hSession - Handle to an open session.operationState - Location to hold resulting operation state information.operationStateLen - As input, length in bytes of operationState. On return, number of
bytes copied into operationState.public static CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, byte[] operationState, long operationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
SafeNet Notes :-
Only the current Message Digest state and Object Search state may be
saved and restored.
hSession - Handle to an open session.operationState - Operation state to restore.operationStateLen - Lenght in bytes of operationState.hEncryptionKey - Handle to the key to be used for ongoing encryption/decryption
operations.hAuthenticationKey - Handle to the key to be used for ongoing signature/MAC/Verification
operations.public static CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, byte[] pin, long pinLen)
SafeNet Notes :-
If the device is in the No Clear PINs Mode, the library protection
system will encrypt the sensitive material before presenting it to the
adapter.
hSession - Handle to an open session.userType - Type of the user logging in.pin - User's PIN.pinLen - Length in bytes of pin.public static CK_RV C_Logout(CK_SESSION_HANDLE hSession)
hSession - Handle to an open session which has a user logged in.public static CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE[] template, long attributeCount, CK_OBJECT_HANDLE hObject)
SafeNet Notes :-
If the device is in the No Clear PINs Mode, the library protection
system will encrypt the template before presenting it to the adapter.
hSession - Handle to an open session.template - Template of the object to be created.attributeCount - Number of attributes in the template.hObject - Location to receive the new object's handle.public static CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE[] template, long attributeCount, CK_OBJECT_HANDLE hNewObject)
hSession - Handle to an open session.hObject - Handle of the object to be copied.template - Template of the new object.attributeCount - Number of attributes in the template.hNewObject - Location to receive the new object's handle.public static CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
SafeNet Notes :-
If the object has the optional attribute CKA.DELETABLE set to false,
the object can not be deleted with this function and
CKR.OBJECT_READ_ONLY will be returned.
hSession - Handle to an open session.hObject - Handle of the object to destroy.public static CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, LongRef size)
SafeNet Notes :-
The object size is interpreted as the amount of memory guaranteed to be
sufficient to encode the objects attributes.
hSession - Handle to an open session.hObject - Handle of the objects whose size is to be retrieved.size - Location to hold the size in bytes of the object.public static CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE[] template, long attributeCount)
SafeNet Notes :-
It is possible to enumerate through all attributes for a given object.
hSession - Handle to an open session.hObject - Handle of the objects whose attributes are to be reteived.template - Template which specified which attribute values are to be retrieved.attributeCount - Number of attributes in the template.public static CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE[] template, long attributeCount)
SafeNet Notes :-
Special processing or access checks may be made if the object is a
Hardware Feature.
hSession - Handle to an open session.hObject - Handle of the object whose attributes are to be modified.template - Template which specifies which attributes are to be modified and
their new values.attributeCount - Number of attributes in the template.public static CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE[] template, long attributeCount)
SafeNet Notes :-
PKCS#11 states that to match CKO.HW_FEATURE objects this class must be
specified in the supplied template. This requirement is not enforced.
hSession - Handle to an open session.template - Search template which specifies the attribute values to match.attributeCount - Number of attributes in the template.public static CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE[] hObjects, long maxObjectCount, LongRef objectCount)
hSession - Handle to an open session.hObjects - Location to hold object handles which match the search criteria.maxObjectCount - Maximum number of object handles to be returned.objectCount - Location to hold the actual number of object handles returned.public static CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
hSession - Handle to an open session.public static CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
The session will retain its initialised state even when a C_Encrypt or
C_EncryptFinal operation has occured.
hSession - Handle to an open session.mechanism - The encryption mechanism to initialise.hKey - Handle of the encryption key.public static CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, byte[] data, long dataLen, byte[] encryptedData, LongRef encryptedDataLen)
SafeNet Notes :-
Symetric cipher operations are terminated by this function.
C_Encrypt can be used to terminate a multi-part operation.
This function will terminate the current encryption operation, however
the session's encryption state will not be cleared.
hSession - Handle to an open session.data - The data to encrypt.dataLen - Length in bytes of the data to encrypt.encryptedData - Location to receive the resulting cipher text.encryptedDataLen - As input, length in bytes of the encryptedData buffer. On return,
number of bytes copied into encryptedData.public static CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, byte[] part, long partLen, byte[] encryptedPart, LongRef encryptedPartLen)
hSession - Handle to an open session.part - The next data part to encrypt.partLen - Length in bytes of part.encryptedPart - Location to receive the resulting cipher text.encryptedPartLen - As input, length in bytes of the encryptedPart buffer. On return,
number of bytes copied into encryptedPart.public static CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, byte[] lastEncryptedPart, LongRef lastEncryptedPartLen)
SafeNet Notes :-
This function will terminate the current encryption operation, however
the session's encryption state will not be cleared.
hSession - Handle to an open session.lastEncryptedPart - Location to recieve the last part of cipher text.lastEncryptedPartLen - As input, length in bytes of the lastEncryptedPart buffer. On return,
number of bytes copied into lastEncryptedPart.public static CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
The session will retain its initialised state even when a C_Decrypt or
C_DecryptFinal operation has occured.
hSession - Handle to an open session.mechanism - The decryption mechanism to initialise.hKey - Handle of the decryption key.public static CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, byte[] encryptedData, long encryptedDataLen, byte[] data, LongRef dataLen)
SafeNet Notes :-
Symetric cipher operations are terminated by this function.
This function will terminate the current decryption operation, however
the session's decryption state will not be cleared.
hSession - Handle to an open session.encryptedData - The data to decrypt.encryptedDataLen - Length in bytes of the data to decrypt.data - Location to receive the resulting plain text.dataLen - As input, length in bytes of the data buffer. On return, number of
bytes copied into data.public static CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, byte[] encryptedPart, long encryptedPartLen, byte[] part, LongRef partLen)
hSession - Handle to an open session.encryptedPart - The next data part to decrypt.encryptedPartLen - Length in bytes of encryptedPart.part - Location to receive the resulting plain text.partLen - As input, length in bytes of the part buffer. On return, number of
bytes copied into part.public static CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, byte[] lastPart, LongRef lastPartLen)
SafeNet Notes :-
This function will terminate the current decryption operation, however
the session's decryption state will not be cleared.
hSession - Handle to an open session.lastPart - Location to recieve the last part of plain text.lastPartLen - As input, length in bytes of the lastPart buffer. On return, number of
bytes copied into lastPart.public static CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism)
SafeNet Notes :-
It is not required for the user to be logged in to access this function.
hSession - Handle to an open session.mechanism - Digesting mechanism.public static CK_RV C_Digest(CK_SESSION_HANDLE hSession, byte[] data, long dataLen, byte[] digest, LongRef digestLen)
hSession - Handle to an open session.data - The data to digest.dataLen - Length in bytes of data.digest - Location of the reuslting message digest.digestLen - As input, length in bytes of the digest buffer. On return, number of
bytes copied into data.public static CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, byte[] part, long partLen)
hSession - Handle to an open session.part - The next part of the data to digest.partLen - Length in bytes of part.public static CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with
the provided session, the session state must be either
CKS.RW_USER_FUNCTIONS or CKS.RO_USER_FUNCTIONS, otherwise the error
result CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.hKey - Handle of the secret key to digest.public static CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, byte[] digest, LongRef digestLen)
hSession - Handle to an open session.digest - Location to receive the message digest.digestLen - As input, length in bytes of the digest buffer. On return, number of
bytes copied into digest.public static CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
It is required to specify the signing key and signing mechanism used to
create X509 certificates with the CKM.ENCODE_X_509,
CKM.ENCODE_LOCAL_CERT and CKM.ENCODE_PKCS10 mechanisms.
hSession - Handle to an open session.mechanism - Signature mechanism.hKey - Handle of the signing key.public static CK_RV C_Sign(CK_SESSION_HANDLE hSession, byte[] data, long dataLen, byte[] signature, LongRef signatureLen)
hSession - Handle to an open session.data - The data to sign.dataLen - Length in bytes of data.signature - Location to hold the resulting signature.signatureLen - As input, length in bytes of the signature buffer. On return, number
of bytes copied into siganture.public static CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, byte[] part, long partLen)
hSession - Handle to an open session.part - The next part of the data to sign.partLen - Length in bytes of part.public static CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, byte[] signature, LongRef signatureLen)
hSession - Handle to an open session.signature - Location to receive the signature.signatureLen - As input, length in bytes of the signature buffer. On return, number
of bytes copied into signature.public static CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Signature mechanism.hKey - Handle of the signing key.public static CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, byte[] data, long dataLen, byte[] signature, LongRef signatureLen)
hSession - Handle to an open session.data - The data to sign.dataLen - Length in bytes of data.signature - Location to receive the resulting signature.signatureLen - As input, length in bytes of signatrue. On return, number of bytes
copied into signature.public static CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Verification mechainsm.hKey - Handle of the verification key.public static CK_RV C_Verify(CK_SESSION_HANDLE hSession, byte[] data, long dataLen, byte[] signature, long signatureLen)
hSession - Handle to an open session.data - The data to verify the signatur of.dataLen - Length in bytes of data.signature - Signature to verify.signatureLen - Length in bytes of signature.public static CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, byte[] part, long partLen)
hSession - Handle to an open session.part - The next part of the data to verify the signature of.partLen - Length in bytes of part.public static CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, byte[] signature, long signatureLen)
hSession - Handle to an open session.signature - The signature to verify.signatureLen - Length in bytes of signature.public static CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Verification mechanism.hKey - Handle of the verification key.public static CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, byte[] signature, long signatureLen, byte[] data, LongRef dataLen)
hSession - Handle to an open session.signature - Signature to verify.signatureLen - Length in bytes of signature.data - Location to receive the recovered data.dataLen - As input, length in bytes of the data buffer. On return, number of
bytes copied into data.public static CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, byte[] part, long partLen, byte[] encryptedPart, LongRef encryptedPartLen)
hSession - Handle to an open session.part - The next part of the data to digest and encrypt.partLen - Length in bytes of part.encryptedPart - Location to receive the digested and encrypted data part.encryptedPartLen - As input, length in bytes of the encryptedPart buffer. On return,
number of bytes copied into encryptedPart.public static CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, byte[] encryptedPart, long encryptedPartLen, byte[] part, LongRef partLen)
hSession - Handle to an open session.encryptedPart - The next part of data to decrypt and digest.encryptedPartLen - Length in bytes of encryptedPart.part - Location to receive the recovered data.partLen - As input, length in bytes of the part buffer. On return, number of
bytes copied into part.public static CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, byte[] part, long partLen, byte[] encryptedPart, LongRef encryptedPartLen)
hSession - Handle to an open session.part - The next part of the data to sign and encrypt.partLen - Length in bytes of part.encryptedPart - Location to receive the digest and encrypted data part.encryptedPartLen - As input, length in bytes of the encryptedPart buffer. On return,
number of bytes copied into encryptedPart.public static CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, byte[] encryptedPart, long encryptedPartLen, byte[] part, LongRef partLen)
hSession - Handle to an open session.encryptedPart - The next part of the data to decrypt and verify.encryptedPartLen - Length in bytes of encryptedPart.part - Location to receive the recovered data.partLen - As input, length in bytes of the part buffer. On return, number of
bytes copied into part.public static CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_ATTRIBUTE[] template, long attributeCount, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Key generation mechanism.template - Template for the new key.attributeCount - Number of attibibutes in the template.hKey - Location to receive the new key handle.public static CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_ATTRIBUTE[] publicKeyTemplate, long publicKeyAttributeCount, CK_ATTRIBUTE[] privateKeyTemplate, long privateKeyAttributeCount, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Key pair generation mechanism.publicKeyTemplate - Template for the public key.publicKeyAttributeCount - Number of attributes in pPublicKeyTemplate.privateKeyTemplate - Template for the private key.privateKeyAttributeCount - Number of attributes in privateKeyTemplate.hPublicKey - Location to receive the handle to the public key.hPrivateKey - Location to receive the handle to the private key.public static CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, byte[] wrappedKey, LongRef wrappedKeyLen)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Wrapping mechanism.hWrappingKey - Handle fot he wrapping key.hKey - Handle of the key to be wrapped.wrappedKey - Location to receive the wrapped key.wrappedKeyLen - As input, length in bytes of the wrappedKey buffer. On return, number
of bytes copied into wrappedKey.public static CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hUnwrappingKey, byte[] wrappedKey, long wrappedKeyLen, CK_ATTRIBUTE[] template, long attributeCount, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Unwrapping mechanism.hUnwrappingKey - Handle to the unwrapping key.wrappedKey - The wrapped key.wrappedKeyLen - Length in bytes of wrappedKey.template - Template for the new key.attributeCount - Number of attributes in template.hKey - Location to receive the handle of the recovered key.public static CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE[] template, long attributeCount, CK_OBJECT_HANDLE hKey)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Key derivation mechanism.hBaseKey - Handle to the base key.template - Template of the new key.attributeCount - Number of attributes in template.hKey - Location to receive the handle of the derived key.public static CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, byte[] seed, long seedLen)
SafeNet Notes :-
It is not required to call this function for the adapter as it has a
hardware random generation source.
Also note this function will only operate for those tokens with the
CKF.RNG flag set in their CK_TOKEN_INFO flags.
hSession - Handle to an open session.seed - Seed material.seedLen - Length in bytes of seed.public static CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, byte[] randomData, long randomLen)
SafeNet Notes :-
This function will only operate for those tokens with the CKF.RNG flag
set in their CK_TOKEN_INFO flags.
hSession - Handle to an open session.randomData - Location to receive the radom data.randomLen - Length in bytes of the random data to be generated.public static CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
SafeNet Notes :-
This is a legacy function which will simply return the value
CKR.FUNCTION_NOT_PARALLEL.
hSession - Handle to an open session.public static CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession)
SafeNet Notes :-
This is a legacy function which will simply return the value
CKR.FUNCTION_NOT_PARALLEL.
hSession - Handle to an open session.public static CK_RV C_WaitForSlotEvent(long flags, LongRef slot, java.lang.Object reserved)
SafeNet Notes :-
There are no events supported by this library.
flags - Specify whether or not the call blocks.slot - Location to receive the slot ID that the event occured in.reserved - Must be null.public static CK_RV CA_SetApplicationID(long ulHigh, long ulLow)
SafeNet Notes :-
CA_SetApplicationID should be invoked after C_Initialize but before any
session manipulation functions are invoked. If CA_SetApplicationID is
invoked after sessions have been opened, results will be unpredictable.
ulHigh - Application major IDulLow - Application minor IDpublic static CK_RV CA_OpenApplicationID(long SlotID, long ulHigh, long ulLow)
SafeNet Notes :-
Normally an application ID on a token goes dormant when the last session
that belongs to the application ID is closed. When an application ID
goes dormant login state is lost, so when a new session is created within
the application ID, it starts in the logged-out state.
However, if CA_OpenApplicationID is used the application ID is prevented
from going dormant, so login state is maintained even when all sessions
for an application ID are closed.
SlotID - ID of the slot to open the application ID on.ulHigh - Application major IDulLow - Application minor IDpublic static CK_RV CA_CloseApplicationID(long SlotID, long ulHigh, long ulLow)
SafeNet Notes :-
CA_CloseApplicationID also closes any open sessions owned by the given
application ID. Thus, when CA_CloseApplicationID returns, all open
sessions owned by the given application ID have been closed and the
application ID has gone dormant.
SlotID - ID of the slot to close the application ID on.ulHigh - Application major IDulLow - Application minor IDpublic static CK_RV CA_HALogin(CK_SESSION_HANDLE hSession, byte[] pEncryptedPin, long ulEncryptedPinLen, byte[] pMofNBlob, LongRef pulMofNBlobLen)
SafeNet Notes :-
Called on secondary (target) token. If the secondary token requires
M of N authentication, an M of N blob is returned. If no M of N
authentication is required, a zero-length blob is returned.
hSession - Handle to session used to call CA_HAGetLoginChallengepEncryptedPin - encrypted PINulEncryptedPinLen - length of encrypted PIN bufferpMofNBlob - buffer to hold M of N blobpulMofNBlobLen - length of M of N blobpublic static CK_RV CA_HAGetMasterPublic(long slotId, byte[] pCertificate, LongRef pulCertificate)
SafeNet Notes :-
Method is called on the primary (source) token
slotId - slot number of the primary tokenpCertificate - buffer to hold TWCpulCertificate - length of returned TWCpublic static CK_RV CA_HAGetMasterPublic_V1_1(CK_SESSION_HANDLE hSession, byte[] masterPublicData, LongRef masterPublicDataLen)
hSession - session on the primary tokenmasterPublicData - buffer to hold TWCmasterPublicDataLen - length of returned TWCpublic static CK_RV CA_HAGetMasterPublicData(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPrivateKey, byte[] masterPublicData, LongRef masterPublicDataLen)
hSession - session on the primary tokenhPrivateKey - private key on the primary tokenmasterPublicData - buffer to hold TWC4masterPublicDataLen - length of returned TWC4public static CK_RV CA_HAGetLoginChallenge(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, byte[] pCertificate, long ulCertificateLen, byte[] pChallengeBlob, LongRef pulChallengeBlobLen)
SafeNet Notes :-
Method called on secondary (target) token
hSession - Handle to an open sessionuserType - user type (CKU.SO, CKU.USER)pCertificate - TWC retrieved from primary tokenulCertificateLen - TWC lengthpChallengeBlob - buffer to hold the challenge blobpulChallengeBlobLen - challenge blob lengthpublic static CK_RV CA_HAAnswerLoginChallenge(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hLoginPrivateKey, byte[] pChallengeBlob, long ulChallengeBlobLen, byte[] pEncryptedPin, LongRef pulEncryptedPinLen)
hSession - session of the Login private key ownerhLoginPrivateKey - handle to the login private keypChallengeBlob - the challenge bufferulChallengeBlobLen - length of the challenge bufferpEncryptedPin - encrypted PIN bufferpulEncryptedPinLen - length of the encrypted PIN bufferpublic static CK_RV CA_HAInit(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hLoginPrivateKey)
hSession - logged in session of Login key pair userhLoginPrivateKey - handle to the Login private keypublic static CK_RV CA_HAInitExtended(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hLoginPrivateKey, byte[] loginPrivateKeyPKC, long loginPrivateKeyPKCLen, int[] userTypes, int[] tokenTypes, long numberOfRole)
hSession - logged in session of Login key pair userhLoginPrivateKey - handle to the Login private keyloginPrivateKeyPKC - PKC dataloginPrivateKeyPKCLen - length of PKC datauserTypes - list of allowed user type for HA logintokenTypes - list the token type associated to the user type to identify a rolenumberOfRole - number of allowed primary roles(userType, tokenType) or CKU_ALL_USERSpublic static CK_RV CA_GetTokenCertificates(long slotID, long attributeType, byte[] attributeValue, LongRef attributeValueLen)
slotID - slot ID to extract the certificates fromattributeType - the attribute type to extractattributeValue - attribute dataattributeValueLen - length of attribute datapublic static CK_RV CA_DeriveKeyAndWrap(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE[] template, long attributeCount, CK_MECHANISM mechanismWrap, CK_OBJECT_HANDLE hWrappingKey, byte[] wrappedKey, LongRef wrappedKeyLen)
SafeNet Notes :-
If the CKF.LOGIN_REQUIRED flag is set for the Token associated with the
provided session, the session state must be either CKS.RW_USER_FUNCTIONS
or CKS.RO_USER_FUNCTIONS, otherwise the error result
CKR.USER_NOT_LOGGED_IN will be returned.
hSession - Handle to an open session.mechanism - Key derivation mechanism.hBaseKey - Handle to the base key.template - Template of the new key.attributeCount - Number of attributes in template.mechanismWrap - Wrapping mechanism.hWrappingKey - Handle fot he wrapping key.wrappedKey - Location to receive the wrapped key.wrappedKeyLen - As input, length in bytes of the wrappedKey buffer. On return, number
of bytes copied into wrappedKey.public static CK_RV CA_GetHSMPolicySetting(long slotId, HsmPolicy policy, LongRef policyValue)
slotId - The PKCS 11 slot IDpolicy - The HSM policy IDpolicyValue - To store the policy value based on the policy ID parameterpublic static CK_RV CA_GetFirmwareVersion(long slotID, LongRef major, LongRef minor, LongRef subminor)
slotID - ID of the slot holding the token to retrieve firmware version.major - Location to hold firmware major version retrieved.minor - Location to hold firmware minor version retrieved.subminor - Location to hold firmware subminor version retrieved.public static CK_RV CA_Bip32ImportPublicKey(CK_SESSION_HANDLE hSession, byte[] key, CK_OBJECT_HANDLE hKey)
hSession - handle to open sessionkey - the public key to importhKey - handle to the imported keypublic static CK_RV CA_Bip32ExportPublicKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, byte[] key)
hSession - handle to open sessionhKey - handle to the key to exportkey - the exported public keypublic static CK_RV CA_EncodeEdwardsPrivateKey(byte[] curveParams, byte[] key, byte[] encKey, LongRef encKeyLen)
curveParams - The curve parameters. Generally, an ASN.1 encoded OID.key - The private key to importencKey - The encoded keyencKeyLen - The encoded key lengthpublic static CK_RV CA_EncodeEdwardsPublicKey(byte[] key, byte[] encKey, LongRef encKeyLen)
key - The public key to encodeencKey - The encoded keyencKeyLen - The encoded key lengthpublic static CK_RV CA_SIMInsert(CK_SESSION_HANDLE hSession, long authSubsetCount, long authForm, int[] authSecretSizes, byte[][] authSecretList, long blobLen, byte[] blob, LongRef handleCount, CK_OBJECT_HANDLE[] handles)
hSession - handle to open sessionauthSubsetCount - M valueauthForm - The authentication mechanismauthSecretSizes - The number of secretsauthSecretList - The list of secretsblobLen - Size of the key blob to insertblob - The key blob to inserthandleCount - The number of objects to inserthandles - The blob containing the objects to insertpublic static CK_RV CA_SIMMultiSign(CK_SESSION_HANDLE hSession, CK_MECHANISM mechanism, long authSubsetCount, long authForm, int[] authSecretSizes, byte[][] authSecretList, long blobLen, byte[] blob, long dataCount, int[] dataLens, byte[][] datas, LongRef[] signatureLens, byte[][] signatures)
hSession - handle to open sessionauthSubsetCount - M valueauthForm - The authentication mechanismauthSecretSizes - The number of secretsauthSecretList - The list of secretsblobLen - Size of the key blob to insertblob - The key blob to insertdataCount - The number of objects to signdataLens - The array of the size of each object to signdatas - The array of each object to signsignatureLens - The array of the size of signaturesignatures - The array of signaturespublic static CK_RV CA_SIMExtract(CK_SESSION_HANDLE hSession, long handleCount, CK_OBJECT_HANDLE[] objectHandles, long authSecretCount, long authSubsetCount, long authForm, int[] authSecretSizes, byte[][] authSecretList, boolean deleteAfterExtract, LongRef blobLen, byte[] blob)
hSession - handle to open sessionhandleCount - the number of objects to extractobjectHandles - list of object handles to extractauthSecretCount - M valueauthSubsetCount - N valueauthForm - The authentication mechanismauthSecretSizes - The number of secretsauthSecretList - The list of secretsdeleteAfterExtract - blobLen - the size of the sim blob of extracted objectsblob - the extracted sim blobpublic static CK_RV CA_AuthorizeKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, byte[] authData)
hSession - handle to open sessionhKey - key handle to authorizeauthData - data with which to authorize the keypublic static CK_RV CA_SetAuthorizationData(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, byte[] oldAuthData, byte[] newAuthData)
hSession - handle to open sessionhKey - key handle to authorizeoldAuthData - old data with which to authenticate the keynewAuthData - new data with which to set the authentication datapublic static CK_RV CA_ResetAuthorizationData(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, byte[] authData)
hSession - handle to open sessionhKey - key handle to authorizeauthData - old data with which to authenticate the keypublic static CK_RV CA_AssignKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
hSession - handle to open sessionhKey - key handle to authorizepublic static CK_RV CA_IncrementFailedAuthCount(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
hSession - handle to open sessionhKey - key handle to authorizepublic static CK_RV CA_SMKRollover(CK_SESSION_HANDLE session, long value)
session - handle to open sessionvalue - 1 (to start rollover) or 0 (to end rollover)public static CK_RV CA_CloneObject(CK_SESSION_HANDLE targetSession, CK_SESSION_HANDLE sourceSession, long objectType, CK_OBJECT_HANDLE objectHandle, CK_OBJECT_HANDLE clonedObjectHandle)
targetSession - handle to target sessionsourceSession - handle to source sessionobjectType - object type - 0 for USER,1 for SMKobjectHandle - source object handleclonedObjectHandle - target object handlepublic static CK_RV CA_CloneAsSourceInit(CK_SESSION_HANDLE sourceSession, byte[] dummy, LongRef dummySize, byte[] outputBlob, LongRef outputBlobLen, boolean replicate)
sourceSession - dummy - dummySize - outputBlob - output bloboutputBlobLen - output blob lengthreplicate - replicate from network (true for PCIe)public static CK_RV CA_CloneAsTargetInit(CK_SESSION_HANDLE targetSession, byte[] inputBlob, LongRef inputBlobSize, byte[] dummy, LongRef dummySize, boolean replicate, byte[] outputBlob, LongRef outputBlobLen)
targetSession - inputBlob - input blobinputBlobSize - input blob sizedummy - dummySize - replicate - replicate from network (true for PCIe)outputBlob - output bloboutputBlobLen - output blob lengthpublic static CK_RV CA_CloneAsSource(CK_SESSION_HANDLE sourceSession, long sourceObjectType, CK_OBJECT_HANDLE sourceObjectHandle, byte[] inputeBLob, LongRef inputBlobSize, boolean replicate, byte[] outputBlob, LongRef outputBlobLen)
sourceSession - sourceObjectType - sourceObjectHandle - inputeBLob - inputBlobSize - replicate - replicate from network (true for PCIe)outputBlob - output bloboutputBlobLen - output blob lengthpublic static CK_RV CA_CloneAsTarget(CK_SESSION_HANDLE targetSession, byte[] dummy, LongRef dummySize, byte[] inputeBlob, LongRef inputBlobSize, long sourceObjectType, CK_OBJECT_HANDLE sourceObjectHandle, boolean replicate, CK_OBJECT_HANDLE clonedObjectHandle)
targetSession - dummy - dummySize - inputeBlob - inputBlobSize - sourceObjectType - sourceObjectHandle - replicate - replicate from network (true for PCIe)clonedObjectHandle - Copyright (c) 2025 Thales Group. All rights reserved.