Cipher Object

The PKCS #11 API provides a standard method for accessing and managing keys, and performing cryptographic operations. Providing a system-independent layer, however, introduces a considerable amount of overhead.

SafeNet ProtectToolkit provides an internal API which bypasses the PKCS #11 subsystem to perform high-performance cryptographic functions.

The Cipher Object Access API

Cryptographic operations require that you obtain a pointer to an instance of a cipher object or a hash object. A cipher object may be used to encrypt, decrypt, sign (or MAC), or verify data. A hash object is used to perform a digest operation.

There is a function for obtaining an instance of each of these objects. This chapter provides details on Cipher Objects. See Hash Object for information on Hash Objects.

•FmCreateCipherObject

Cipher Object Functions

The Cipher Object is a wrapper that provides a common interface for all supported cryptographic algorithms. It is implemented as a structure containing the addresses of functions, as well as a data pointer that keeps the internal state of the instance. The contents of the data field are private, and should not be accessed or modified externally.

In this section, the following functions in the cipher object are specified:

•New

•Free

•GetInfo

•EncInit

•EncryptUpdate

•EncryptFinal

•DecInit

•DecryptUpdate

•DecryptFinal

•SignInit

•SignUpdate

•SignFinal

•SignRecover

•VerifyInit

•VerifyUpdate

•VerifyFinal

•VerifyRecover

•Verify

•LoadParam

•UnloadParam

•Config (Obsolete)

•Status (Obsolete)

•EncodeState (Obsolete)

•DecodeState (Obsolete)

Algorithm-Specific Cipher Information

This section contains the following descriptions:

•AES Cipher Object

•DES Cipher Object

•Triple DES Cipher Object

•ECDSA Cipher Object

•IDEA Cipher Object

•RC2 Cipher Object

•RC4 Cipher Object

•RSA Cipher Object

SafeNet ProtectToolkit 5.3 Product Documentation
007-013682-001 Rev. A December 2016 Copyright 2009-2016 Gemalto All rights reserved.