Token Management Services
Token management operations are invoked by right-clicking the desired tree item and selecting from the pop-up menu.
The table below lists the menu items available on each level of the tree hierarchy.
Tree Item |
Service |
Description |
---|---|---|
CRYPTOKI |
Get info |
Shows CRYPTOKI version, manufacturer and description. |
Slot |
Create token |
Initializes a token on the slot selected. Note that this uses a nonstandard extension to PKCS#11. If a token already exists, the user will be prompted to confirm re-initialization of the token. Re-initialization will erase all information currently stored on the token. |
Get info |
Shows slot ID, type, manufacturer and description |
|
Token |
Init token |
Initializes a token and sets the security officer PIN. Note this will erase all the token’s contents. |
Open Session |
Opens a CRYPTOKI session to the token. |
|
Close all Sessions |
Closes all open sessions for the token. |
|
Get info |
Shows token type, manufacturer, model, serial number, etc. |
|
Session |
Close session |
Closes the right-clicked session. |
Login |
Logs into the token. |
|
Logout |
Logs out from the token. |
|
Init user PIN |
Initializes the user PIN. Note: the security officer must be logged in to perform this operation. |
|
Set PIN |
Set the PIN of the current user. This may be the security officer or normal user. |
|
Get info |
Shows the session status and flags. |
|
Objects |
Create Object |
Allows a new object to be created. |
Create Secret Key |
Create a secret key. The key value is entered via the keyboard. |
|
Unwrap |
Unwraps a previously wrapped key. |
|
Generate Key |
Generate a secret key. The key value is randomly generated. |
|
Generate Key Pair |
Generate an asymmetric key pair. The key value is randomly generated. |
|
Object |
Destroy |
Deletes an object. |
Copy |
Makes a copy of an object. |
|
Set attribute |
Sets an attribute for an object. |
|
Wrap |
Wraps a key value. |
|
Derive key |
Derives a shared secret key using Diffie Hellmann. Derives a certificate request, or X.509 certificate. |
|
Show KVC |
Calculates and displays the KVC of the object |
|
Get info |
Shows object size and object handle number. |
|
Attribute |
Edit |
Allows an attribute’s value to be changed, imported or exported. Note that some attributes are defined by PKCS#11 to be unchangeable after being initially set. Attributes can be edited in ASCII or HEX and can also be viewed in Base-64 or decoded ASN.1 syntax for encoded values. |
Mechanism |
Get info |
Shows mechanism info. |
Example Service - Generate Key Pair
Generating a key pair is one of the management services available. The Generate Key Pair dialog is opened by right-clicking on an objects tree item in the Token Browser window and choosing Generate Key Pair from the popup context menu.
The figures below show how the labels and fields of the Generate Key Pair dialog box typically change according to the mechanism selected for key pair generation.
NOTE The check boxes are enabled and disabled according to the selected Mechanism.