Logger Architecture and Functionality
Figure 1: PKCS#11 Logger Architecture Model
The logger is interposed between the application and the ProtectToolkit-C host library. There, it intercepts PKCS#11 function calls and responses. Details are logged to the log file before the messages are passed through to their intended destination.
For each PKCS#11 call, the logger creates an entry in the log file. By default, these entries contain the following details:
>the calling process ID (PID)
>the thread ID (TID)
>the date and time of the call
>all numeric data
>buffer addresses
>contents of buffer addresses at the input and output of functions (excluding PIN values)
Optionally, the logger may be configured to:
>return the PIN values used to login to tokens that are provided to the C_Login function
>remove any or all of the following from the output:
>the calling process ID (PID)
>the thread ID (TID)
>the date and time of the call
>contents of buffer addresses at the input and output of functions