Audit log entries and structure
This section provides a summary of the entries collected in audit logs, and a brief description of the information included in each log entry.
Logged entries
The entries logged fall under the following three categories:
Administrative entries
C_Initialize
C_Finalize
C_InitToken
CT_ResetToken
C_InitPIN
CT_InitPIN
C_SetPIN
C_OpenSession
C_CloseSession
C_CloseAllSessions
C_GetSessionInfo
C_Login
C_Logout
Object management entries
C_CreateObject
C_CopyObject
CT_Copyobject
C_DestroyObject
C_GetAttributeValue
C_SetAttributeValue
C_FindObjects
C_DeriveKey
C_GenerateKey
C_GenerateKeyPair
C_WrapKey
C_UnwrapKey
Object use entries
C_Encrypt
C_EncryptUpdate
C_Decrypt
C_DecryptUpdate
C_Digest
C_DigestUpdate
C_DigestKey
C_Sign
C_SignUpdate
C_SignRecover
C_Verify
C_VerifyUpdate
C_VerifyRecover
C_DigestEncryptUpdate
C_DecryptDigestUpdate
C_SignEncryptUpdate
C_DecryptVerifyUpdate
Entries structure
Each audit log entry contains the following information:
-
Time of entry
-
Success/failure of function
-
Slot where the entry occurred
-
Name of entry
-
Signature of the previous entry
-
Signature of the current entry
For example:
Message chaining
Each entry is signed by the Audit Key. To ensure that the audit log data is not tampered with, each entry includes both its own signature and the signature of the previous entry. Note that the first entry includes a string of zeroes for the previous signature.