KMLIB function reference
This section describes KMLIB functions.
KM_SetCallbacks
Set the callbacks for KMLIB to use.
Synopsis
#include <kmlib.h>
KM_SetCallbacks (
KM_Callbacks_t *pCallbacks
);
| Parameter | Description |
|---|---|
| pCallbacks | Pointer to the structure containing the callbacks to set. See KMLIB Callback Prototypes Reference for callback prototypes. |
Returns
CKR_ARGUMENTS_BAD
CKR_OK
KM_GetCallbacks
Get callbacks currently used by KMLIB.
Synopsis
#include <kmlib.h>
KM_GetCallbacks (
KM_Callbacks_t * pCallbacks
);
| Parameter | Description |
|---|---|
| pCallbacks | Location to store the callback structure used by KMLIB. See KMLIB Callback Prototypes Reference for callback prototypes. |
Returns
CKR_ARGUMENTS_BAD
CKR_OK
KM_GenerateSecretKey
Generate a secret key.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_GenerateSecretKey (
CK_SESSION_HANDLE hSession,
CK_KEY_TYPE keyType,
CK_SIZE keySizeInBits,
CK_ATTRIBUTE * pTpl,
CK_COUNT tplSize,
CK_COUNT numComps,
CK_OBJECT_HANDLE * phKey
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| keyType | The type of PKCS#11 key to generate. Examples are: - CKK_AES - CKK_CAST128 - CKK_DES - CKK_DES2 - CKK_DES3 - CKK_IDEA - CKK_RC2 - CKK_RC4 - CKK_GENERIC_SECRET |
| keySizeInBits | Size, in bits, of the key to generate. This is not needed for fixed length key types. The size ranges for the supported PKCS#11 key types are: - CKK_AES - 128, 192 or 256 bits - CKK_CAST128 - 8, 64 or 128 bits - CKK_DES - 64 bits - CKK_DES2 - 128 bits - CKK_DES3 - 192 bits - CKK_IDEA - 128 bits - CKK_RC2 - 8 to 1024 bits in 8 bit increments - CKK_RC4 - 8 to 2048 bits in 8 bit increments - CKK_GENERIC_SECRET - 8 to "Effectively Infinite" bits |
| pTpl | The attribute template of the new key. |
| tplSize | Number of attributes in pTpl. |
| numComps | The number of components to generate if XORable key components are required. This parameter should be set to 0 or 1 if component generation is not required. |
| phKey | Location to store the handle of the generated key. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_RANDOM_NO_RNG
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_NOT_LOGGED_IN
KM_GenerateKeyPair
Generate a key pair.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_GenerateKeyPair (
CK_SESSION_HANDLE hSession,
CK_KEY_TYPE keyType,
CK_SIZE keySizeInBits,
CK_ATTRIBUTE * pPublicKeyTpl,
CK_COUNT publicKeyTplSize,
CK_ATTRIBUTE * pPrivateKeyTpl,
CK_COUNT privateKeyTplSize,
CK_OBJECT_HANDLE * phPublicKey,
CK_OBJECT_HANDLE * phPrivateKey
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| keyType | The type of key pair to generate. Options are: - CKK_RSA - CKK_DSA - CKK_DH |
| keySizeInBits | Size, in bits, of the key pair to generate. The size ranges for the supported key types are: - CKK_RSA - 512 to 4096 bits in 256 bit increments - CKK_DSA - 512 to 1024 bits in 64 bit |
| pPublicKeyTpl | The attribute template the public key will have. |
| publicKeyTplSize | The number of attributes in pPublicKeyTpl. |
| pPrivateKeyTpl | The attribute template the public key will have. |
| privateKeyTplSize | The number of attributes in pPrivateKeyTpl. |
| phPublicKey | Location to store the handle of the new public key. |
| phPrivateKey | Location to store the handle of the new private key. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_NOT_LOGGED_IN
KM_ModifyBoolAttrs
Toggles the Boolean attributes of an object.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_ModifyBoolAttrs (
CK_SESSION_HANDLE hSession,
CK_CHAR * pUserPin,
CK_SIZE userPinLen,
CK_CHAR * pSoPin,
CK_SIZE soPinLen,
CK_OBJECT_HANDLE hObj,
CK_ATTRIBUTE_TYPE * pAttrs,
CK_COUNT numAttrs
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pUserPin | Token User’s PIN. If setting the CKA_EXPORT attribute, then the Token SO PIN is required. In this case, the session is logged off, then the SO is logged on to perform the operation, and eventually the User is logged back in. |
| userPinLen | Length of the users PIN. |
| pSoPin | Token SO PIN. If setting the CKA_EXPORT attribute, then the Token SO PIN is required. In this case, the session is logged off, then the SO is logged on to perform the operation, and eventually the User is logged back in. If the SO PIN is not provided, and is required, then it is prompted for. |
| soPinLen | Length of the SO PIN. |
| hObj | Handle to the object whose attributes are to be toggled. |
| pAttrs | Array of attribute types to modify. Each attribute specified in the array will be toggled. |
| numAttrs | The number of attributes to be toggled. |
KM_ImportFromSC
Import objects from one or more smart cards.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_ImportFromSC (
CK_SESSION_HANDLE hSession,
CK_SLOT_ID cardSlotId,
CK_OBJECT_HANDLE hUnwrapKey,
CK_ULONG importVersion
);
| Parameters | Description |
|---|---|
| hSession | Handle to an open session. |
| cardSlotId | ID of the smart card slot to read smart cards from. |
| hUnwrapKey | Handle to the unwrapping key. Set to CK_INVALID_HANDLE for multiple custodian import. |
| importVersion | Version of import data to process. One of: - 200 - import Cprov2 backup data - 300 - import Cprov3/PTKC3 backup data |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CANT_LOCK
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_LEN_RANGE
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_FUNCTION_NOT_SUPPORTED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_FUNCTION_NOT_PERMITTED
CKR_KEY_HANDLE_INVALID
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_OPERATION_NOT_INITIALIZED
CKR_PIN_EXPIRED
CKR_PIN_INCORRECT
CKR_PIN_LOCKED
CKR_SESSION_CLOSED
CKR_SESSION_COUNT
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_PARALLEL_NOT_SUPPORTED
CKR_SESSION_READ_ONLY
CKR_SESSION_READ_ONLY_EXISTS
CKR_SESSION_READ_WRITE_SO_EXISTS
CKR_SLOT_ID_INVALID
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_NOT_PRESENT
CKR_TOKEN_NOT_RECOGNIZED
CKR_TOKEN_WRITE_PROTECTED
CKR_UNWRAPPING_KEY_HANDLE_INVALID
CKR_UNWRAPPING_KEY_INVALID
CKR_UNWRAPPING_KEY_SIZE_RANGE
CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
CKR_USER_ALREADY_LOGGED_IN
CKR_USER_ANOTHER_ALREADY_LOGGED_IN
CKR_USER_NOT_LOGGED_IN
CKR_USER_PIN_NOT_INITIALIZED
CKR_USER_TOO_MANY_TYPES
CKR_USER_TYPE_INVALID
CKR_WRAPPED_KEY_INVALID
CKR_WRAPPED_KEY_LEN_RANGE
KM_ImportFromFile
Import objects from a file.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_ImportFromFile (
CK_SESSION_HANDLE hSession,
const char * pszFileName,
CK_OBJECT_HANDLE hUnwrapKey,
CK_ULONG importVersion
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pszFileName | Fully qualified path to the file to read from. |
| hUnwrapKey | Handle to the unwrapping key. |
| importVersion | Version of import data to process. One of: - 200 - import Cprov2 backup data - 300 - import Cprov3/PTKC3 backup data |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_LEN_RANGE
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_FUNCTION_NOT_PERMITTED
CKR_KEY_HANDLE_INVALID
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_OPERATION_NOT_INITIALIZED
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_UNWRAPPING_KEY_HANDLE_INVALID
CKR_UNWRAPPING_KEY_SIZE_RANGE
CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
CKR_USER_NOT_LOGGED_IN
CKR_WRAPPED_KEY_INVALID
CKR_WRAPPED_KEY_LEN_RANGE
KM_ImportFromScreen
Import a key from console as either encrypted parts OR clear components.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_ImportFromScreen (
CK_SESSION_HANDLE hSession,
CK_CHAR * pszLabel,
CK_KEY_TYPE keyType,
CK_SIZE keySizeInBits,
CK_ATTRIBUTE * pTpl,
CK_COUNT tplSize,
CK_COUNT numComps,
CK_OBJECT_HANDLE hUnwrapKey,
CK_BBOOL isEncMultiPart
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pszLabel | Label to give to the resulting key. |
| keyType | The type of the resulting key. Options are: - CKK_AES - CKK_CAST128 - CKK_DES - CKK_DES2 - CKK_DES3 - CKK_IDEA - CKK_RC2 - CKK_RC4 - CKK_GENERIC_SECRET |
| keySizeInBits | Size, in bits, of the resulting key. This is not needed for fixed length key types. The size ranges for the supported key types are: - CKK_AES - 128, 192 or 256 bits - CKK_CAST128 - 8, 64 or 128 bits - CKK_DES - 64 bits - CKK_DES2 - 128 bits - CKK_DES3 - 192 bits - CKK_IDEA - 128 bits - CKK_RC2 - 8 to 1024 bits in 8 bit increments - CKK_RC4 - 8 to 2048 bits in 8 bit increments - CKK_GENERIC_SECRET - 8 to "Effectively Infinite" bits |
| pTpl | The attribute template the imported key will have. |
| tplSize | The number of attributes in pTpl. |
| numComps | The number of XORable components that need to be entered to create the resulting key. This parameter is ignored if hUnwrap is not CK_INVALID_HANDLE. |
| hUnwrapKey | Handle to the unwrapping key to use to decrypt the entered encrypted parts. This parameter should be CK_INVALID_HANDLE if entering XORable components. |
| isEncMultiPart | Flag indicating if the key is to be imported by more than one encrypted part. The decrypted parts are concatenated to get the final key. This parameter only applies if hUnwrapkey is not CK_INVALID_HANDLE, and the key type is one of: - CKK_DES2 - CKK_DES3 |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_INVALID
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_HANDLE_INVALID
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENTCKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_RANDOM_NO_RNG
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_SLOT_ID_INVALID
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_NOT_PRESENT
CKR_TOKEN_NOT_RECOGNIZED
CKR_TOKEN_WRITE_PROTECTED
CKR_UNWRAPPING_KEY_HANDLE_INVALID
CKR_UNWRAPPING_KEY_SIZE_RANGE
CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
CKR_USER_NOT_LOGGED_IN
CKR_WRAPPED_KEY_INVALID
CKR_WRAPPED_KEY_LEN_RANGE
KM_ImportFromPinPad
Import a key from components entered on a PIN Pad device.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_ImportFromPinPad (
CK_SESSION_HANDLE hSession,
CK_CHAR * pszLabel,
CK_KEY_TYPE keyType,
CK_SIZE keySizeInBits,
CK_ATTRIBUTE * pTpl,
CK_COUNT tplSize,
CK_COUNT numComps,
CK_OBJECT_HANDLE * phKey
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pszLabel | Label to give resulting key. |
| keyType | The type of the resulting PKCS#11 key. For example: - CKK_AES - CKK_CAST128 - CKK_DES - CKK_DES2 - CKK_DES3 - CKK_IDEA - CKK_RC2 - CKK_RC4 - CKK_GENERIC_SECRET |
| keySizeInBits | Size, in bits, of the resulting key. This is not needed for fixed length key types. The size ranges for the supported PKCS#11 key types. For example: - CKK_AES - 128, 192 or 256 bits - CKK_CAST128 - 8, 64 or 128 bits - CKK_DES - 64 bits - CKK_DES2 - 128 bits - CKK_DES3 - 192 bits - CKK_IDEA - 128 bits - CKK_RC2 - 8 to 1024 bits in 8 bit increments - CKK_RC4 - 8 to 2048 bits in 8 bit increments - CKK_GENERIC_SECRET - 8 to "Effectively Infinite" bits |
| pTpl | The attribute template the resulting key will have. |
| tplSize | The number of attributes in template. |
| numComps | The number of XORable components that need to be entered to create the resulting key. This must be >= 2. |
| phKey | Location to store the handle of the resulting key. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_HANDLE_INVALID
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_NOT_LOGGED_IN
KM_ImportP12File
Import a certificate and private key from a PKCS #12 file.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_ImportP12File (
CK_SESSION_HANDLE hSession,
CK_CHAR * pszFileName,
CK_ATTRIBUTE * pPrivateKeyTpl,
CK_COUNT privateKeyTplSize,
CK_ATTRIBUTE * pCertTpl,
CK_COUNT certTplSize,
CK_OBJECT_HANDLE * phPrivateKey,
CK_OBJECT_HANDLE * phCert
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pszFileName | Fully qualified name of the file to import from. |
| pPrivateKeyTpl | The attribute template the private key will have. Must have all boolean attributes that need to be TRUE, as well as the label. No other attributes are required. |
| privateKeyTplSize | The number of attributes in pPrivateKeyTpl. |
| pCertTpl | The attribute template the certificate will have. Must have all boolean attributes that need to be TRUE, as well as the label. No other attributes are required. |
| certTplSize | The number of attributes in pCertTpl. |
| phPrivateKey | Location to hold the handle of the resulting private key. |
| phCert | Location to store the handle of the resulting certificate. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_LEN_RANGE
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_ENCRYPTED_DATA_INVALID
CKR_ENCRYPTED_DATA_LEN_RANGE
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_FUNCTION_NOT_PERMITTED
CKR_KEY_HANDLE_INVALID
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_OPERATION_NOT_INITIALIZED
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_SIGNATURE_INVALID
CKR_SIGNATURE_LEN_RANGE
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_NOT_LOGGED_IN
KM_ExportToP12Pbe
Wrap private keys and certificates using PKCS #12 export mechanisms.
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToP12Pbe(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE privKey,
CK_OBJECT_HANDLE keyCert,
CK_MECHANISM_TYPE safeBagKgMech,
CK_MECHANISM_TYPE safeContentKgMech,
CK_MECHANISM_TYPE hmacKgMech,
const char *p12FileName);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| hPrivKey | Handle to private key to be exported. |
| hKeyCert | Handle to certificate to be exported. |
| safeBagKgMech | Key generation mechanism for SafeBag encryption. Valid options are the following: - CKM_PBE_SHA1_RC2_40_CBC - CKM_PBE_SHA1_RC2_128_CBC - CKM_PBE_SHA1_RC4_40 - CKM_PBE_SHA1_RC4_128 - CKM_PBE_SHA1_DES2_EDE_CBC - CKM_PBE_SHA1_DES3_EDE_CBC |
| safeContentKgMech | Key generation mechanism for SafeContent encryption. Valid options are the following: - CKM_PBE_SHA1_RC2_40_CBC - CKM_PBE_SHA1_RC2_128_CBC - CKM_PBE_SHA1_RC4_40 - CKM_PBE_SHA1_RC4_128 - CKM_PBE_SHA1_DES2_EDE_CBC - CKM_PBE_SHA1_DES3_EDE_CBC |
| hmacKgMech | Key generation mechanism for HMAC: - CKM_PBA_SHA1_WITH_SHA1_HMAC |
| p12FileName | File name for output. |
Returns
CKR_OK if successful, otherwise other CK_RV value.
KM_ExportToSCwMethodAlg
Export one or more objects to one or more smart cards.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToSCwMethodAlg(CK_SESSION_HANDLE hSession,
CK_CHAR* pUserPin,
CK_SIZE userPinLen,
CK_OBJECT_HANDLE* phWrapeeObjs,
CK_COUNT numWrapeeObjs,
CK_OBJECT_HANDLE hWrapKey,
CK_SLOT_ID cardSlotId,
CK_ULONG deriveMech,
int algType);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pUserPIN | Token's User PIN. |
| userPinLen | Length of the user PIN number. |
| phWrapeeObjs | Array of handles to objects that are to be exported. |
| numWrapeeObjs | Number of objects in phWrapeeObjs. |
| hWrapKey | Label of the wrapping key. For multiple custodian export, this parameter is set to CK_INVALID_HANDLE. |
| cardSlotId | ID of the smart card slot to write to. |
| deriveMech | Mechanism used to derive component keys: - KM_XOR_MECHANISM - KM_NOFM_MECHANISM |
| algType | Algorithm of transport key: - KM_ALG_DES3 - KM_ALG_AES - KM_ALG_AES_KWP |
Returns
Status of operation.
KM_ExportToSCwMethod
Export one or more objects to one or more smart cards. It allows users to select the method used to generate component keys.
Note
This function is deprecated. Thales recommends using KM_ExportToSCwMethodAlg instead.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToSCwMethod (
CK_SESSION_HANDLE hSession,
CK_CHAR * pUserPIN,
CK_SIZE userPinLen,
CK_OBJECT_HANDLE * phWrapeeObjs,
CK_COUNT numWrapeeObjs,
CK_OBJECT_HANDLE hWrapKey,
CK_SLOT_ID cardSlotId,
uint32 deriveMech
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pUserPIN | The Token's User PIN. |
| userPinLen | Length of user PIN number |
| phWrapeeObjs | Array of handles to objects that are to be exported. |
| numWrapeeObjs | Number of objects in phWrapeeObjs. |
| hWrapKey | Label of the wrapping key. For multiple custodian export, this parameter is set to CK_INVALID_HANDLE. |
| cardSlotId | ID of the smart card slot to write to. |
| deriveMech | Mechanism used to derive component keys: - KM_XOR_MECHANISM - KM_NOFM_MECHANISM |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_INVALID
CKR_DATA_LEN_RANGE
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_INFORMATION_SENSITIVE
CKR_KEY_FUNCTION_NOT_PERMITTED
CKR_KEY_HANDLE_INVALID
CKR_KEY_NOT_WRAPPABLE
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_KEY_UNEXTRACTABLE
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_OPERATION_NOT_INITIALIZED
CKR_PIN_EXPIRED
CKR_PIN_INCORRECT
CKR_PIN_INVALID
CKR_PIN_LEN_RANGE
CKR_PIN_LOCKED
CKR_SESSION_CLOSED
CKR_SESSION_COUNT
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_PARALLEL_NOT_SUPPORTED
CKR_SESSION_READ_ONLY
CKR_SESSION_READ_ONLY_EXISTS
CKR_SESSION_READ_WRITE_SO_EXISTS
CKR_SLOT_ID_INVALID
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_NOT_PRESENT
CKR_TOKEN_NOT_RECOGNIZED
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_ALREADY_LOGGED_IN
CKR_USER_ANOTHER_ALREADY_LOGGED_IN
CKR_USER_NOT_LOGGED_IN
CKR_USER_PIN_NOT_INITIALIZED
CKR_USER_TOO_MANY_TYPES
CKR_USER_TYPE_INVALID
CKR_WRAPPING_KEY_HANDLE_INVALID
CKR_WRAPPING_KEY_SIZE_RANGE
CKR_WRAPPING_KEY_TYPE_INCONSISTENT
KM_ExportToSC
Export one or more objects to one or more smart cards.
Note
This function is deprecated. Thales recommends using KM_ExportToSCwMethodAlg instead.
Synopsis
#include <kmlib.h>
KM_ExportToSC (
CK_SESSION_HANDLE hSession,
CK_CHAR * pUserPIN,
CK_SIZE userPinLen,
CK_OBJECT_HANDLE * phWrapeeObjs,
CK_COUNT numWrapeeObjs,
CK_OBJECT_HANDLE hWrapKey,
CK_SLOT_ID cardSlotId
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| pUserPIN | The Token's User PIN. |
| userPinLen | Length of user PIN number. |
| phWrapeeObjs | Array of handles to objects that are to be exported. |
| numWrapeeObjs | Number of objects in phWrapeeObjs. |
| hWrapKey | Label of the wrapping key. For multiple custodian export, this parameter is set to CK_INVALID_HANDLE. - KM_XOR_MECHANISM - KM_NOFM_MECHANISM |
| cardSlotId | ID of the smart card slot to write to. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_INVALID
CKR_DATA_LEN_RANGE
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_INFORMATION_SENSITIVE
CKR_KEY_FUNCTION_NOT_PERMITTED
CKR_KEY_HANDLE_INVALID
CKR_KEY_NOT_WRAPPABLE
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_KEY_UNEXTRACTABLE
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_OPERATION_NOT_INITIALIZED
CKR_PIN_EXPIRED
CKR_PIN_INCORRECT
CKR_PIN_INVALID
CKR_PIN_LEN_RANGE
CKR_PIN_LOCKED
CKR_SESSION_CLOSED
CKR_SESSION_COUNT
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_PARALLEL_NOT_SUPPORTED
CKR_SESSION_READ_ONLY
CKR_SESSION_READ_ONLY_EXISTS
CKR_SESSION_READ_WRITE_SO_EXISTS
CKR_SLOT_ID_INVALID
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_NOT_PRESENT
CKR_TOKEN_NOT_RECOGNIZED
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_ALREADY_LOGGED_IN
CKR_USER_ANOTHER_ALREADY_LOGGED_IN
CKR_USER_NOT_LOGGED_IN
CKR_USER_PIN_NOT_INITIALIZED
CKR_USER_TOO_MANY_TYPES
CKR_USER_TYPE_INVALID
CKR_WRAPPING_KEY_HANDLE_INVALID
CKR_WRAPPING_KEY_SIZE_RANGE
CKR_WRAPPING_KEY_TYPE_INCONSISTENT
KM_ExportToFile
Export an encrypted object set to a file.
Note
This function is deprecated. Thales recommends using KM_ExportToFileAlg instead.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToFile (
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE * phWrapeeObjs,
CK_COUNT numWrapeeObjs,
CK_OBJECT_HANDLE hWrapKey,
const char * pszFileName
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| phWrapeeObjs | Array of handles to objects that are to be exported. |
| numWrapeeObjs | Number of objects in the phWrapeeObjs array. |
| hWrapKey | Handle to the wrapping key. |
| pszFileName | Fully qualified path to the file to export to. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DATA_LEN_RANGE
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_INFORMATION_SENSITIVE
CKR_KEY_FUNCTION_NOT_PERMITTED
CKR_KEY_HANDLE_INVALID
CKR_KEY_NOT_WRAPPABLE
CKR_KEY_SIZE_RANGE
CKR_KEY_TYPE_INCONSISTENT
CKR_KEY_UNEXTRACTABLE
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_OPERATION_NOT_INITIALIZED
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_USER_NOT_LOGGED_IN
CKR_WRAPPING_KEY_HANDLE_INVALID
CKR_WRAPPING_KEY_SIZE_RANGE
CKR_WRAPPING_KEY_TYPE_INCONSISTENT
KM_ExportToFileAlg
Export an encrypted object set to a file.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToFileAlg(CK_SESSION_HANDLE hSession,
int algType,
CK_OBJECT_HANDLE* phWrapeeObjs,
CK_COUNT numWrapeeObjs,
CK_OBJECT_HANDLE hWrapKey,
const char* pszFileName);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| algType | Algorithm of transport key: - KM_ALG_DES3 - KM_ALG_AES - KM_ALG_AES_KWP |
| phWrapeeObjs | Array of handles to objects that are to be exported. |
| numWrapeeObjs | Number of objects in the phWrapeeObjs array. |
| hWrapKey | Handle o the wrapping key. |
| pszFileName | Fully qualified path to the file to export to. |
Returns
Status of operation.
KM_ExportToScreen
Export a key to the console in encrypted parts. At this stage, only symmetric keys can be exported using this function.
Callbacks
This function uses the UICB_ShowMsg_t callback.
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToScreen (
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hWrapeeKey,
CK_OBJECT_HANDLE hWrapKey,
CK_BBOOL isEncMuliPart
);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| hWrapeeKey | Handle to the key to export. |
| hWrapKey | Handle to the wrapping key. |
| isEncMuliPart | Flag indicating if the key is to exported in one or more encrypted parts. This parameter only applies if the wrappee key one of: - CKK_DES2 - exported as two parts - CKK_DES3 - exported as three parts |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_HANDLE_INVALID
CKR_KEY_NOT_WRAPPABLE
CKR_KEY_SIZE_RANGE
CKR_KEY_UNEXTRACTABLE
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_USER_NOT_LOGGED_IN
CKR_WRAPPING_KEY_HANDLE_INVALID
CKR_WRAPPING_KEY_SIZE_RANGE
CKR_WRAPPING_KEY_TYPE_INCONSISTENT
KM_DisplaySCStatus
Display information about the smart card entered in the specified slot.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
KM_DisplaySCStatus (
CK_SLOT_ID cardSlot
);
| Parameter | Description |
|---|---|
| cardSlot | Card slot ID. |
Returns
CKR_ARGUMENTS_BAD
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_OK
CKR_SESSION_CLOSED
CKR_SESSION_COUNT
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_PARALLEL_NOT_SUPPORTED
CKR_SESSION_READ_WRITE_SO_EXISTS
CKR_SLOT_ID_INVALID
CKR_TOKEN_NOT_PRESENT
CKR_TOKEN_NOT_RECOGNIZED
CKR_TOKEN_WRITE_PROTECTED
KM_EnumerateAttributes
Enumerate all attributes for an object, returning a complete template containing all the objects attributes.
Synopsis
#include <kmlib.h>
CK_RV KM_EnumerateAttributes (
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObj,
CK_ATTRIBUTE * pTpl,
CK_SIZE * pTplSize
);
| Parameter | Description |
|---|---|
| hSession | Handle to valid session. |
| hObj | Handle to the object whose attributes are to be enumerated. |
| pTpl | Points to an array of attributes, which are to be filled out by the function. If this parameter is NULL, no attributes are copied into the array. |
| pTplSize | The size of the pTpl array. Upon successful completion of the function, this parameter will contain the number of attributes contained in hObj. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_SENSITIVE
CKR_ATTRIBUTE_TYPE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_OBJECT_HANDLE_INVALID
CKR_OK
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
KM_ImportDomainParams
Create a domain parmeters object based on file contents.
Synopsis
#include <kmlib.h>
CK_RV KM_ImportDomainParams(
CK_SESSION_HANDLE hSession,
CK_CHAR* pin, /* optional - callback if required and not provided */
CK_SIZE userPinLen,
CK_ATTRIBUTE* pObjTpl, /* CLASS, LABEL, MODIFIABLE, PRIVATE, KEY_TYPE, DELETABLE, TOKEN */
CK_COUNT ObjTplSize,
char * filename,
CK_OBJECT_HANDLE* phObj );
| Parameter | Description |
|---|---|
| hSession | Cryptoki session handle - may or not be logged on. |
| pin | Token user pin - optional (if required and not provided, then it is prompted for). |
| userPinLen | Length of the user pin (if any). |
| pObjTpl | Attributes of new object. Should only contain the following attributes: - CKA_CLASS (optional) - if provided then must be CKO_DOMAIN_PARAMETERS - CKA_LABEL (mandatory) - indicates label of new object - CKA_MODIFIABLE (optional) - defaults to TRUE - CKA_PRIVATE (optional) - defaults to FALSE (if true user pin is required or session must already be logged on) - CKA_KEY_TYPE (mandatory) - currently must be CKK_EC, this attribute determines expected file contents - CKA_DELETABLE (optional) - no default provided - CKA_TOKEN (optional) - defaults to TRUE |
| ObjTplSize | Number of entries in pObjTpl. |
| filename | Path and file name of the file to read domain parameters from. |
| phObj | Pointer to where the object handle is returned. |
Returns
Status of operation.
KM_EncodeECParamsP
#include“kmlib.h”
Windows library: Kmlib.lib
Unix library: Libkmlib.a
CK_RV KM_EncodeECParamsP(
CK_BYTE_PTR prime, CK_SIZE primeLen,
CK_BYTE_PTR curveA, CK_SIZE curveALen,
CK_BYTE_PTR curveB, CK_SIZE curveBLen,
CK_BYTE_PTR curveSeed,CK_SIZE curveSeedLen,
CK_BYTE_PTR baseX, CK_SIZE baseXLen,
CK_BYTE_PTR baseY, CK_SIZE baseYLen,
CK_BYTE_PTR bpOrder, CK_SIZE bpOrderLen,
CK_BYTE_PTR cofactor, CK_SIZE cofactorLen,
CK_BYTE_PTR result, CK_SIZE * resultLen
);
Do DER enc of ECC Domain Parameters Prime
All integer values are variable length big endian numbers with optional leading zeros. Integer lengths are all in bytes.
| Parameter | Description |
|---|---|
| prime | Prime modulus |
| primeLen | Prime modulus len |
| curveA | Elliptic Curve coefficient a |
| curveALen | Elliptic Curve coefficient a length |
| curveB | Elliptic Curve coefficient b |
| curveBLen | Elliptic Curve coefficient b length |
| curveSeed | Seed (optional may be NULL) |
| curveSeedLen | Seed length |
| baseX | Elliptic Curve point X coord |
| baseXLen | Elliptic Curve point X coord length |
| baseY | Elliptic Curve point Y coord |
| baseYLen | Elliptic Curve point Y coord length |
| bpOrder | Order n of the Base Point |
| bpOrderLen | Order n of the Base Point length |
| cofactor | The integer h = #E(Fq)/n (optional) |
| cofactorLen | h length |
| result | Resultant Encoding (length prediction supported if NULL) |
| resultLen | Buffer len/Length of resultant encoding |
| Return | Status of operation. CKR_OK if ok |
KM_EncodeECParams2M
#include“kmlib.h”
Windows library: Kmlib.lib
Unix library: Libkmlib.a
typedef enum {
ECBT_GnBasis, /* Gaussian Normal Basis - parameters = 0, 0, 0 */
ECBT_TpBasis, /* Trinomial Basis - parameters = k, 0, 0 */
ECBT_PpBasis /* Pentanomial Basis - parameters = k1, k2, k3 */
} ECBasisType;
CK_RV KM_EncodeECParams2M(
CK_SIZE m,
ECBasisType basis,
CK_SIZE parameters[3],
CK_BYTE_PTR curveA, CK_SIZE curveALen,
CK_BYTE_PTR curveB, CK_SIZE curveBLen,
CK_BYTE_PTR curveSeed,CK_SIZE curveSeedLen,
CK_BYTE_PTR baseX, CK_SIZE baseXLen,
CK_BYTE_PTR baseY, CK_SIZE baseYLen,
CK_BYTE_PTR bpOrder, CK_SIZE bpOrderLen,
CK_BYTE_PTR cofactor, CK_SIZE cofactorLen,
CK_BYTE_PTR result, CK_SIZE * resultLen
);
Do DER enc of ECC Domain Parameters 2^M
All long integer values are variable length big endian numbers with optional leading zeros, lengths are all in bytes.
| Parameter | Description |
|---|---|
| M | Degree of field |
| basis | Should be ECBT_GnBasis or ECBT_TpBasis or ECBT_PpBasis |
| parameters | Array of three integers - values depend on basis ECBT_GnBasis - parameters = 0. 0. 0 ECBT_TpBasis - parameters = k. 0. 0 ECBT_PpBasis - parameters = k1.k2.k3 |
| curveA | Elliptic Curve coefficient a |
| curveALen | Elliptic Curve coefficient a length |
| curveB | Elliptic Curve coefficient b |
| curveBLen | Elliptic Curve coefficient b length |
| curveSeed | Seed (optional may be NULL) |
| curveSeedLen | Seed length |
| baseX | Elliptic Curve point X coord |
| baseXLen | Elliptic Curve point X coord length |
| baseY | Elliptic Curve point Y coord |
| baseYLen | Elliptic Curve point Y coord length |
| bpOrder | Order n of the Base Point |
| bpOrderLen | Order n of the Base Point length |
| cofactor | The integer h = #E(Fq)/n (optional) |
| cofactorLen | h length |
| result | Resultant Encoding (length prediction supported if NULL) |
| resultLen | Buffer len/Length of resultant encoding |
| Return | Status of operation. CKR_OK if ok |
KM_GenerateDomainParams
Generate a domain param object.
Callbacks
This function uses the following callbacks:
Synopsis
#include <kmlib.h>
CK_RV KM_GenerateDomainParams(CK_SESSION_HANDLE hSession,
CK_KEY_TYPE keyType,
CK_SIZE keySizeInBits,
CK_SIZE subPrimeBits,
CK_ATTRIBUTE* pTpl,
CK_COUNT tplSize,
CK_OBJECT_HANDLE* phKey);
| Parameter | Description |
|---|---|
| hSession | Handle to an open session. |
| keyType | The type of PKCS#11 domain param to generate, such as the following: - CKK_DH - CKK_DSA |
| keySizeInBits | Size, in bits, of the params to generate. The size ranges for the supported PKCS#11 key types are the following: - CKK_DH - 512 to 4096 bits - CKK_DSA - 512 to 4096 bits |
| pTpl | The attribute template the new key will have. |
| tplSize | Number of attributes in pTpl. |
| phKey | Location to store the handle of the generated key. |
Returns
Status of operation.
KM_ExportToken
Export a token for a specific device.
Synopsis
#include <kmlib.h>
CK_RV KM_ExportToken (
CK_SESSION_HANDLE hSession,
CK_CHAR serialNumber[CK_SERIAL_NUMBER_SIZE],
CK_BYTE * tokenData,
CK_ULONG * pTokenDataSize
);
| Parameter | Description |
|---|---|
| hSession | Handle to a USER logged on session on the token to be exported. |
| serialNumber | The serial number of the destination device for which the token is being exported. |
| tokenData | Location to store the exported token data. If NULL is specified no data will be exported, however pTokenDataSize will still return the size of exported token data. |
| pTokenDataSize | The size of the tokenData buffer. Upon completion of the function, this parameter will contain the size of the exported data. If pTokenDataSize is too small, no data will be placed in tokenData. |
Returns
CKR_ARGUMENTS_BADCKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_KEY_HANDLE_INVALID
CKR_KEY_NOT_WRAPPABLE
CKR_KEY_SIZE_RANGE
CKR_KEY_UNEXTRACTABLE
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_USER_NOT_LOGGED_IN
CKR_WRAPPING_KEY_HANDLE_INVALID
CKR_WRAPPING_KEY_SIZE_RANGE
CKR_WRAPPING_KEY_TYPE_INCONSISTENT
KM_ImportToken
Import exported token data previously imported with KM_ExportToken() At this stage, only symmetric keys can be exported via this function.
Synopsis
#include <kmlib.h>
CK_RV KM_ImportToken (
CK_SESSION_HANDLEhSession,
const CK_BYTE *tokenData,
CK_ULONGtokenDataLen
);
| Parameter | Description |
|---|---|
| hSession | Handle to a USER logged on session on the token to be imported. |
| tokenData | The token data to import. |
| tokenDataLen | The size of the tokenData buffer. |
Returns
CKR_ARGUMENTS_BAD
CKR_ATTRIBUTE_READ_ONLY
CKR_ATTRIBUTE_TYPE_INVALID
CKR_ATTRIBUTE_VALUE_INVALID
CKR_BUFFER_TOO_SMALL
CKR_CRYPTOKI_NOT_INITIALIZED
CKR_DEVICE_ERROR
CKR_DEVICE_MEMORY
CKR_DEVICE_REMOVED
CKR_FUNCTION_CANCELED
CKR_FUNCTION_FAILED
CKR_GENERAL_ERROR
CKR_HOST_MEMORY
CKR_MECHANISM_INVALID
CKR_MECHANISM_PARAM_INVALID
CKR_OK
CKR_OPERATION_ACTIVE
CKR_SESSION_CLOSED
CKR_SESSION_HANDLE_INVALID
CKR_SESSION_READ_ONLY
CKR_TEMPLATE_INCOMPLETE
CKR_TEMPLATE_INCONSISTENT
CKR_TOKEN_WRITE_PROTECTED
CKR_UNWRAPPING_KEY_HANDLE_INVALID
CKR_UNWRAPPING_KEY_SIZE_RANGE
CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
CKR_USER_NOT_LOGGED_IN
CKR_WRAPPED_KEY_INVALID
CKR_WRAPPED_KEY_LEN_RANGE
