Key management functions
This section describes PKCS#11 key management functions.
C_GenerateKey
This function operates as specified in PKCS#11.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session the session state must be either CKS_RW_USER_FUNCTIONS
or CKS_RO_USER_FUNCTIONS
,otherwise the error CKR_USER_NOT_LOGGED_IN
is returned.
Synopsis
C_GenerateKey(
CK_SESSION_HANDLE hSession
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey
);
C_GenerateKeyPair
This function operates as specified in PKCS#11.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session the session state must be either CKS_RW_USER_FUNCTIONS
or CKS_RO_USER_FUNCTIONS
,otherwise the error CKR_USER_NOT_LOGGED_IN
is returned.
If CKA_ID
is not specified in either template then the library sets default values for these that are the same for both public and private object with a high likelihood of being unique. The value is a SHA1 hash of the modulus.
Synopsis
C_GenerateKeyPair(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey
);
C_WrapKey
This function operates as specified in PKCS#11.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session the session state must be either CKS_RW_USER_FUNCTIONS
or CKS_RO_USER_FUNCTIONS
,otherwise the error CKR_USER_NOT_LOGGED_IN
is returned.
Synopsis
C_WrapKey(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen
);
C_UnwrapKey
This function operates as specified in PKCS#11.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session the session state must be either CKS_RW_USER_FUNCTIONS
or CKS_RO_USER_FUNCTIONS
,otherwise the error CKR_USER_NOT_LOGGED_IN
is returned.
Synopsis
C_UnwrapKey(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey
);
C_DeriveKey
This function operates as specified in PKCS#11.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session the session state must be either CKS_RW_USER_FUNCTIONS
or CKS_RO_USER_FUNCTIONS
,otherwise the error CKR_USER_NOT_LOGGED_IN
is returned.
Simple derivation mechanisms are restricted to working on secret keys of type CKK_GENERIC_SECRET
.
Synopsis
C_DeriveKey(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey
);