Pkcs11Interop

Type of application that will be using PKCS#11 library

Recommended option: PKCS#11 library will be used from multi-threaded application and needs to perform locking with native OS threading model (CKF_OS_LOCKING_OK)

PKCS#11 library will be used from single-threaded application and does not need to perform any kind of locking

Exception with the name of PKCS#11 attribute whose value could not be read or converted

Attribute whose value could not be read or converted

Initializes new instance of AttributeValueException class

Attribute whose value could not be read or converted

Initializes a new instance of AttributeValueException class with a reference to the inner exception that is the cause of this exception

Attribute whose value could not be read or converted The exception that is the cause of the current exception

Initializes new instance of AttributeValueException class

Attribute whose value could not be read or converted

Initializes a new instance of AttributeValueException class with a reference to the inner exception that is the cause of this exception

Attribute whose value could not be read or converted The exception that is the cause of the current exception

Initializes new instance of AttributeValueException class

Attribute whose value could not be read or converted

Initializes a new instance of AttributeValueException class with a reference to the inner exception that is the cause of this exception

Attribute whose value could not be read or converted The exception that is the cause of the current exception

Initializes new instance of AttributeValueException class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Populates a SerializationInfo with the data needed to serialize the target object

SerializationInfo to populate with data The destination for this serialization

General constants

The following value is always invalid if used as a session handle or object handle

Token and/or library is unable or unwilling to provide information

Checks whether provided number has value of CK_UNAVAILABLE_INFORMATION constant

Number to be checked True if number has value of CK_UNAVAILABLE_INFORMATION constant false otherwise

Specifies no practical limit

No certificate category specified

Certificate belongs to owner of the token

Certificate belongs to a certificate authority

Certificate belongs to an end entity (i.e. not a CA)

No JAVA MIDP security domain specified

Manufacturer protection JAVA MIDP security domain

Operator protection JAVA MIDP security domain

Third party protection JAVA MIDP security domain

Decimal (default) (UTF8-encoded) format of OTP value

Hexadecimal (UTF8-encoded) format of OTP value

Alphanumeric (UTF8-encoded) format of OTP value

Binary format of OTP value

OTP parameter, if supplied, will be ignored

OTP parameter may be supplied but need not be

OTP parameter must be supplied

An actual OTP value

A UTF8 string containing a PIN for use when computing or verifying PIN-based OTP values

Challenge to use when computing or verifying challenge-based OTP values

UTC time value in the form YYYYMMDDhhmmss to use when computing or verifying time-based OTP values

Counter value to use when computing or verifying counter-based OTP values

Bit flags indicating the characteristics of the sought OTP as defined below

Desired output length (overrides any default value)

Returned OTP format

Attributes

Object class (type) [CKO/uint]

True if object is a token object; false if object is a session object [bool]

True if object is a private object; false if object is a public object. [bool]

Description of the object [string]

Description of the application that manages the object [string]

Value of the object [byte array]

DER-encoding of the object identifier indicating the data object type [byte array]

Type of certificate [CKC/uint]

DER-encoding of the certificate issuer name [byte array]

DER-encoding of the certificate serial number [byte array]

DER-encoding of the attribute certificate's issuer field. [byte array]

DER-encoding of the attribute certificate's subject field. [byte array]

BER-encoding of a sequence of object identifier values corresponding to the attribute types contained in the certificate. [byte array]

The certificate can be trusted for the application that it was created. [bool]

Categorization of the certificate [uint]

Java MIDP security domain [uint]

If not empty this attribute gives the URL where the complete certificate can be obtained [string]

SHA-1 hash of the subject public key [byte array]

SHA-1 hash of the issuer public key [byte array]

Checksum [byte array]

Type of key [CKK/uint]

DER-encoding of the key subject name [byte array]

Key identifier for public/private key pair [byte array]

True if key is sensitive [bool]

True if key supports encryption [bool]

True if key supports decryption [bool]

True if key supports wrapping (i.e., can be used to wrap other keys) [bool]

True if key supports unwrapping (i.e., can be used to unwrap other keys) [bool]

True if key supports signatures (i.e., authentication codes) where the signature is an appendix to the data [bool]

True if key supports signatures where the data can be recovered from the signature [bool]

True if key supports verification (i.e., of authentication codes) where the signature is an appendix to the data [bool]

True if key supports verification where the data is recovered from the signature [bool]

True if key supports key derivation (i.e., if other keys can be derived from this one) [bool]

Start date for the certificate/key [DateTime]

End date for the certificate/key [DateTime]

Modulus n [byte array]

Length in bits of modulus n [uint]

Public exponent e [byte array]

Private exponent d [byte array]

Prime p [byte array]

Prime q [byte array]

Private exponent d modulo p-1 [byte array]

Private exponent d modulo q-1 [byte array]

CRT coefficient q^-1 mod p [byte array]

DER-encoding of the SubjectPublicKeyInfo [byte array]

Prime p (512 to 1024 bits, in steps of 64 bits) [byte array]

Subprime q (160 bits) [byte array]

Base g [byte array]

Length of the prime value [uint]

Length of the subprime value [uint]

Length in bits of private value x [uint]

Length in bytes of key value [uint]

True if key is extractable and can be wrapped [bool]

True only if key was either generated locally (i.e., on the token) or created as a copy of a key which had its CKA_LOCAL attribute set to true [bool]

True if key has never had the CKA_EXTRACTABLE attribute set to true [bool]

True if key has always had the CKA_SENSITIVE attribute set to true [bool]

Identifier of the mechanism used to generate the key material [CKM/uint]

True if object can be modified [bool]

True if object can be copied [bool]

True if object can be destroyed [bool]

DER-encoding of an ANSI X9.62 Parameters value [byte array]

DER-encoding of ANSI X9.62 ECPoint value Q [byte array]

True if the key requires a secondary authentication to take place before its use it allowed [bool]

Mask indicating the current state of the secondary authentication PIN [uint]

If true, the user has to supply the PIN for each use (sign or decrypt) with the key [bool]

True if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to true [bool]

The attribute template to match against any keys wrapped using this wrapping key. Keys that do not match cannot be wrapped. [List of ObjectAttribute / CK_ATTRIBUTE array]

The attribute template to apply to any keys unwrapped using this wrapping key. Any user supplied template is applied after this template as if the object has already been created. [List of ObjectAttribute / CK_ATTRIBUTE array]

The attribute template to apply to any keys derived using this key. Any user supplied template is applied after this template as if the object has already been created. [List of ObjectAttribute / CK_ATTRIBUTE array]

Format of OTP values produced with this key: CK_OTP_FORMAT_DECIMAL = Decimal, CK_OTP_FORMAT_HEXADECIMAL = Hexadecimal, CK_OTP_FORMAT_ALPHANUMERIC = Alphanumeric, CK_OTP_FORMAT_BINARY = Only binary values [uint]

Default length of OTP values (in the CKA_OTP_FORMAT) produced with this key [uint]

Interval between OTP values produced with this key, in seconds. [uint]

Set to true when the token is capable of returning OTPs suitable for human consumption [bool]

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A challenge must be supplied. CK_OTP_PARAM_OPTIONAL = A challenge may be supplied but need not be. CK_OTP_PARAM_IGNORED = A challenge, if supplied, will be ignored. [uint]

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A time value must be supplied. CK_OTP_PARAM_OPTIONAL = A time value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A time value, if supplied, will be ignored. [uint]

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A counter value must be supplied. CK_OTP_PARAM_OPTIONAL = A counter value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A counter value, if supplied, will be ignored. [uint]

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A PIN value must be supplied. CK_OTP_PARAM_OPTIONAL = A PIN value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A PIN value, if supplied, will be ignored. [uint]

Value of the associated internal counter [byte array]

Value of the associated internal UTC time in the form YYYYMMDDhhmmss [string]

Text string that identifies a user associated with the OTP key (may be used to enhance the user experience). [string]

Text string that identifies a service that may validate OTPs generated by this key [string]

Logotype image that identifies a service that may validate OTPs generated by this key. [byte array]

MIME type of the CKA_OTP_SERVICE_LOGO attribute value [string]

DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. [byte array]

DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. [byte array]

DER-encoding of the object identifier indicating the data object type of GOST 28147-89. [byte array]

Hardware feature (type) [CKH/uint]

The value of the counter will reset to a previously returned value if the token is initialized [bool]

The value of the counter has been reset at least once at some point in time [bool]

Screen resolution (in pixels) in X-axis [uint]

Screen resolution (in pixels) in Y-axis [uint]

DPI, pixels per inch [uint]

Number of character rows for character-oriented displays [uint]

Number of character columns for character-oriented displays [uint]

Color support [bool]

The number of bits of color or grayscale information per pixel. [uint]

String indicating supported character sets, as defined by IANA MIBenum sets (www.iana.org). Supported character sets are separated with ";" e.g. a token supporting iso-8859-1 and us-ascii would set the attribute value to "4;3". [string]

String indicating supported content transfer encoding methods, as defined by IANA (www.iana.org). Supported methods are separated with ";" e.g. a token supporting 7bit, 8bit and base64 could set the attribute value to "7bit;8bit;base64". [string]

String indicating supported (presentable) MIME-types, as defined by IANA (www.iana.org). Supported types are separated with ";" e.g. a token supporting MIME types "a/b", "a/c" and "a/d" would set the attribute value to "a/b;a/c;a/d". [string]

The type of mechanism object [CKM/uint]

Attributes the token always will include in the set of CMS signed attributes [byte array]

Attributes the token will include in the set of CMS signed attributes in the absence of any attributes specified by the application [byte array]

Attributes the token may include in the set of CMS signed attributes upon request by the application [byte array]

A list of mechanisms allowed to be used with this key [List of CKM / List of uint / CKM array / uint array]

Permanently reserved for token vendors

Certificate types

X.509 public key certificate

X.509 attribute certificate

WTLS public key certificate

Permanently reserved for token vendors

Key derivation functions

No derivation function

ANSI X9.63 key derivation function based on SHA-1

ANSI X9.42 key derivation function based on SHA-1

ANSI X9.63 key derivation function based on SHA-224

ANSI X9.63 key derivation function based on SHA-256

ANSI X9.63 key derivation function based on SHA-384

ANSI X9.63 key derivation function based on SHA-512

CryptoPro KEK Diversification Algorithm described in section 6.5 of RFC 4357

Bit flags

True if a token is present in the slot

True if the reader supports removable devices

True if the slot is a hardware slot, as opposed to a software slot implementing a "soft token"

True if the token has its own random number generator

True if the token is write-protected

True if there are some cryptographic functions that a user must be logged in to perform

True if the normal user's PIN has been initialized

True if a successful save of a session's cryptographic operations state always contains all keys needed to restore the state of the session

True if token has its own hardware clock

True if token has a "protected authentication path", whereby a user can log into the token without passing a PIN through the Cryptoki library

True if a single session with the token can perform dual cryptographic operations

True if the token has been initialized using C_InitializeToken or an equivalent mechanism outside the scope of this standard. Calling C_InitializeToken when this flag is set will cause the token to be reinitialized.

True if the token supports secondary authentication for private key objects.

True if an incorrect user login PIN has been entered at least once since the last successful authentication.

True if supplying an incorrect user PIN will it to become locked.

True if the user PIN has been locked. User login to the token is not possible.

True if the user PIN value is the default value set by token initialization or manufacturing, or the PIN has been expired by the card.

True if an incorrect SO login PIN has been entered at least once since the last successful authentication.

True if supplying an incorrect SO PIN will it to become locked.

True if the SO PIN has been locked. User login to the token is not possible.

True if the SO PIN value is the default value set by token initialization or manufacturing, or the PIN has been expired by the card.

True if the token failed a FIPS 140-2 self-test and entered an error state.

True if the session is read/write; false if the session is read-only

This flag is provided for backward compatibility, and should always be set to true

Identifies attribute whose value is an array of attributes

True if the mechanism is performed by the device; false if the mechanism is performed in software

True if the mechanism can be used with C_EncryptInit

True if the mechanism can be used with C_DecryptInit

True if the mechanism can be used with C_DigestInit

True if the mechanism can be used with C_SignInit

True if the mechanism can be used with C_SignRecoverInit

True if the mechanism can be used with C_VerifyInit

True if the mechanism can be used with C_VerifyRecoverInit

True if the mechanism can be used with C_GenerateKey

True if the mechanism can be used with C_GenerateKeyPair

True if the mechanism can be used with C_WrapKey

True if the mechanism can be used with C_UnwrapKey

True if the mechanism can be used with C_DeriveKey

True if the mechanism can be used with EC domain parameters over Fp

True if the mechanism can be used with EC domain parameters over F2m

True if the mechanism can be used with EC domain parameters of the choice ecParameters

True if the mechanism can be used with EC domain parameters of the choice namedCurve

True if the mechanism can be used with elliptic curve point uncompressed

True if the mechanism can be used with elliptic curve point compressed

True if there is an extension to the flags; false if no extensions

True if application threads which are executing calls to the library may not use native operating system calls to spawn new threads; false if they may

True if the library can use the native operation system threading model for locking; false otherwise

Flag indicating that C_WaitForSlotEvent should not block until an event occurs - it should return immediately instead

True if the OTP computation shall be for the next OTP, rather than the current one

True if the OTP computation must not include a time value

True if the OTP computation must not include a counter value

True if the OTP computation must not include a challenge

True if the OTP computation must not include a PIN value

True if the OTP returned shall be in a form suitable for human consumption

Mask generation functions

PKCS #1 Mask Generation Function with SHA-1 digest algorithm

PKCS #1 Mask Generation Function with SHA-256 digest algorithm

PKCS #1 Mask Generation Function with SHA-384 digest algorithm

PKCS #1 Mask Generation Function with SHA-512 digest algorithm

PKCS #1 Mask Generation Function with SHA-224 digest algorithm

Hardware feature types

Monotonic counter objects represent hardware counters that exist on the device.

Clock objects represent real-time clocks that exist on the device.

User interface objects represent the presentation capabilities of the device.

Permanently reserved for token vendors.

Key types

RSA key

DSA key

DH (Diffie-Hellman) key

EC (Elliptic Curve) key

X9.42 Diffie-Hellman public keys

KEA keys

Generic secret key

RC2 key

RC4 key

Single-length DES key

Double-length DES key

Triple-length DES key

CAST key

CAST3 key

CAST128 key

RC5 key

IDEA key

Single-length MEK or a TEK

Single-length BATON key

Single-length JUNIPER key

Single-length CDMF key

AES key

Blowfish key

Twofish key

RSA SecurID secret key

Generic secret key and associated counter value

ActivIdentity ACTI secret key

Camellia key

ARIA key

MD5 HMAC key

SHA-1 HMAC key

RIPE-MD 128 HMAC key

RIPE-MD 160 HMAC key

SHA-256 HMAC key

SHA-384 HMAC key

SHA-512 HMAC key

SHA-224 HMAC key

SEED secret key

GOST R 34.10-2001 key

GOST R 34.11-94 key or domain parameter

GOST 28147-89 key or domain parameter

Permanently reserved for token vendors

Mechanism type

Key pair generation mechanism based on the RSA public-key cryptosystem, as defined in PKCS #1

Multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5.

Mechanism for single-part signatures and verification with and without message recovery based on the RSA public-key cryptosystem and the block formats defined in ISO/IEC 9796 and its annex A

Multi-purpose mechanism based on the RSA public-key cryptosystem ("raw" RSA, as assumed in X.509)

The PKCS #1 v1.5 RSA signature with MD2 mechanism

The PKCS #1 v1.5 RSA signature with MD5 mechanism

The PKCS #1 v1.5 RSA signature with SHA-1 mechanism

The PKCS #1 v1.5 RSA signature with RIPEMD-128

The PKCS #1 v1.5 RSA signature with RIPEMD-160

The PKCS #1 RSA OAEP mechanism based on the RSA public-key cryptosystem and the OAEP block format defined in PKCS #1

The X9.31 RSA key pair generation mechanism

The ANSI X9.31 RSA mechanism

The ANSI X9.31 RSA signature with SHA-1 mechanism

The PKCS #1 RSA PSS mechanism based on the RSA public-key cryptosystem and the PSS block format defined in PKCS#1

The PKCS #1 RSA PSS signature with SHA-1 mechanism

The DSA key pair generation mechanism

The DSA without hashing mechanism

The DSA with SHA-1 mechanism

The DSA with SHA-224 mechanism

The DSA with SHA-256 mechanism

The DSA with SHA-384 mechanism

The DSA with SHA-512 mechanism

The PKCS #3 Diffie-Hellman key pair generation mechanism

The PKCS #3 Diffie-Hellman key derivation mechanism

The X9.42 Diffie-Hellman key pair generation mechanism

The X9.42 Diffie-Hellman key derivation mechanism

The X9.42 Diffie-Hellman hybrid key derivation mechanism

The X9.42 Diffie-Hellman Menezes-Qu-Vanstone (MQV) key derivation mechanism

PKCS #1 v1.5 RSA signature with SHA-256 mechanism

PKCS #1 v1.5 RSA signature with SHA-384 mechanism

PKCS #1 v1.5 RSA signature with SHA-512 mechanism

The PKCS #1 RSA PSS signature with SHA-256 mechanism

The PKCS #1 RSA PSS signature with SHA-384 mechanism

The PKCS #1 RSA PSS signature with SHA-512 mechanism

The PKCS #1 v1.5 RSA signature with SHA-224 mechanism

The PKCS #1 RSA PSS signature with SHA-224 mechanism

The SHA-512/224 digesting mechanism

Special case of the general-length SHA-512/224-HMAC mechanism

The general-length SHA-512/224-HMAC mechanism that uses the HMAC construction, based on the SHA-512/224 hash function

Key derivation based on the SHA-512/224 hash function

The SHA-512/256 digesting mechanism

Special case of the general-length SHA-512/256-HMAC mechanism

The general-length SHA-512/256-HMAC mechanism that uses the HMAC construction, based on the SHA-512/256 hash function

Key derivation based on the SHA-512/256 hash function

The SHA-512/t digesting mechanism

Special case of the general-length SHA-512/t-HMAC mechanism

The general-length SHA-512/t-HMAC mechanism that uses the HMAC construction, based on the SHA-512/t hash function

Key derivation based on the SHA-512/t hash function

The RC2 key generation mechanism

RC2-ECB encryption mechanism with electronic codebook mode (ECB)

RC2-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length RC2-MAC mechanism

General-length RC2-MAC mechanism based on data authentication as defined in FIPS PUB 113

RC2-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

The RC4 key generation mechanism

RC4 encryption mechanism

Single-length DES key generation mechanism

DES-ECB encryption mechanism with electronic codebook mode (ECB)

DES-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length DES-MAC mechanism

General-length DES-MAC mechanism based on data authentication as defined in FIPS PUB 113

DES-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

Double-length DES key generation mechanism

Triple-length DES key generation mechanism

DES3-ECB encryption mechanism with electronic codebook mode (ECB)

DES3-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length DES3-MAC mechanism

General-length DES3-MAC mechanism based on data authentication as defined in FIPS PUB 113

DES3-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

General-length DES3-CMAC mechanism based on Cipher-based Message Authenticate Code as defined in NIST SP 800-38B and RFC 4493

Special case of general-length DES3-CMAC mechanism based on Cipher-based Message Authenticate Code as defined in NIST SP 800-38B and RFC 4493

Single-length CDMF key generation mechanism

CDMF-ECB encryption mechanism with electronic codebook mode (ECB)

CDMF-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length CDMF-MAC mechanism

General-length CDMF-MAC mechanism based on data authentication as defined in FIPS PUB 113

CDMF-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

DES-OFB64 encryption mechanism with output feedback mode (OFB)

DES-OFB8 encryption mechanism with output feedback mode (OFB)

DES-CFB64 encryption mechanism with cipher feedback mode (CFB)

DES-CFB8 encryption mechanism with cipher feedback mode (CFB)

The MD2 digesting mechanism

Special case of the general-length MD2-HMAC mechanism

The general-length MD2-HMAC mechanism that uses the HMAC construction, based on the MD2 hash function

The MD5 digesting mechanism

Special case of the general-length MD5-HMAC mechanism

The general-length MD5-HMAC mechanism that uses the HMAC construction, based on the MD5 hash function

The SHA-1 digesting mechanism

Special case of the general-length SHA1-HMAC mechanism

The general-length SHA1-HMAC mechanism that uses the HMAC construction, based on the SHA1 hash function

The RIPE-MD 128 digesting mechanism

Special case of the general-length RIPE-MD 128-HMAC mechanism

The general-length RIPE-MD 128-HMAC mechanism that uses the HMAC construction, based on the RIPE-MD 128 hash function

The RIPE-MD 160 digesting mechanism

Special case of the general-length RIPE-MD 160-HMAC mechanism

The general-length RIPE-MD 160-HMAC mechanism that uses the HMAC construction, based on the RIPE-MD 160 hash function

The SHA-256 digesting mechanism

Special case of the general-length SHA-256-HMAC mechanism

The general-length SHA-256-HMAC mechanism that uses the HMAC construction, based on the SHA-256 hash function

The SHA-224 digesting mechanism

Special case of the general-length SHA-224-HMAC mechanism

The general-length SHA-224-HMAC mechanism that uses the HMAC construction, based on the SHA-224 hash function

The SHA-384 digesting mechanism

Special case of the general-length SHA-384-HMAC mechanism

The general-length SHA-384-HMAC mechanism that uses the HMAC construction, based on the SHA-384 hash function

The SHA-512 digesting mechanism

Special case of the general-length SHA-512-HMAC mechanism

The general-length SHA-512-HMAC mechanism that uses the HMAC construction, based on the SHA-512 hash function

Key generation mechanism for the RSA SecurID algorithm

Mechanism for the retrieval and verification of RSA SecurID OTP values

Key generation mechanism for the HOTP algorithm

Mechanism for the retrieval and verification of HOTP OTP values

Mechanism for the retrieval and verification of ACTI OTP values

Key generation mechanism for the ACTI algorithm

CAST key generation mechanism

CAST-ECB encryption mechanism with electronic codebook mode (ECB)

CAST-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length CAST-MAC mechanism

General-length CAST-MAC mechanism based on data authentication as defined in FIPS PUB 113

CAST-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

CAST3 key generation mechanism

CAST3-ECB encryption mechanism with electronic codebook mode (ECB)

CAST3-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length CAST3-MAC mechanism

General-length CAST3-MAC mechanism based on data authentication as defined in FIPS PUB 113

CAST3-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

CAST128 key generation mechanism

CAST128-ECB encryption mechanism with electronic codebook mode (ECB)

CAST128-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length CAST128-MAC mechanism

General-length CAST128-MAC mechanism based on data authentication as defined in FIPS PUB 113

CAST128-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

RC5 key generation mechanism

RC5-ECB encryption mechanism with electronic codebook mode (ECB)

RC5-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length RC5-MAC mechanism

General-length RC5-MAC mechanism based on data authentication as defined in FIPS PUB 113

RC5-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

IDEA key generation mechanism

IDEA-ECB encryption mechanism with electronic codebook mode (ECB)

IDEA-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length IDEA-MAC mechanism

General-length IDEA-MAC mechanism based on data authentication as defined in FIPS PUB 113

IDEA-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

The generic secret key generation mechanism

Key derivation mechanism that derives a secret key from the concatenation of two existing secret keys

Key derivation mechanism that derives a secret key by concatenating data onto the end of a specified secret key

Key derivation mechanism that derives a secret key by prepending data to the start of a specified secret key

Key derivation mechanism that

Mechanism which provides the capability of creating one secret key from the bits of another secret key

Mechanism for pre_master key generation in SSL 3.0

Mechanism for master key derivation in SSL 3.0

Mechanism for key, MAC and IV derivation in SSL 3.0

Mechanism for master key derivation for Diffie-Hellman in SSL 3.0

Mechanism for pre-master key generation in TLS 1.0,

Mechanism for master key derivation in TLS 1.0

Mechanism for key, MAC and IV derivation in TLS 1.0

Mechanism for master key derivation for Diffie-Hellman in TLS 1.0

PRF (pseudo random function) in TLS

Mechanism for MD5 MACing in SSL3.0

Mechanism for SHA-1 MACing in SSL3.0

MD5 key derivation mechanism

MD2 key derivation mechanism

SHA-1 key derivation mechanism

SHA-256 key derivation mechanism

SHA-384 key derivation mechanism

SHA-512 key derivation mechanism

SHA-224 key derivation mechanism

MD2-PBE for DES-CBC mechanism used for generating a DES secret key and an IV from a password and a salt value by using the MD2 digest algorithm and an iteration count. This functionality is defined in PKCS#5 as PBKDF1.

MD5-PBE for DES-CBC mechanism used for generating a DES secret key and an IV from a password and a salt value by using the MD5 digest algorithm and an iteration count. This functionality is defined in PKCS#5 as PBKDF1.

MD5-PBE for CAST-CBC mechanism used for generating a CAST secret key and an IV from a password and a salt value by using the MD5 digest algorithm and an iteration count.

MD5-PBE for CAST3-CBC mechanism used for generating a CAST3 secret key and an IV from a password and a salt value by using the MD5 digest algorithm and an iteration count.

MD5-PBE for CAST128-CBC (CAST5-CBC) mechanism used for generating a CAST128 (CAST5) secret key and an IV from a password and a salt value by using the MD5 digest algorithm and an iteration count.

MD5-PBE for CAST128-CBC mechanism used for generating a CAST128 secret key and an IV from a password and a salt value by using the MD5 digest algorithm and an iteration count.

SHA-1-PBE for CAST128-CBC (CAST5-CBC) mechanism used for generating a CAST128 (CAST5) secret key and an IV from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for CAST128-CBC mechanism used for generating a CAST128 secret key and an IV from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for 128-bit RC4 mechanism used for generating a 128-bit RC4 secret key from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for 40-bit RC4 mechanism used for generating a 40-bit RC4 secret key from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for 3-key triple-DES-CBC mechanism used for generating a 3-key triple-DES secret key and IV from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for 2-key triple-DES-CBC mechanism used for generating a 2-key triple-DES secret key and IV from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for 128-bit RC2-CBC mechanism used for generating a 128-bit RC2 secret key and IV from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

SHA-1-PBE for 40-bit RC2-CBC mechanism used for generating a 40-bit RC2 secret key and IV from a password and a salt value by using the SHA-1 digest algorithm and an iteration count.

PKCS #5 PBKDF2 key generation mechanism used for generating a secret key from a password and a salt value

SHA-1-PBA for SHA-1-HMAC mechanism used for generating a 160-bit generic secret key from a password and a salt value by using the SHA-1 digest algorithm and an iteration count

Mechanism for pre-master secret key generation for the RSA key exchange suite in WTLS

Mechanism for master secret derivation in WTLS

Mechanism for master secret derivation for Diffie-Hellman and Elliptic Curve Cryptography in WTLS

PRF (pseudo random function) in WTLS

Mechanism for server key, MAC and IV derivation in WTLS

Mechanism for client key, MAC and IV derivation in WTLS

Mechanism is defined in PKCS#11 v2.40e1 headers but the description is not present in the specification

Mechanism for master key derivation in TLS 1.2

Mechanism for key, MAC and IV derivation in TLS 1.2

Mechanism for master key derivation for Diffie-Hellman in TLS 1.2

Mechanism that is identical to CKM_TLS12_KEY_AND_MAC_DERIVE except that it shall never produce IV data

Mechanism for generation of integrity tags for the TLS "finished" message

Mechanism that uses the TLS key material and TLS PRF function to produce additional key material for protocols that want to leverage the TLS key negotiation mechanism

The LYNKS key wrapping mechanism

The OAEP key wrapping for SET mechanism

The CMS mechanism

The CT-KIP key derivation mechanism

The CT-KIP key wrap and unwrap mechanism

The CT-KIP signature (MAC) mechanism

The Camellia key generation mechanism

Camellia-ECB encryption mechanism with electronic codebook mode (ECB)

Camellia-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length Camellia-MAC mechanism

General-length Camellia-MAC mechanism based on data authentication as defined in FIPS PUB 113

Camellia-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

Key derivation mechanism based on Camellia-ECB encryption mechanism with electronic codebook mode (ECB)

Key derivation mechanism based on Camellia-CBC encryption mechanism with cipher-block chaining mode (CBC)

Camellia-CTR mechanism for encryption and decryption with CAMELLIA in counter mode

The ARIA key generation mechanism

ARIA-ECB encryption mechanism with electronic codebook mode (ECB)

ARIA-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length ARIA-MAC mechanism

General-length ARIA-MAC mechanism based on data authentication as defined in FIPS PUB 113

ARIA-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

Key derivation mechanism based on ARIA-ECB encryption mechanism with electronic codebook mode (ECB)

Key derivation mechanism based on ARIA-CBC encryption mechanism with cipher-block chaining mode (CBC)

The SEED key generation mechanism

SEED-ECB encryption mechanims with electronic codebook mode (ECB)

SEED-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length SEED-MAC mechanism

General-length SEED-MAC mechanism based on data authentication as defined in FIPS PUB 113

SEED-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

Key derivation mechanism based on SEED-ECB encryption mechanism with electronic codebook mode (ECB)

Key derivation mechanism based on SEED-CBC encryption mechanism with cipher-block chaining mode (CBC)

The SKIPJACK key generation mechanism

SKIPJACK-ECB64 mechanism for encryption and decryption with SKIPJACK in 64-bit electronic codebook mode (ECB)

SKIPJACK-CBC64 mechanism for encryption and decryption with SKIPJACK in 64-bit cipher-block chaining mode (CBC)

SKIPJACK-OFB64 mechanism for encryption and decryption with SKIPJACK in 64-bit output feedback mode (OFB)

SKIPJACK-CFB64 mechanism for encryption and decryption with SKIPJACK in 64-bit cipher feedback mode (CFB)

SKIPJACK-CFB32 mechanism for encryption and decryption with SKIPJACK in 32-bit cipher feedback mode (CFB)

SKIPJACK-CFB16 mechanism for encryption and decryption with SKIPJACK in 16-bit cipher feedback mode (CFB)

SKIPJACK-CFB8 mechanism for encryption and decryption with SKIPJACK in 8-bit cipher feedback mode (CFB)

SKIPJACK mechanism for wrapping and unwrapping of secret keys (MEK)

Mechanism for wrapping and unwrapping KEA and DSA private keys

Mechanism for "change of wrapping" on a private key which was wrapped with the SKIPJACK-PRIVATE-WRAP mechanism

The KEA key pair generation mechanism

The KEA key derivation mechanism

The FORTEZZA timestamp mechanism

The BATON key generation mechanism

BATON-ECB128 mechanism for encryption and decryption with BATON in 128-bit electronic codebook mode (ECB)

BATON-ECB96 mechanism for encryption and decryption with BATON in 96-bit electronic codebook mode (ECB)

BATON-CBC128 mechanism for encryption and decryption with BATON in 128-bit cipher-block chaining mode (CBC)

BATON-COUNTER mechanism encryption and decryption with BATON in counter mode

BATON-SHUFFLE mechanism for encryption and decryption with BATON in shuffle mode

BATON mechanism for wrapping and unwrapping of secret keys (MEK)

The EC (also related to ECDSA) key pair generation mechanism

The ECDSA without hashing mechanism

The ECDSA with SHA-1 mechanism

The ECDSA with SHA-224 mechanism

The ECDSA with SHA-256 mechanism

The ECDSA with SHA-384 mechanism

The ECDSA with SHA-512 mechanism

The elliptic curve Diffie-Hellman (ECDH) key derivation mechanism

The elliptic curve Diffie-Hellman (ECDH) with cofactor key derivation mechanism

The elliptic curve Menezes-Qu-Vanstone (ECMQV) key derivation mechanism

Mechanism based on the EC public-key cryptosystem and the AES key wrap mechanism

Mechanism based on the RSA public-key cryptosystem and the AES key wrap mechanism

The JUNIPER key generation mechanism

JUNIPER-ECB128 mechanism for encryption and decryption with JUNIPER in 128-bit electronic codebook mode (ECB)

JUNIPER-CBC128 mechanism for encryption and decryption with JUNIPER in 128-bit cipher-block chaining mode (CBC)

JUNIPER COUNTER mechanism for encryption and decryption with JUNIPER in counter mode

JUNIPER-SHUFFLE mechanism for encryption and decryption with JUNIPER in shuffle mode

The JUNIPER wrap and unwrap mechanism used to wrap and unwrap an MEK

The FASTHASH digesting mechanism

The AES key generation mechanism

AES-ECB encryption mechanism with electronic codebook mode (ECB)

AES-CBC encryption mechanism with cipher-block chaining mode (CBC)

Special case of general-length AES-MAC mechanism

General-length AES-MAC mechanism based on data authentication as defined in FIPS PUB 113

AES-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

AES-CTR encryption mechanism with AES in counter mode

AES-GCM authenticated encryption

AES-CCM authenticated encryption

AES CBC encryption with Cipher Text Stealing CTS

Special case of general-length AES-CMAC mechanism based on Cipher-based Message Authenticate Code as defined in NIST SP 800-38B and RFC 4493

General-length AES-CMAC mechanism based on Cipher-based Message Authenticate Code as defined in NIST SP 800-38B and RFC 4493

AES-XCBC-MAC signing and verification mechanism based on NIST AES and RFC 3566

AES-XCBC-MAC-96 signing and verification mechanism based on NIST AES and RFC 3566

AES-GMAC signing and verification mechanism described in NIST SP 800-38D

The Blowfish key generation mechanism

Blowfish-CBC mechanism for encryption and decryption; key wrapping; and key unwrapping

The Twofish key generation mechanism

Twofish-CBC mechanism for encryption and decryption; key wrapping; and key unwrapping

Blowfish-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

Twofish-CBC encryption mechanism with cipher-block chaining mode (CBC) and PKCS#7 padding

Key derivation mechanism that uses the result of an DES-ECB encryption operation as the key value

Key derivation mechanism that uses the result of an DES-CBC encryption operation as the key value

Key derivation mechanism that uses the result of an DES3-ECB encryption operation as the key value

Key derivation mechanism that uses the result of an DES3-CBC encryption operation as the key value

Key derivation mechanism that uses the result of an AES-ECB encryption operation as the key value

Key derivation mechanism that uses the result of an AES-CBC encryption operation as the key value

GOST R 34.10-2001 key generation

GOST R 34.10-2001 signing and verification without hashing

GOST R 34.10-2001 signing and verification with GOST R 34.11-94 hashing

GOST R 34.10-2001 based mechanims for GOST 28147-89 key wrapping

GOST R 34.10-2001 based key derivation mechanim

GOST R 34.11-94 digesting mechanism

GOST R 34.11-94 based mechanism for HMAC construction

GOST 28147-89 key generation

GOST 28147-89 encryption mechanism with electronic codebook mode (ECB)

GOST 28147-89 encryption mechanism with with cipher feedback mode (CFB) and additional CBC mode defined in section 2 of RFC 4357

GOST 28147-89-MAC mechanism for data integrity and authentication based on GOST 28147-89 and key meshing algorithms defined in section 2.3 of RFC 4357

GOST 28147-89 based mechanims for GOST 28147-89 key wrapping

The DSA domain parameter generation mechanism

The PKCS #3 Diffie-Hellman domain parameter generation mechanism

The X9.42 Diffie-Hellman domain parameter generation mechanism

The DSA probabilistic domain parameter generation mechanism based on the DSA defined in Appendix A.1.1 of FIPS PUB 186-4

The DSA Shawe-Taylor domain parameter generation mechanism based on the DSA defined in Appendix A.1.2 of FIPS PUB 186-4

AES-OFB encryption mechanism with output feedback mode (OFB)

AES-CFB64 encryption mechanism with cipher feedback mode (CFB)

AES-CFB8 encryption mechanism with cipher feedback mode (CFB)

AES-CFB128 encryption mechanism with cipher feedback mode (CFB)

AES-CFB1 encryption mechanism with cipher feedback mode (CFB)

AES key wrapping mechanism without padding

AES key wrapping mechanism with padding

Multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS#1 v1.5, with additional formatting rules defined in TCPA TPM Specification Version 1.1b

Multi-purpose mechanism based on the RSA public-key cryptosystem and the OAEP block format defined in PKCS #1, with additional formatting defined in TCPA TPM Specification Version 1.1b

Permanently reserved for token vendors

Notifications

Cryptoki is surrendering the execution of a function executing in a session so that the application may perform other operations

Cryptoki is informing the application that the OTP for a key on a connected token just changed

Object class

Data object that holds information defined by an application.

Certificate object that holds public-key or attribute certificates.

Public key object that holds public keys.

Private key object that holds private keys.

Secret key object that holds secret keys.

Hardware feature object that represent features of the device.

Domain parameter object that holds public domain parameters.

Mechanism object that provides information about mechanisms supported by a device beyond that given by the CK_MECHANISM_INFO structure.

OTP key object that holds secret keys used by OTP tokens.

Reserved for token vendors.

Pseudo-random functions

PKCS#5 PBKDF2 with HMAC-SHA-1 pseudorandom function

PKCS#5 PBKDF2 with GOST R34.11-94 pseudorandom function

PKCS#5 PBKDF2 with HMAC-SHA-224 pseudorandom function

PKCS#5 PBKDF2 with HMAC-SHA-256 pseudorandom function

PKCS#5 PBKDF2 with HMAC-SHA-384 pseudorandom function

PKCS#5 PBKDF2 with HMAC-SHA-512 pseudorandom function

PKCS#5 PBKDF2 with HMAC-SHA-512/224 pseudorandom function

PKCS#5 PBKDF2 with HMAC-SHA-512/256 pseudorandom function

Return values

The function executed successfully

Cryptoki function aborts and returns CKR_FUNCTION_CANCELED, when CKR_CANCEL is returned by CKN_SURRENDER callback

The computer that the Cryptoki library is running on has insufficient memory to perform the requested function

The specified slot ID is not valid

Some horrible, unrecoverable error has occurred

The requested function could not be performed

Generic error code which indicates that the arguments supplied to the Cryptoki function were in some way not appropriate

Returned when C_GetSlotEvent is called in non-blocking mode and there are no new slot events to return

Returned by C_Initialize when application did not allow library to use the native operation system threading model for locking and the library cannot function properly without being able to spawn new threads

Returned by C_Initialize when the type of locking requested by the application for thread-safety is not available in this library

An attempt was made to set a value for an attribute which may not be set by the application, or which may not be modified by the application

An attempt was made to obtain the value of an attribute of an object which cannot be satisfied because the object is either sensitive or unextractable

An invalid attribute type was specified in a template

An invalid value was specified for a particular attribute in a template

The action may not be taken

The plaintext input data to a cryptographic operation is invalid

The plaintext input data to a cryptographic operation has a bad length

Some problem has occurred with the token and/or slot

The token does not have sufficient memory to perform the requested function

The token was removed from its slot during the execution of the function

The encrypted input to a decryption operation has been determined to be invalid ciphertext

The ciphertext input to a decryption operation has been determined to be invalid ciphertext solely on the basis of its length

The function was canceled in mid-execution

There is currently no function executing in parallel in the specified session

The requested function is not supported by this Cryptoki library

The specified key handle is not valid

Size of supplied key is outside the range of supported key sizes

The specified key is not the correct type of key to use with the specified mechanism

An extraneous key was supplied to C_SetOperationState

One of the keys supplied to C_SetOperationState is not the same key that was being used in the original saved session

Session state cannot be restored because C_SetOperationState needs to be supplied with one or more keys that were being used in the original saved session

Value of the specified key cannot be digested

An attempt has been made to use a key for a cryptographic purpose that the key's attributes are not set to allow it to do

Library is unable to wrap the key in the requested way

The specified private or secret key can't be wrapped

An invalid mechanism was specified to the cryptographic operation

Invalid parameters were supplied to the mechanism specified to the cryptographic operation

The specified object handle is not valid

There is already an active operation which prevents Cryptoki from activating the specified operation

There is no active operation of an appropriate type in the specified session

The specified PIN is incorrect

The specified PIN has invalid characters in it

The specified PIN is too long or too short

The specified PIN has expired

The specified PIN is locked and cannot be used

The session was closed during the execution of the function

Attempt to open a session failed because the token has too many sessions already open

The specified session handle was invalid at the time that the function was invoked

The specified token does not support parallel sessions

The specified session was unable to accomplish the desired action because it is a read-only session

Returned by C_InitToken when session with the token is open that prevents the token initialization

A read-only session already exists, and so the SO cannot be logged in

A read/write SO session already exists, and so a read-only session cannot be opened

The provided signature/MAC is invalid

The provided signature/MAC can be seen to be invalid solely on the basis of its length

The template specified for creating an object is incomplete, and lacks some necessary attributes

The template specified for creating an object has conflicting attributes

The token was not present in its slot at the time that the function was invoked

The Cryptoki library and/or slot does not recognize the token in the slot

The requested action could not be performed because the token is write-protected

Key handle specified to be used to unwrap another key is not valid

Unwrapping opration cannot be carried out because the supplied key's size is outside the range of supported key sizes

Type of the key specified to unwrap another key is not consistent with the mechanism specified for unwrapping

User cannot be logged into the session because it is already logged into the session

The desired action cannot be performed because the appropriate user is not logged in

Normal user's PIN has not yet been initialized

Invalid user type specified

User cannot be logged into the session because another user is already logged into the session

An attempt was made to have more distinct users simultaneously logged into the token than the token and/or library permits

Provided wrapped key is not valid

Provided wrapped key can be seen to be invalid solely on the basis of its length

Key handle specified to be used to wrap another key is not valid

Wrapping operation cannot be carried out because the supplied wrapping key's size is outside the range of supported key sizes

Type of the key specified to wrap another key is not consistent with the mechanism specified for wrapping

Token's random number generator does not accept seeding from an application

Token doesn't have a random number generator

Invalid or unsupported domain parameters were supplied to the function

Curve is not supported by the token

The output of the function is too large to fit in the supplied buffer

Supplied saved cryptographic operations state is invalid, and so it cannot be restored to the specified session

The information requested could not be obtained because the token considers it sensitive, and is not able or willing to reveal it

The cryptographic operations state of the specified session cannot be saved

Function cannot be executed because the Cryptoki library has not yet been initialized

Cryptoki library has already been initialized

Returned by mutex-handling functions who are passed a bad mutex object as an argument

Mutex supplied to the mutex-unlocking function was not locked

The supplied OTP was not accepted and the library requests a new OTP computed using a new PIN

The supplied OTP was correct but indicated a larger than normal drift in the token's internal state. Application should provide the next one-time password to the library for verification.

An iterative algorithm failed because the maximum number of iterations has been exceeded

A FIPS 140-2 power-up self-test or conditional self-test failed

The Cryptoki library could not load a dependent shared library

The specified PIN is too weak so that it could be easy to guess

The public key fails a public key validation

The signature request is rejected by the user

Permanently reserved for token vendors

Session States

The application has opened a read-only session. The application has read-only access to public token objects and read/write access to public session objects.

The normal user has been authenticated to the token. The application has read-only access to all token objects (public or private) and read/write access to all session objects (public or private).

The application has opened a read/write session. The application has read/write access to all public objects.

The normal user has been authenticated to the token. The application has read/write access to all objects.

The Security Officer has been authenticated to the token. The application has read/write access only to public objects on the token, not to private objects. The SO can set the normal user's PIN.

Types of Cryptoki users

Security Officer

Normal user

Context specific

Salt/Encoding parameter sources

PKCS #1 RSA OAEP: Encoding parameter specified

PKCS #5 PBKDF2 Key Generation: Salt specified

Utility class that helps with data type conversions.

Converts uint to byte array

Uint that should be converted Byte array with uint value

Converts byte array to uint

Byte array that should be converted Uint with value from byte array

Converts ulong to byte array

Uint that should be converted Byte array with ulong value

Converts byte array to ulong

Byte array that should be converted Uint with value from byte array

Converts bool to byte array

Bool that should be converted Byte array with bool value

Converts byte array to bool

Byte array that should be converted Bool with value from byte array

Converts UTF-8 string to byte array (not null terminated)

String that should be converted Byte array with string value

Converts UTF-8 string to byte array padded or trimmed to specified length

String that should be converted Expected length of byte array Padding byte that will be used for padding to expected length Byte array with string value padded or trimmed to specified length

Converts byte array (not null terminated) to UTF-8 string

Byte array that should be converted String with value from byte array

Converts byte array to UTF-8 string (not null terminated)

Byte array that should be converted Flag indicating whether white space characters should be removed from the end of resulting string String with value from byte array

Converts specified range of byte array to UTF-8 string (not null terminated)

Byte array that should be processed Starting index of bytes to decode Number of bytes to decode String with value from byte array

Converts string with UTC time to DateTime

UTC time that should be converted (formatted as string of length 16 represented in the format YYYYMMDDhhmmssxx). DateTime if successful, null otherwise.

Converts byte array to hex encoded string

Byte array that should be converted String with hex encoded value from byte array

Converts hex encoded string to byte array

String that should be converted Byte array decoded from string

Converts byte array to Base64 encoded string

Byte array that should be converted String with Base64 encoded value from byte array

Converts Base64 encoded string to byte array

String that should be converted Byte array decoded from string

Exception indicating that Silverlight version of Pkcs11Interop is missing elevated trust

Initializes new instance of ElevatedPermissionsMissingException class

Message that describes the error

Initializes new instance of ElevatedPermissionsMissingException class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Interface for mechanism parameters

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Source of PKCS#11 function pointers

Recommended option: PKCS#11 function pointers will be acquired with single call of C_GetFunctionList function

PKCS#11 function pointers will be acquired with multiple calls of GetProcAddress or dlsym function

Exception indicating an attempt to load unmanaged PKCS#11 library designated for a different architecture

Initializes new instance of LibraryArchitectureException class

Initializes a new instance of LibraryArchitectureException class with a specified error message and a reference to the inner exception that is the cause of this exception

The exception that is the cause of the current exception

Initializes new instance of LibraryArchitectureException class

Message that describes the error

Initializes a new instance of LibraryArchitectureException class with a specified error message and a reference to the inner exception that is the cause of this exception

The message that describes the error The exception that is the cause of the current exception

Initializes new instance of LibraryArchitectureException class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Imported native methods

Error indicating an attempt to load unmanaged library designated for a different architecture

Loads the specified module into the address space of the calling process.

The name of the module. If the function succeeds, the return value is a handle to the module. If the function fails, the return value is NULL.

Frees the loaded dynamic-link library (DLL) module and, if necessary, decrements its reference count.

A handle to the loaded library module. If the function succeeds, the return value is nonzero. If the function fails, the return value is zero.

Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).

A handle to the DLL module that contains the function or variable. The function or variable name, or the function's ordinal value. If the function succeeds, the return value is the address of the exported function or variable. If the function fails, the return value is NULL.

Immediately resolve all symbols

Resolved symbols are not available for subsequently loaded libraries

Immediately resolve all symbols

Resolved symbols are not available for subsequently loaded libraries

Human readable string describing the most recent error that occurred from dlopen(), dlsym() or dlclose() since the last call to dlerror().

Human readable string describing the most recent error or NULL if no errors have occurred since initialization or since it was last called.

Loads the dynamic library

Library filename. RTLD_LAZY for lazy function call binding or RTLD_NOW immediate function call binding. Handle for the dynamic library if successful, IntPtr.Zero otherwise.

Checks if the library (mach-o file) is compatible with the current process

Library path. True if library is compatible. If library is not compatible, it returns false and sets an error string that can be examined with dlerror.

Decrements the reference count on the dynamic library handle. If the reference count drops to zero and no other loaded libraries use symbols in it, then the dynamic library is unloaded.

Handle for the dynamic library. Returns 0 on success, and nonzero on error.

Returns the address where the symbol is loaded into memory.

Handle for the dynamic library. Name of symbol that should be addressed. Returns 0 on success, and nonzero on error.

Exception with the name of PKCS#11 method that failed and its return value

Name of method that caused exception

Return value of method that caused exception

Initializes new instance of Pkcs11Exception class

Name of method that caused exception Return value of method that caused exception

Initializes new instance of Pkcs11Exception class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Populates a SerializationInfo with the data needed to serialize the target object

SerializationInfo to populate with data The destination for this serialization

PKCS#11 URI parser

Intializes new instance of Pkcs11Uri class that parses provided PKCS#11 URI and checks max lengths of path attribute values

PKCS#11 URI to be parsed

Intializes new instance of Pkcs11Uri class that parses provided PKCS#11 URI

PKCS#11 URI to be parsed Flag indicating whether max lengths of path attribute values should be checked

Flag indicating whether max lengths of path attribute values were checked

Flag indicating whether PKCS#11 URI path attributes define specific PKCS#11 library

Flag indicating whether PKCS#11 URI path attributes define specific slot

Flag indicating whether PKCS#11 URI path attributes define specific token

Flag indicating whether PKCS#11 URI path attributes define specific object

Value of path attribute "token" that corresponds to the "label" member of the CK_TOKEN_INFO structure

Value of path attribute "manufacturer" that corresponds to the "manufacturerID" member of CK_TOKEN_INFO structure

Value of path attribute "serial" that corresponds to the "serialNumber" member of CK_TOKEN_INFO structure

Value of path attribute "model" that corresponds to the "model" member of CK_TOKEN_INFO structure

Value of path attribute "library-manufacturer" that corresponds to the "manufacturerID" member of CK_INFO structure

Value of path attribute "library-description" that corresponds to the "libraryDescription" member of CK_INFO structure

Value of path attribute "library-version" that corresponds to the "libraryVersion" member of CK_INFO structure

Value of path attribute "object" that corresponds to the "CKA_LABEL" object attribute

Value of path attribute "type" that corresponds to the "CKA_CLASS" object attribute

Value of path attribute "id" that corresponds to the "CKA_ID" object attribute

Value of path attribute "slot-manufacturer" that corresponds to the "manufacturerID" member of CK_SLOT_INFO structure

Value of path attribute "slot-description" that corresponds to the "slotDescription" member of CK_SLOT_INFO structure

Value of path attribute "slot-id" that corresponds to the decimal number of "CK_SLOT_ID" type

Collection of unknown vendor specific path attributes

Value of query attribute "pin-source" that specifies where token PIN can be obtained

Value of query attribute "pin-value" that contains token PIN

Value of query attribute "module-name" that specifies name of the PKCS#11 library

Value of query attribute "module-path" that specifies path to the PKCS#11 library

Collection of unknown vendor specific query attributes

Extracts PKCS#11 URI from text and removes all whitespaces

Text that contains PKCS#11 URI PKCS#11 URI without whitespaces

Parses PKCS#11 URI

PKCS#11 URI that should be parsed

Parses path attribute

Path attribute that should be parsed

Parses query attribute

Query attribute that should be parsed

Checks whether Pk11String contains invalid characters and optionaly decodes percent encoded characters

Name of attribute whose value is being decoded Pk11String that should be decoded Characters allowed to be present unencoded in Pk11String Flag indicating whether percent encoded characters should be decoded Decoded Pk11String

Checks whether character is hex digit

Character that should be checked True if character is hex digit false otherwise

PKCS#11 URI builder Implementation note: As recommended by PKCS#11 URI specification Pkcs11UriBuilder class percent-encodes the whole value of the "id" attribute which is supposed to be handled as arbitrary binary data. Therefore it is not possible to construct URIs with arbitrary string value of the "id" attribute. Implementation note: Validation of each individual attribute value is performed by the setter of corresponding Pkcs11UriBuilder class property with the exception to UnknownPathAttributes and UnknownQueryAttributes properties whose values are validated when ToString() or ToPkcs11Uri() method is called.

Intializes new instance of Pkcs11UriBuilder class that checks max lengths of path attribute values

Intializes new instance of Pkcs11UriBuilder class

Flag indicating whether max lengths of path attribute values should be checked

Intializes new instance of Pkcs11UriBuilder class with specified PKCS#11 URI whose ChecksLengths property specifies whether max lengths of path attribute values should be checked

PKCS#11 URI with default values

Intializes new instance of Pkcs11UriBuilder class with specified PKCS#11 URI

PKCS#11 URI with default values Flag indicating whether max lengths of path attribute values should be checked

Sets properties of Pkcs11UriBuilder class with default values specified by PKCS#11 URI

PKCS#11 URI with default values Flag indicating whether max lengths of path attribute values should be checked

Flag indicating whether max lengths of path attribute values are checked

Value of path attribute "token" encoded for PKCS#11 URI

Value of path attribute "token" that corresponds to the "label" member of the CK_TOKEN_INFO structure

Value of path attribute "manufacturer" encoded for PKCS#11 URI

Value of path attribute "manufacturer" that corresponds to the "manufacturerID" member of CK_TOKEN_INFO structure

Value of path attribute "serial" encoded for PKCS#11 URI

Value of path attribute "serial" that corresponds to the "serialNumber" member of CK_TOKEN_INFO structure

Value of path attribute "model" encoded for PKCS#11 URI

Value of path attribute "model" that corresponds to the "model" member of CK_TOKEN_INFO structure

Value of path attribute "library-manufacturer" encoded for PKCS#11 URI

Value of path attribute "library-manufacturer" that corresponds to the "manufacturerID" member of CK_INFO structure

Value of path attribute "library-description" encoded for PKCS#11 URI

Value of path attribute "library-description" that corresponds to the "libraryDescription" member of CK_INFO structure

Value of path attribute "library-version" encoded for PKCS#11 URI

Value of path attribute "library-version" that corresponds to the "libraryVersion" member of CK_INFO structure

Value of path attribute "object" encoded for PKCS#11 URI

Value of path attribute "object" that corresponds to the "CKA_LABEL" object attribute

Value of path attribute "type" encoded for PKCS#11 URI

Value of path attribute "type" that corresponds to the "CKA_CLASS" object attribute

Value of path attribute "id" encoded for PKCS#11 URI

Value of path attribute "id" that corresponds to the "CKA_ID" object attribute

Value of path attribute "slot-manufacturer" encoded for PKCS#11 URI

Value of path attribute "slot-manufacturer" that corresponds to the "manufacturerID" member of CK_SLOT_INFO structure

Value of path attribute "slot-description" encoded for PKCS#11 URI

Value of path attribute "slot-description" that corresponds to the "slotDescription" member of CK_SLOT_INFO structure

Value of path attribute "slot-id" encoded for PKCS#11 URI

Value of path attribute "slot-id" that corresponds to the decimal number of "CK_SLOT_ID" type

Collection of unknown vendor specific path attributes that is validated when ToString() or ToPkcs11Uri() method is called

Encodes collection of unknown vendor specific path attributes for PKCS#11 URI

List of unknown vendor specific path attributes encoded for PKCS#11 URI

Value of query attribute "pin-source" encoded for PKCS#11 URI

Value of query attribute "pin-source" that specifies where token PIN can be obtained

Value of query attribute "pin-value" encoded for PKCS#11 URI

Value of query attribute "pin-value" that contains token PIN

Value of query attribute "module-name" encoded for PKCS#11 URI

Value of query attribute "module-name" that specifies name of the PKCS#11 library

Value of query attribute "module-path" encoded for PKCS#11 URI

Value of query attribute "module-path" that specifies path to the PKCS#11 library

Collection of unknown vendor specific query attributes that is validated when ToString() or ToPkcs11Uri() method is called

Encodes collection of unknown vendor specific query attributes for PKCS#11 URI

List of unknown vendor specific query attributes encoded for PKCS#11 URI

Generates PKCS#11 URI representing contents of Pkcs11UriBuilder instance

PKCS#11 URI representing contents of Pkcs11UriBuilder instance

Converts Pkcs11UriBuilder instance to Pkcs11Uri instance

Pkcs11Uri instance representing contents of Pkcs11UriBuilder instance

Percent encodes provided byte array

Byte array that should be encoded Percent encoded byte array

Percent encodes provided character

Character that should be encoded Percent encoded character

Checks whether Pk11String contains invalid characters and optionaly percent encodes invalid characters

Name of attribute whose value is being encoded Pk11String that should be encoded Characters allowed to be present unencoded in Pk11String Flag indicating whether invalid characters should be percent encoded Encoded Pk11String

Exception that indicates error in PKCS#11 URI parsing or building process

Initializes a new instance of Pkcs11UriException class with a specified error message

The message that describes the error

Initializes a new instance of Pkcs11UriException class with a specified error message and a reference to the inner exception that is the cause of this exception

The message that describes the error The exception that is the cause of the current exception

Initializes new instance of Pkcs11UriException class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Utility class connecting PKCS#11 URI and Pkcs11Interop types

Checks whether PKCS#11 library information matches PKCS#11 URI

PKCS#11 URI PKCS#11 library manufacturer PKCS#11 library description PKCS#11 library version True if PKCS#11 library information matches PKCS#11 URI

Checks whether slot information matches PKCS#11 URI

PKCS#11 URI Slot manufacturer Slot description Slot identifier True if slot information matches PKCS#11 URI

Checks whether token information matches PKCS#11 URI

PKCS#11 URI Token label Token manufacturer Token serial number Token model True if token information matches PKCS#11 URI

Checks whether object attributes match PKCS#11 URI

PKCS#11 URI Value of CKA_CLASS object attribute Value of CKA_LABEL object attribute Value of CKA_ID object attribute True if object attributes match PKCS#11 URI

Checks whether string matches the value of string attribute

Value of string attribute present (or not) in PKCS#11 URI String that should be compared with the value of string attribute True if string matches the value of string attribute

Checks whether type matches the value of "type" path attribute

Value of "type" path attribute present (or not) in PKCS#11 URI Type that should be compared with the value of "type" path attribute True if type matches the value of "type" path attribute

Checks whether byte array matches the value of "id" path attribute

Value of "id" path attribute present (or not) in PKCS#11 URI Byte array that should be compared with the value of "id" path attribute True if byte array matches the value of "id" path attribute

Checks whether id matches the value of "slot-id" path attribute

Value of "slot-id" path attribute present (or not) in PKCS#11 URI Id that should be compared with the value of "slot-id" path attribute True if id matches the value of "slot-id" path attribute

Definitions from the PKCS#11 URI scheme specification

Characters allowed in value of path attribute

Characters allowed in name of vendor specific attribute

Characters allowed in value of query attribute

PKCS#11 URI scheme name

Character that always follows after PKCS#11 URI scheme name

Character that separates path attributes

Character that separates name and value of path attribute

Character that separates path and query parts

Character that separates query attributes

Character that separates name and value of query attribute

Name of "token" path attribute

Max length of "token" path attribute in bytes

Name of "manufacturer" path attribute

Max length of "manufacturer" path attribute in bytes

Name of "serial" path attribute

Max length of "serial" path attribute in bytes

Name of "model" path attribute

Max length of "model" path attribute in bytes

Name of "library-manufacturer" path attribute

Max length of "library-manufacturer" path attribute in bytes

Name of "library-description" path attribute

Max length of "library-description" path attribute in bytes

Name of "library-version" path attribute

Name of "object" path attribute

Name of "type" path attribute

Value of "type" path attribute for public key

Value of "type" path attribute for private key

Value of "type" path attribute for certificate

Value of "type" path attribute for secret key

Value of "type" path attribute for data object

Name of "id" path attribute

Name of "slot-manufacturer" path attribute

Max length of "slot-manufacturer" path attribute in bytes

Name of "slot-description" path attribute

Max length of "slot-description" path attribute in bytes

Name of "slot-id" path attribute

Name of "pin-source" query attribute

Name of "pin-value" query attribute

Name of "module-name" query attribute

Name of "module-path" query attribute

Utility class for runtime platform detection

True if 64-bit runtime is used

True if 32-bit runtime is used

True if runtime platform is Windows

True if runtime platform is Linux

True if runtime platform is Mac OS X

Size of unmanaged long type

Size of unmanaged long type. This property is used by HighLevelAPI to choose correct set of LowLevelAPIs. Value of this property can be changed if needed.

Controls the alignment of unmanaged struct fields

Controls the alignment of unmanaged struct fields. This property is used by HighLevelAPI to choose correct set of LowLevelAPIs. Value of this property can be changed if needed.

Performs platform detection

Type of session

Read-only session

Read-write session

Type of slots to be obtained by PKCS#11 library

Only slots with a token present

All slots regardless of token presence

Exception indicating that unmanaged function has returned error

Error code returned by the last unmanaged function

Initializes new instance of UnmanagedException class

Message that describes the error

Initializes new instance of UnmanagedException class

Message that describes the error Error code returned by the last unmanaged function

Initializes new instance of UnmanagedException class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Populates a SerializationInfo with the data needed to serialize the target object

SerializationInfo to populate with data The destination for this serialization

Utility class that helps to manage unmanaged dynamic libraries

Loads the dynamic library

Library filename Dynamic library handle

Unloads the dynamic library

Dynamic library handle

Returns function pointer

Dynamic library handle Function name The function pointer

Converts function pointer to a delegate

Type of delegate Function pointer Delegate

Utility class that helps to manage unmanaged memory

Allocates unmanaged zero-filled memory

Number of bytes required Pointer to newly allocated unmanaged zero-filled memory

Frees previously allocated unmanaged memory

Pointer to the previously allocated unmanaged memory

Returns the unmanaged size of the structure in bytes

Type of structure whose size should be determined Unmanaged size of the structure in bytes

Copies content of byte array to unmanaged memory

Previously allocated unmanaged memory to copy to Byte array to copy from

Copies content of structure to unmanaged memory

Previously allocated unmanaged memory to copy to Structure to copy from

Creates copy of unmanaged memory contet

Memory that should be copied Number of bytes that should be copied Copy of unmanaged memory contet

Copies content of unmanaged memory to the newly allocated managed structure

Memory that should be copied Type of structure that should be created Structure of requested type

Copies content of unmanaged memory to the existing managed structure

Memory that should be copied Object to which data should be copied

Exception indicating that Pkcs11Interop is being used on an unsupported platform

Initializes new instance of UnsupportedPlatformException class

Message that describes the error

Initializes new instance of UnsupportedPlatformException class with serialized data

SerializationInfo that holds the serialized object data about the exception being thrown StreamingContext that contains contextual information about the source or destination

Type of waiting for a slot event

Method should block until an event occurs

Method should not block until an event occurs

General information about PKCS#11 library (CK_INFO)

Cryptoki interface version number

ID of the Cryptoki library manufacturer

Bit flags reserved for future versions

Description of the library

Cryptoki library version number

Converts low level CK_INFO structure to high level LibraryInfo class

Low level CK_INFO structure

Mechanism and its parameters (CK_MECHANISM alternative)

Flag indicating whether instance has been disposed

Low level mechanism structure

The type of mechanism

High level object with mechanism parameters

Creates mechanism of given type with no parameter

Mechanism type

Creates mechanism of given type with no parameter

Mechanism type

Creates mechanism of given type with byte array parameter

Mechanism type Mechanism parameter

Creates mechanism of given type with byte array parameter

Mechanism type Mechanism parameter

Creates mechanism of given type with object parameter

Mechanism type Mechanism parameter

Creates mechanism of given type with object parameter

Mechanism type Mechanism parameter

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Flags specifying mechanism capabilities

Bits flags specifying mechanism capabilities

True if the mechanism is performed by the device; false if the mechanism is performed in software

True if the mechanism can be used with C_EncryptInit

True if the mechanism can be used with C_DecryptInit

True if the mechanism can be used with C_DigestInit

True if the mechanism can be used with C_SignInit

True if the mechanism can be used with C_SignRecoverInit

True if the mechanism can be used with C_VerifyInit

True if the mechanism can be used with C_VerifyRecoverInit

True if the mechanism can be used with C_GenerateKey

True if the mechanism can be used with C_GenerateKeyPair

True if the mechanism can be used with C_WrapKey

True if the mechanism can be used with C_UnwrapKey

True if the mechanism can be used with C_DeriveKey

True if there is an extension to the flags; false if no extensions.

True if the mechanism can be used with EC domain parameters over Fp

True if the mechanism can be used with EC domain parameters over F2m

True if the mechanism can be used with EC domain parameters of the choice ecParameters

True if the mechanism can be used with EC domain parameters of the choice namedCurve

True if the mechanism can be used with elliptic curve point uncompressed

True if the mechanism can be used with elliptic curve point compressed

Initializes new instance of MechanismFlags class

Bits flags specifying mechanism capabilities

Provides information about a particular mechanism

Mechanism

The minimum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent)

The maximum size of the key for the mechanism (whether this is measured in bits or in bytes is mechanism-dependent)

Flags specifying mechanism capabilities

Converts low level CK_MECHANISM_INFO structure to high level MechanismInfo class

Mechanism Low level CK_MECHANISM_INFO structure

Parameters for the CKM_AES_CBC_ENCRYPT_DATA mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkAesCbcEncryptDataParams class.

IV value (16 bytes) Data value part that must be a multiple of 16 bytes long

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_AES_CTR mechanism

Low level mechanism parameters

Initializes a new instance of the CkAesCtrParams class.

The number of bits in the counter block (cb) that shall be incremented Specifies the counter block (16 bytes)

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_ARIA_CBC_ENCRYPT_DATA mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkAriaCbcEncryptDataParams class.

IV value (16 bytes) Data to encrypt

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_CAMELLIA_CBC_ENCRYPT_DATA mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkCamelliaCbcEncryptDataParams class.

IV value (16 bytes) Data to encrypt

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_CAMELLIA_CTR mechanism

Low level mechanism parameters

Initializes a new instance of the CkCamelliaCtrParams class.

The number of bits in the counter block (cb) that shall be incremented Specifies the counter block (16 bytes)

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_AES_CCM mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkCcmParams class.

Length of the data Nonce Additional authentication data Length of the MAC (output following cipher text) in bytes

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_CMS_SIG mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkCmsSigParams class.

Object handle for a certificate associated with the signing key Mechanism to use when signing a constructed CMS SignedAttributes value Mechanism to use when digesting the data String indicating complete MIME Content-type of message to be signed or null if the message is a MIME object DER-encoded list of CMS Attributes the caller requests to be included in the signed attributes DER-encoded list of CMS Attributes (with accompanying values) required to be included in the resulting signed attributes

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_DES_CBC_ENCRYPT_DATA and CKM_DES3_CBC_ENCRYPT_DATA mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkDesCbcEncryptDataParams class.

IV value (8 bytes) Data to encrypt

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_DSA_PROBABLISTIC_PARAMETER_GEN, CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN a CKM_DSA_FIPS_G_GEN mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Seed value used to generate PQ and G

Initializes a new instance of the CkDsaParameterGenParam class

Mechanism value for the base hash used in PQG generation (CKM) Seed value used to generate PQ and G Index value for generating G

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkEcdh1DeriveParams class.

Key derivation function used on the shared secret value (CKD) Some data shared between the two parties Other party's EC public key value

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_ECMQV_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkEcdh2DeriveParams class.

Key derivation function used on the shared secret value (CKD) Some data shared between the two parties Other party's first EC public key value The length in bytes of the second EC private key Key handle for second EC private key value Other party's second EC public key value

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_ECDH_AES_KEY_WRAP mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkEcdhAesKeyWrapParams class.

Length of the temporary AES key in bits Key derivation function used on the shared secret value to generate AES key (CKD) Data shared between the two parties

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_ECMQV_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkEcmqvDeriveParams class.

> Key derivation function used on the shared secret value (CKD) Some data shared between the two parties Other party's first EC public key value The length in bytes of the second EC private key Key handle for second EC private key value Other party's second EC public key value Handle to the first party's ephemeral public key

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_EXTRACT_KEY_FROM_KEY mechanism

Low level mechanism parameters

Initializes a new instance of the CkExtractParams class.

Specifies which bit of the base key should be used as the first bit of the derived key

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_AES_GCM mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkGcmParams class.

Initialization vector Member is defined in PKCS#11 v2.40e1 headers but the description is not present in the specification Additional authentication data Length of authentication tag (output following cipher text) in bits

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_GOSTR3410_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkGostR3410DeriveParams class.

Additional key diversification algorithm (CKD) Data with public key of a receiver UKM data

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_GOSTR3410_KEY_WRAP mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkGostR3410KeyWrapParams class.

Data with DER-encoding of the object identifier indicating the data object type of GOST 28147-89 Data with UKM Key handle of a sender for wrapping operation or key handle of a receiver for unwrapping operation

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_KEA_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkKeaDeriveParams class.

Option for generating the key (called a TEK). True if the sender (originator) generates the TEK, false if the recipient is regenerating the TEK. Ra data Rb data Other party's KEA public key value

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_CONCATENATE_BASE_AND_DATA, CKM_CONCATENATE_DATA_AND_BASE and CKM_XOR_BASE_AND_DATA mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkKeyDerivationStringData class.

Byte string used as the input for derivation mechanism

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_KEY_WRAP_SET_OAEP mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkKeyWrapSetOaepParams class.

Block contents byte Concatenation of hash of plaintext data (if present) and extra data (if present)

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_KIP_DERIVE, CKM_KIP_WRAP and CKM_KIP_MAC mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkKipParams class.

Underlying cryptographic mechanism (CKM) Handle to a key that will contribute to the entropy of the derived key (CKM_KIP_DERIVE) or will be used in the MAC operation (CKM_KIP_MAC) Input seed

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the general-length MACing mechanisms (DES, DES3, CAST, CAST3, CAST128 (CAST5), IDEA, CDMF and AES), the general length HMACing mechanisms (MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-128 and RIPEMD-160) and the two SSL 3.0 MACing mechanisms (MD5 and SHA-1)

Low level mechanism parameters

Initializes a new instance of the CkMacGeneralParams class.

Length of the MAC produced, in bytes

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Type, value and length of an OTP parameter

Flag indicating whether instance has been disposed

Low level mechanism parameters

Parameter type

Value of the parameter

Initializes a new instance of the CkOtpParam class.

Parameter type Value of the parameter

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for OTP mechanisms in a generic fashion

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkOtpParams class.

List of OTP parameters

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters returned by all OTP mechanisms in successful calls to Sign method

Flag indicating whether instance has been disposed

Low level mechanism parameters

Flag indicating whether high level list of OTP parameters left this instance

List of OTP parameters

Initializes a new instance of the CkOtpSignatureInfo class.

Signature value returned by all OTP mechanisms in successful calls to Sign method

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_PBE mechanisms and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkPbeParams class.

8-byte initialization vector (IV), if an IV is required Password to be used in the PBE key generation Salt to be used in the PBE key generation Number of iterations required for the generation

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_PKCS5_PBKD2 mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkPkcs5Pbkd2Params class.

Source of the salt value (CKZ) Data used as the input for the salt source Number of iterations to perform when generating each block of random data Pseudo-random function to used to generate the key (CKP) Data used as the input for PRF in addition to the salt value Password to be used in the PBE key generation

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_PKCS5_PBKD2 mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkPkcs5Pbkd2Params2 class.

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_RC2_CBC and CKM_RC2_CBC_PAD mechanisms

Low level mechanism parameters

Initializes a new instance of the CkRc2CbcParams class.

The effective number of bits in the RC2 search space The initialization vector (IV) for cipher block chaining mode

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_RC2_MAC_GENERAL mechanism

Low level mechanism parameters

Initializes a new instance of the CkRc2MacGeneralParams class.

The effective number of bits in the RC2 search space Length of the MAC produced, in bytes

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_RC2_ECB and CKM_RC2_MAC mechanisms

Low level mechanism parameters

Initializes a new instance of the CkRc2Params class.

Effective number of bits in the RC2 search space

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_RC5_CBC and CKM_RC5_CBC_PAD mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkRc5CbcParams class.

Wordsize of RC5 cipher in bytes Number of rounds of RC5 encipherment Initialization vector (IV) for CBC encryption

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_RC5_MAC_GENERAL mechanism

Low level mechanism parameters

Initializes a new instance of the CkRc5MacGeneralParams class.

Wordsize of RC5 cipher in bytes Number of rounds of RC5 encipherment Length of the MAC produced, in bytes

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_RC5_ECB and CKM_RC5_MAC mechanisms

Low level mechanism parameters

Initializes a new instance of the CkRc5Params class.

Wordsize of RC5 cipher in bytes Number of rounds of RC5 encipherment

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_RSA_AES_KEY_WRAP mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Parameters of the temporary AES key wrapping

Initializes a new instance of the CkAesCbcEncryptDataParams class.

Length of the temporary AES key in bits Parameters of the temporary AES key wrapping

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_RSA_PKCS_OAEP mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkRsaPkcsOaepParams class.

Mechanism ID of the message digest algorithm used to calculate the digest of the encoding parameter (CKM) Mask generation function to use on the encoded block (CKG) Source of the encoding parameter (CKZ) Data used as the input for the encoding parameter source

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_RSA_PKCS_PSS mechanism

Low level mechanism parameters

Initializes a new instance of the CkRsaPkcsPssParams class.

Hash algorithm used in the PSS encoding (CKM) Mask generation function to use on the encoded block (CKG) Length, in bytes, of the salt value used in the PSS encoding

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_SEED_CBC_ENCRYPT_DATA mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkSeedCbcEncryptDataParams class.

IV value (16 bytes) Data value part that must be a multiple of 16 bytes long

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_SKIPJACK_PRIVATE_WRAP mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkSkipjackPrivateWrapParams class.

User-supplied password Other party's key exchange public key value Ra data Prime, p, value Base, g, value Subprime, q, value

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_SKIPJACK_RELAYX mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkSkipjackRelayxParams class.

Old wrapper key Old user-supplied password Old key exchange public key value Old Ra data New user-supplied password New key exchange public key value New Ra data

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Resulting key handles and initialization vectors after performing a DeriveKey method with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level structure

Key handle for the resulting Client MAC Secret key

Key handle for the resulting Server MAC Secret key

Key handle for the resulting Client Secret key

Key handle for the resulting Server Secret key

Initialization vector (IV) created for the client

Initialization vector (IV) created for the server

The length of initialization vectors

Initializes a new instance of the CkSsl3KeyMatOut class.

Length of initialization vectors or 0 if IVs are not required

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Flag indicating whether object with returned key material has left this instance

Resulting key handles and initialization vectors after performing a DeriveKey method

Client's and server's random data information

Initializes a new instance of the CkSsl3KeyMatParams class.

The length (in bits) of the MACing keys agreed upon during the protocol handshake phase The length (in bits) of the secret keys agreed upon during the protocol handshake phase The length (in bits) of the IV agreed upon during the protocol handshake phase or if no IV is required, the length should be set to 0 Flag indicating whether the keys have to be derived for an export version of the protocol Client's and server's random data information

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_SSL3_MASTER_KEY_DERIVE and CKM_SSL3_MASTER_KEY_DERIVE_DH mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

SSL protocol version information

Client's and server's random data information

Initializes a new instance of the CkSsl3MasterKeyDeriveParams class.

Client's and server's random data information Set to false for CKM_SSL3_MASTER_KEY_DERIVE mechanism and to true for CKM_SSL3_MASTER_KEY_DERIVE_DH mechanism

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Information about the random data of a client and a server in an SSL context

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkSsl3RandomData class.

Client's random data Server's random data

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_TLS12_KEY_AND_MAC_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Flag indicating whether object with returned key material has left this instance

Resulting key handles and initialization vectors

Client's and server's random data information

Initializes a new instance of the CkTls12KeyMatParams class.

The length (in bits) of the MACing keys agreed upon during the protocol handshake phase The length (in bits) of the secret keys agreed upon during the protocol handshake phase The length (in bits) of the IV agreed upon during the protocol handshake phase Flag which must be set to false because export cipher suites must not be used in TLS 1.1 and later Client's and server's random data information Base hash used in the underlying TLS1.2 PRF operation used to derive the master key (CKM)

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_TLS12_MASTER_KEY_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

SSL protocol version information

Client's and server's random data information

Initializes a new instance of the CkTls12MasterKeyDeriveParams class.

Client's and server's random data information Base hash used in the underlying TLS 1.2 PRF operation used to derive the master key (CKM)

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_TLS_KDF mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Client's and server's random data information

Initializes a new instance of the CkTlsKdfParams class.

Hash mechanism used in the TLS 1.2 PRF construct or CKM_TLS_PRF to use with the TLS 1.0 and 1.1 PRF construct (CKM) Label for this key derivation Random data for the key derivation Context data for this key derivation

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_TLS_MAC mechanism

Low level mechanism parameters

Initializes a new instance of the CkTlsMacParams class.

Hash mechanism used in the TLS12 PRF construct or CKM_TLS_PRF to use with the TLS 1.0 and 1.1 PRF construct (CKM) Length of the MAC tag required or offered Should be set to "1" for "server finished" label or to "2" for "client finished" label

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Parameters for the CKM_TLS_PRF mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Output of the operation

Initializes a new instance of the CkTlsPrfParams class.

Input seed Identifying label Length in bytes that the output to be created shall have

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_SSL3_PRE_MASTER_KEY_GEN mechanism

Low level mechanism parameters

Major version number (the integer portion of the version)

Minor version number (the hundredths portion of the version)

Initializes a new instance of the CkVersion class.

Major version number (the integer portion of the version) Minor version number (the hundredths portion of the version)

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Returns a string that represents the current CkVersion object.

String that represents the current CkVersion object.

Resulting key handles and initialization vectors after performing a DeriveKey method with the CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism

Flag indicating whether instance has been disposed

Low level structure

Key handle for the resulting MAC secret key

Key handle for the resulting Secret key

Initialization vector (IV)

The length of initialization vector

Initializes a new instance of the CkWtlsKeyMatOut class.

Length of initialization vector or 0 if IV is not required

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Flag indicating whether object with returned key material has left this instance

Resulting key handles and initialization vector after performing a DeriveKey method

Client's and server's random data information

Initializes a new instance of the CkWtlsKeyMatParams class.

The digest mechanism to be used (CKM) The length (in bits) of the MACing key agreed upon during the protocol handshake phase The length (in bits) of the secret key agreed upon during the handshake phase The length (in bits) of the IV agreed upon during the handshake phase or if no IV is required, the length should be set to 0 The current sequence number used for records sent by the client and server respectively Flag indicating whether the keys have to be derived for an export version of the protocol Client's and server's random data information

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_WTLS_MASTER_KEY_DERIVE and CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

WTLS protocol version information

Client's and server's random data information

Initializes a new instance of the CkWtlsMasterKeyDeriveParams class.

Digest mechanism to be used (CKM) Client's and server's random data information Set to false for CKM_WTLS_MASTER_KEY_DERIVE mechanism and to true for CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC mechanism

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_WTLS_PRF mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Output of the operation

Initializes a new instance of the CkWtlsPrfParams class.

Digest mechanism to be used (CKM) Input seed Identifying label Length in bytes that the output to be created shall have

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Information about the random data of a client and a server in a WTLS context

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkWtlsRandomData class.

Client's random data Server's random data

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_X9_42_DH_DERIVE key derivation mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkX942Dh1DeriveParams class.

Key derivation function used on the shared secret value (CKD) Some data shared between the two parties Other party's X9.42 Diffie-Hellman public key value

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkX942Dh2DeriveParams class.

Key derivation function used on the shared secret value (CKD) Some data shared between the two parties Other party's first X9.42 Diffie-Hellman public key value The length in bytes of the second X9.42 Diffie-Hellman private key Key handle for second X9.42 Diffie-Hellman private key value Other party's second X9.42 Diffie-Hellman public key value

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Parameters for the CKM_X9_42_MQV_DERIVE key derivation mechanism

Flag indicating whether instance has been disposed

Low level mechanism parameters

Initializes a new instance of the CkX942MqvDeriveParams class.

> Key derivation function used on the shared secret value (CKD) Some data shared between the two parties Other party's first X9.42 Diffie-Hellman public key value The length in bytes of the second X9.42 Diffie-Hellman private key Key handle for second X9.42 Diffie-Hellman private key value Other party's second X9.42 Diffie-Hellman public key value Handle to the first party's ephemeral public key

Returns managed object that can be marshaled to an unmanaged block of memory

A managed object holding the data to be marshaled. This object must be an instance of a formatted class.

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Attribute of cryptoki object (CK_ATTRIBUTE alternative)

Flag indicating whether instance has been disposed

Low level attribute structure

Attribute type

Flag indicating whether attribute value cannot be read either because object is sensitive or unextractable or because specified attribute for the object is invalid.

Creates attribute defined by low level CK_ATTRIBUTE structure

CK_ATTRIBUTE structure

Creates attribute of given type with no value

Attribute type

Creates attribute of given type with no value

Attribute type

Creates attribute of given type with uint value

Attribute type Attribute value

Creates attribute of given type with uint value

Attribute type Attribute value

Creates attribute of given type with CKC value

Attribute type Attribute value

Creates attribute of given type with CKK value

Attribute type Attribute value

Creates attribute of given type with CKO value

Attribute type Attribute value

Reads value of attribute and returns it as uint

Value of attribute

Creates attribute of given type with bool value

Attribute type Attribute value

Creates attribute of given type with bool value

Attribute type Attribute value

Reads value of attribute and returns it as bool

Value of attribute

Creates attribute of given type with string value

Attribute type Attribute value

Creates attribute of given type with string value

Attribute type Attribute value

Reads value of attribute and returns it as string

Value of attribute

Creates attribute of given type with byte array value

Attribute type Attribute value

Creates attribute of given type with byte array value

Attribute type Attribute value

Reads value of attribute and returns it as byte array

Value of attribute

Creates attribute of given type with DateTime (CK_DATE) value

Attribute type Attribute value

Creates attribute of given type with DateTime (CK_DATE) value

Attribute type Attribute value

Reads value of attribute and returns it as DateTime

Value of attribute

Creates attribute of given type with attribute array value

Attribute type Attribute value

Creates attribute of given type with attribute array value

Attribute type Attribute value

Reads value of attribute and returns it as attribute array

Value of attribute

Creates attribute of given type with uint array value

Attribute type Attribute value

Creates attribute of given type with uint array value

Attribute type Attribute value

Reads value of attribute and returns it as list of uints

Value of attribute

Creates attribute of given type with mechanism array value

Attribute type Attribute value

Creates attribute of given type with mechanism array value

Attribute type Attribute value

Reads value of attribute and returns it as list of mechanisms

Value of attribute

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Token-specific identifier for an object

PKCS#11 handle of object

Initializes new instance of ObjectHandle class with ObjectId set to CK_INVALID_HANDLE

Initializes new instance of ObjectHandle class

PKCS#11 handle of object

High level PKCS#11 wrapper

Flag indicating whether instance has been disposed

Low level PKCS#11 wrapper

Low level PKCS#11 wrapper. Use with caution!

Loads and initializes PCKS#11 library

Library name or path Type of application that will be using PKCS#11 library

Loads and initializes PCKS#11 library

Library name or path Type of application that will be using PKCS#11 library Source of PKCS#11 function pointers

Gets general information about loaded PKCS#11 library

General information about loaded PKCS#11 library

Obtains a list of slots in the system

Type of slots to be obtained List of available slots

Waits for a slot event, such as token insertion or token removal, to occur

Type of waiting for a slot event Flag indicating whether event occured PKCS#11 handle of slot that the event occurred in

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Utility class connecting PKCS#11 URI and Pkcs11Interop types

Checks whether PKCS#11 library information matches PKCS#11 URI

PKCS#11 URI PKCS#11 library information True if PKCS#11 library information matches PKCS#11 URI

Checks whether slot information matches PKCS#11 URI

PKCS#11 URI Slot information True if slot information matches PKCS#11 URI

Checks whether token information matches PKCS#11 URI

PKCS#11 URI Token information True if token information matches PKCS#11 URI

Checks whether object attributes match PKCS#11 URI

PKCS#11 URI Object attributes True if object attributes match PKCS#11 URI

Obtains a list of all PKCS#11 URI matching slots

PKCS#11 URI High level PKCS#11 wrapper Flag indicating whether the list obtained includes only those slots with a token present (true), or all slots (false) List of slots matching PKCS#11 URI

Returns list of object attributes defined by PKCS#11 URI

PKCS#11 URI List of object attributes defined by PKCS#11 URI

Class representing a logical connection between an application and a token

Flag indicating whether instance has been disposed

Low level PKCS#11 wrapper

Low level PKCS#11 wrapper. Use with caution!

PKCS#11 handle of session

Flag indicating whether session should be closed when object is disposed

Initializes new instance of Session class

Low level PKCS#11 wrapper PKCS#11 handle of session

Closes a session between an application and a token

Initializes the normal user's PIN

Pin value

Initializes the normal user's PIN

Pin value

Modifies the PIN of the user that is currently logged in, or the CKU_USER PIN if the session is not logged in.

Old PIN value New PIN value

Modifies the PIN of the user that is currently logged in, or the CKU_USER PIN if the session is not logged in.

Old PIN value New PIN value

Obtains information about a session

Information about a session

Obtains a copy of the cryptographic operations state of a session encoded as an array of bytes

Operations state of a session

Restores the cryptographic operations state of a session from an array of bytes obtained with GetOperationState

Array of bytes obtained with GetOperationState CK_INVALID_HANDLE or handle to the key which will be used for an ongoing encryption or decryption operation in the restored session CK_INVALID_HANDLE or handle to the key which will be used for an ongoing signature, MACing, or verification operation in the restored session

Logs a user into a token

Type of user Pin of user

Logs a user into a token

Type of user Pin of user

Logs a user out from a token

Creates a new object

Object attributes Handle of created object

Copies an object, creating a new object for the copy

Handle of object to be copied New values for any attributes of the object that can ordinarily be modified Handle of copied object

Destroys an object

Handle of object to be destroyed

Gets the size of an object in bytes.

Handle of object Size of an object in bytes

Obtains the value of one or more attributes of an object

Handle of object whose attributes should be read List of attributes that should be read Object attributes

Obtains the value of one or more attributes of an object

Handle of object whose attributes should be read List of attributes that should be read Object attributes

Modifies the value of one or more attributes of an object

Handle of object whose attributes should be modified List of attributes that should be modified

Initializes a search for token and session objects that match a attributes

Attributes that should be matched

Continues a search for token and session objects that match a template, obtaining additional object handles

Maximum number of object handles to be returned Found object handles

Terminates a search for token and session objects

Searches for all token and session objects that match provided attributes

Attributes that should be matched Handles of found objects

Encrypts single-part data

Encryption mechanism Handle of the encryption key Data to be encrypted Encrypted data

Encrypts multi-part data

Encryption mechanism Handle of the encryption key Input stream from which data to be encrypted should be read Output stream where encrypted data should be written

Encrypts multi-part data

Encryption mechanism Handle of the encryption key Input stream from which data to be encrypted should be read Output stream where encrypted data should be written Size of read buffer in bytes

Decrypts single-part data

Decryption mechanism Handle of the decryption key Data to be decrypted Decrypted data

Decrypts multi-part data

Decryption mechanism Handle of the decryption key Input stream from which encrypted data should be read Output stream where decrypted data should be written

Decrypts multi-part data

Decryption mechanism Handle of the decryption key Input stream from which encrypted data should be read Output stream where decrypted data should be written Size of read buffer in bytes

Digests the value of a secret key

Digesting mechanism Handle of the secret key to be digested Digest

Digests single-part data

Digesting mechanism Data to be digested Digest

Digests multi-part data

Digesting mechanism Input stream from which data should be read Digest

Digests multi-part data

Digesting mechanism Input stream from which data should be read Size of read buffer in bytes Digest

Signs single-part data, where the signature is an appendix to the data

Signature mechanism Signature key Data to be signed Signature

Signs multi-part data, where the signature is an appendix to the data

Signature mechanism Signature key Input stream from which data should be read Signature

Signs multi-part data, where the signature is an appendix to the data

Signature mechanism Signature key Input stream from which data should be read Size of read buffer in bytes Signature

Signs single-part data, where the data can be recovered from the signature

Signature mechanism Signature key Data to be signed Signature

Verifies a signature of data, where the signature is an appendix to the data

Verification mechanism; Verification key Data that was signed Signature Flag indicating whether signature is valid

Verifies a signature of data, where the signature is an appendix to the data

Verification mechanism; Verification key Input stream from which data that was signed should be read Signature Flag indicating whether signature is valid

Verifies a signature of data, where the signature is an appendix to the data

Verification mechanism; Verification key Input stream from which data that was signed should be read Signature Flag indicating whether signature is valid Size of read buffer in bytes

Verifies signature of data, where the data can be recovered from the signature

Verification mechanism; Verification key Signature Flag indicating whether signature is valid Data recovered from the signature

Digests and encrypts data

Digesting mechanism Encryption mechanism Handle of the encryption key Data to be processed Digest Encrypted data

Digests and encrypts data

Digesting mechanism Encryption mechanism Handle of the encryption key Input stream from which data to be processed should be read Output stream where encrypted data should be written Digest

Digests and encrypts data

Digesting mechanism Encryption mechanism Handle of the encryption key Input stream from which data to be processed should be read Output stream where encrypted data should be written Size of read buffer in bytes Digest

Digests and decrypts data

Digesting mechanism Decryption mechanism Handle of the decryption key Data to be processed Digest Decrypted data

Digests and decrypts data

Digesting mechanism Decryption mechanism Handle of the decryption key Input stream from which data to be processed should be read Output stream where decrypted data should be written Digest

Digests and decrypts data

Digesting mechanism Decryption mechanism Handle of the decryption key Input stream from which data to be processed should be read Output stream where decrypted data should be written Size of read buffer in bytes Digest

Signs and encrypts data

Signing mechanism Handle of the signing key Encryption mechanism Handle of the encryption key Data to be processed Signature Encrypted data

Signs and encrypts data

Signing mechanism Handle of the signing key Encryption mechanism Handle of the encryption key Input stream from which data to be processed should be read Output stream where encrypted data should be written Signature

Signs and encrypts data

Decrypts data and verifies a signature of data

Verification mechanism Handle of the verification key Decryption mechanism Handle of the decryption key Data to be processed Signature Decrypted data Flag indicating whether signature is valid

Decrypts data and verifies a signature of data

Verification mechanism Handle of the verification key Decryption mechanism Handle of the decryption key Input stream from which data to be processed should be read Output stream where decrypted data should be written Signature Flag indicating whether signature is valid

Decrypts data and verifies a signature of data

Generates a secret key or set of domain parameters, creating a new object

Generation mechanism Attributes of the new key or set of domain parameters Handle of the new key or set of domain parameters

Generates a public/private key pair, creating new key objects

Key generation mechanism Attributes of the public key Attributes of the private key Handle of the new public key Handle of the new private key

Wraps (i.e., encrypts) a private or secret key

Wrapping mechanism Handle of wrapping key Handle of key to be wrapped Wrapped key

Unwraps (i.e. decrypts) a wrapped key, creating a new private key or secret key object

Unwrapping mechanism Handle of unwrapping key Wrapped key Attributes for unwrapped key Handle of unwrapped key

Derives a key from a base key, creating a new key object

Derivation mechanism Handle of base key Attributes for the new key Handle of derived key

Mixes additional seed material into the token's random number generator

Seed material

Generates random or pseudo-random data

Length in bytes of the random or pseudo-random data to be generated Generated random or pseudo-random data

Legacy function which should throw CKR_FUNCTION_NOT_PARALLEL

Disposes object

Flag indicating whether managed resources should be disposed

Class destructor that disposes object if caller forgot to do so

Flags that define the type of session

Bit flags that define the type of session

True if the session is read/write; false if the session is read-only

This flag is provided for backward compatibility, and should always be set to true

Initializes new instance of SessionFlags class

Bit flags that define the type of session

Information about a session

PKCS#11 handle of session

PKCS#11 handle of slot that interfaces with the token

The state of the session

Flags that define the type of session

An error code defined by the cryptographic device used for errors not covered by Cryptoki

Converts low level CK_SESSION_INFO structure to high level SessionInfo class

PKCS#11 handle of session Low level CK_SESSION_INFO structure

Logical reader that potentially contains a token

Low level PKCS#11 wrapper

Low level PKCS#11 wrapper. Use with caution!

PKCS#11 handle of slot

Initializes new instance of Slot class

Low level PKCS#11 wrapper PKCS#11 handle of slot

Obtains information about a particular slot in the system

Slot information

Obtains information about a particular token in the system.

Token information

Obtains a list of mechanism types supported by a token

List of mechanism types supported by a token

Obtains information about a particular mechanism possibly supported by a token

Mechanism Information about mechanism

Initializes a token

SO's initial PIN Label of the token

Initializes a token

SO's initial PIN Label of the token

Opens a session between an application and a token in a particular slot

Type of session to be opened Session

Closes a session between an application and a token

Session

Closes all sessions an application has with a token

Flags that provide capabilities of the slot

Bits flags that provide capabilities of the slot

True if a token is present in the slot (e.g. a device is in the reader)

True if the reader supports removable devices

True if the slot is a hardware slot, as opposed to a software slot implementing a "soft token"

Initializes new instance of SlotFlags class

Bits flags that provide capabilities of the slot

Information about a slot

PKCS#11 handle of slot

Description of the slot

ID of the slot manufacturer

Flags that provide capabilities of the slot

Version number of the slot's hardware

Version number of the slot's firmware

Converts low level CK_SLOT_INFO structure to high level SlotInfo class

PKCS#11 handle of slot Low level CK_SLOT_INFO structure

Flags indicating capabilities and status of the device

Bits flags indicating capabilities and status of the device

True if the token has its own random number generator

True if the token is write-protected

True if there are some cryptographic functions that a user must be logged in to perform

True if the normal user's PIN has been initialized

True if a successful save of a session's cryptographic operations state always contains all keys needed to restore the state of the session

True if token has its own hardware clock

True if token has a “protected authentication path”, whereby a user can log into the token without passing a PIN through the Cryptoki library

True if a single session with the token can perform dual cryptographic operations

True if the token has been initialized using C_InitializeToken or an equivalent mechanism

True if the token supports secondary authentication for private key objects

True if an incorrect user login PIN has been entered at least once since the last successful authentication

True if supplying an incorrect user PIN will make it to become locked

True if the user PIN has been locked. User login to the token is not possible.

True if the user PIN value is the default value set by token initialization or manufacturing, or the PIN has been expired by the card

True if an incorrect SO login PIN has been entered at least once since the last successful authentication

True if supplying an incorrect SO PIN will make it to become locked.

True if the SO PIN has been locked. User login to the token is not possible.

True if the SO PIN value is the default value set by token initialization or manufacturing, or the PIN has been expired by the card.

Initializes new instance of TokenFlags class

Bits flags indicating capabilities and status of the device

Information about a token

PKCS#11 handle of slot

Application-defined label, assigned during token initialization

ID of the device manufacturer

Model of the device

Serial number of the device

Bit flags indicating capabilities and status of the device

Maximum number of sessions that can be opened with the token at one time by a single application

Number of sessions that this application currently has open with the token

Maximum number of read/write sessions that can be opened with the token at one time by a single application

Number of read/write sessions that this application currently has open with the token

Maximum length in bytes of the PIN

Minimum length in bytes of the PIN

The total amount of memory on the token in bytes in which public objects may be stored

The amount of free (unused) memory on the token in bytes for public objects

The total amount of memory on the token in bytes in which private objects may be stored

The amount of free (unused) memory on the token in bytes for private objects

Version number of hardware

Version number of firmware

Current time (the value of this field only makes sense for tokens equipped with a clock)

UtcTimeString converted to DateTime or null if conversion failed

Converts low level CK_TOKEN_INFO structure to high level TokenInfo class

PKCS#11 handle of slot Low level CK_TOKEN_INFO structure