| PKCS11_KERNEL(7) | Standards, Environments, and Macros | PKCS11_KERNEL(7) |
pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework
/usr/lib/security/pkcs11_kernel.so /usr/lib/security/64/pkcs11_kernel.so
The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20 specification by using a private interface to communicate with the Kernel Cryptographic Framework.
Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots.
The PKCS#11 mechanisms provided by this library is determined by the available hardware providers.
Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB).
All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following:
C_DecryptDigestUpdate C_DecryptVerifyUpdate C_DigestEncryptUpdate C_GetOperationState C_InitToken C_InitPIN C_SetOperationState C_SignEncryptUpdate C_WaitForSlotEvent
A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.
Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext.
The maximum number of object handles that can be returned by a call to C_FindObjects() is 512.
The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control.
The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com.
See attributes(7) for a description of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Interface Stability | Standard: PKCS#11 v2.20 |
| MT-Level | MT-Safe with exceptions. See section 6.5.2 of RSA PKCS#11 v2.20 |
libpkcs11(3LIB), attributes(7), pkcs11_softtoken(7), cryptoadm(8), rctladm(8)
RSA PKCS#11 v2.20 http://www.rsasecurity.com
Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable.
| October 27, 2005 | OmniOS |