Scribd
Upload
167 views

PKCS11

This document provides an introduction to the PKCS #11 standard for cryptographic token interfaces. It covers the theory of PKCS #11, including its terminology, cryptoki model, and basic functions. It also describes the practical steps to install and configure the necessary software to begin writing PKCS #11 code using Protect Server C SDK and Code Blocks IDE, including installing the toolkit, configuring Code Blocks, and creating a new project. The next session will cover PKCS #11 return codes, using key attributes, generating keys, and changing key attributes.

Uploaded by

Sam Paul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
167 views

PKCS11

This document provides an introduction to the PKCS #11 standard for cryptographic token interfaces. It covers the theory of PKCS #11, including its terminology, cryptoki model, and basic functions. It also describes the practical steps to install and configure the necessary software to begin writing PKCS #11 code using Protect Server C SDK and Code Blocks IDE, including installing the toolkit, configuring Code Blocks, and creating a new project. The next session will cover PKCS #11 return codes, using key attributes, generating keys, and changing key attributes.

Uploaded by

Sam Paul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

PKCS #11 Ladies and Gents !

May I have your attention


please?
Topics Covered :-
Theory –
1. A quick introduction to PKCS standards.
2. Introduction to PKCS #11
3. Terms used in PKCS #11
4. Naming convention used in PKCS #11
5. Cryptoki Model
6. Some basic PKCS #11 functions.

Practical -
1. Installing / Configuring “Protect Server C SDK for Windows”.
2. Installing / Configuring “Code Blocks IDE”.
3. Configuring Code Blocks for PKCS #11
4. Writing our first PKCS #11 code.
PKCS (Public Key Cryptography Standards)

These are a group of Public Key Cryptography standards devised and


published by RSA Security LLC, starting in the early 1990s.

Some of the standards are PKCS #1, PKCS #3, PKCS #5, PKCS #8, PKCS
#10, PKCS #11 and PKCS #12.

Checkout the WiKi link


given below…

https://en.wikipedia.org/wiki/PKCS
Standard Purpose

PKCS #1 Properties for RSA keys that should be followed for Encryption, Signing including the
encoding scheme.
PKCS #3 Key Exchange (Diffie-Hellman)

PKCS #5 Password based Encryption.

PKCS #8 Transporting Private Key

PKCS #10 Certificate Request format.

PKCS #11 Also known as Cryptographic Token Interface or simply “cryptoki”. API meant for
Hardware tokens such has Smart Cards and HSMs.
PKCS #12 Storing Private Keys along with the associated certificates.
PKCS #11

It is a platform independent standard API to manage and operate


hardware tokens such as Smart Cards and HSMs. This API has a wide
variety of functions used for performing crypto operations such as Key
Generation, Signing, Encryption, Hashing etc.

https://en.wikipedia.org/wiki/PKCS_11
Terminology used in PKCS #11

SLOTS
SESSION

TOKEN LIBRARY

OBJECTS

DATA-TYPES
Wrapper
FUNCTIONS
Prefixes
MECHANISM
CRYPTOKI MODEL
PKCS #11 Prefixes and Naming convention

Prefix Meaning Example


C_ Function C_Initialize(), C_Finalize()
CK_ Data Type CK_BBOOL, CK_ULONG
CKA_ Attribute CKA_TOKEN, CKA_PRIVATE
CKD_ Key Derivation CKD_SHA1_KDF
CKF_ Flags CKF_SERIAL_SESSION
CKK_ Type of key CKK_AES, CKK_RSA
CKM_ Mechanism CKM_RSA_PKCS
CKO_ Object class CKO_PRIVATE_KEY
CKR_ Return value CKR_OK, CKR_DEVICE_ERROR
CKU_ User Type CKU_SO, CKU_USER
CKZ_ Parameter Source CKZ_SALT_SPECIFIED
Some Datatypes used in PKCS #11

Data Type Type Purpose


CK_SESSION_HANDLE Unsigned Long Stores Session handle
CK_OBJECT_HANDLE Unsigned Long Stores object handle
CK_SLOT_ID Unsigned Long Stores slot ID
CK_ULONG Unsigned Long Stores a long value
CK_BBOOL Boolean Stores True or False
CK_CHAR Signed 8 bit Stores character
CK_BYTE Unsigned 8 bit Stores byte data
CK_MECHANISM Unsigned 8 bit Stores mechanism info
CK_ATTRIBUTE Unsigned 8 bit Stores mechanism info.
Some basic functions used in PKCS #11

Function Purpose Prototype


C_Initialize Initialize memory space C_Initialize(Init_args)

C_Finalize Finalize memory space C_Finalize(NULL)

C_OpenSession Open a new session C_OpenSession(slot, flag, null,null,handle)

C_CloseSession Close a session C_CloseSession(handle)

C_Login Login to a token C_Login(hSession, user_type, password, password_len)

C_Logout Logout from a token C_Logout(hSession)

C_GetSlotList Get number of available slots C_GetSlotList(bool)

C_GetFunctionList Gets the list of available P11 functions C_GetFunctionList()

C_GetTokenInfo() Gets information about a token C_GetTokenInfo()

Please do read
PKCS #11 v2.20
manual for
more about
these
functions..
Practical Stuff
We’re going to use
PTK-C as it’s the best
Protect Server Toolkit way to hon your
PKCS #11 skills
• Install Protect Server Tool Kit for C. without needing an
actual hardware.
• Configure it for software mode.
• Create a new slot and initialize it.

Code Blocks

• Install TDM-GCC.
• Install Code Blocks IDE.
• Configuring Code Blocks IDE for PKCS #11 programming.
Protect Server Toolkit Installation
Select “1” for
Software only mode.
Follow the arrows..
Installing TDM-GCC
Installing Code Blocks
Configuring Code Blocks for PKCS #11 Programming
Save the
configuration
Settings >> Compiler … with
whatever
name you
want.
Configuring Code Blocks for PKCS #11 Programming
Configuring Code Blocks for PKCS #11 Programming

C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\sw\cryptoki.dll


Configuring Code Blocks for PKCS #11 Programming

C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\include


Configuring Code Blocks for PKCS #11 Programming

C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\lib


Configuring Code Blocks for PKCS #11 Programming
Let’s create
a new
project and
jump right
into it.
Configuring Code Blocks for PKCS #11 Programming
That’s it for today folks !

In the next session, we will cover the following topics :-

• PKCS #11 return codes and what they mean.


• Using Key Attributes
• Generate Key / Key Pair
• Changing Key Attributes
And…special thanks to our Sensei..
Thank you Sensei… We couldn’t have done it without you 

Hehe.. I know..
Ganbatte !

You might also like