Scribd Logo
Upload

Welcome to Scribd!

  • PKCS11

    Uploaded by

    Sam Paul
    120 views23 pages
    This document provides an introduction to the PKCS #11 standard for cryptographic token interfaces. It covers the theory of PKCS #11, including its terminology, cryptoki model, and basic functions. It also describes the practical steps to install and configure the necessary software to begin writing PKCS #11 code using Protect Server C SDK and Code Blocks IDE, including installing the toolkit, configuring Code Blocks, and creating a new project. The next session will cover PKCS #11 return codes, using key attributes, generating keys, and changing key attributes.

    Original Description:

    PKCS #11 presentation

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an introduction to the PKCS #11 standard for cryptographic token interfaces. It covers the theory of PKCS #11, including its terminology, cryptoki model, and basic functions. It also describes the practical steps to install and configure the necessary software to begin writing PKCS #11 code using Protect Server C SDK and Code Blocks IDE, including installing the toolkit, configuring Code Blocks, and creating a new project. The next session will cover PKCS #11 return codes, using key attributes, generating keys, and changing key attributes.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    120 views23 pages

    PKCS11

    Uploaded by

    Sam Paul
    This document provides an introduction to the PKCS #11 standard for cryptographic token interfaces. It covers the theory of PKCS #11, including its terminology, cryptoki model, and basic functions. It also describes the practical steps to install and configure the necessary software to begin writing PKCS #11 code using Protect Server C SDK and Code Blocks IDE, including installing the toolkit, configuring Code Blocks, and creating a new project. The next session will cover PKCS #11 return codes, using key attributes, generating keys, and changing key attributes.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 23

    PKCS #11 Ladies and Gents !

    May I have your attention


    please?
    Topics Covered :-
    Theory –
    1. A quick introduction to PKCS standards.
    2. Introduction to PKCS #11
    3. Terms used in PKCS #11
    4. Naming convention used in PKCS #11
    5. Cryptoki Model
    6. Some basic PKCS #11 functions.

    Practical -
    1. Installing / Configuring “Protect Server C SDK for Windows”.
    2. Installing / Configuring “Code Blocks IDE”.
    3. Configuring Code Blocks for PKCS #11
    4. Writing our first PKCS #11 code.
    PKCS (Public Key Cryptography Standards)

    These are a group of Public Key Cryptography standards devised and


    published by RSA Security LLC, starting in the early 1990s.

    Some of the standards are PKCS #1, PKCS #3, PKCS #5, PKCS #8, PKCS
    #10, PKCS #11 and PKCS #12.

    Checkout the WiKi link


    given below…

    https://en.wikipedia.org/wiki/PKCS
    Standard Purpose

    PKCS #1 Properties for RSA keys that should be followed for Encryption, Signing including the
    encoding scheme.
    PKCS #3 Key Exchange (Diffie-Hellman)

    PKCS #5 Password based Encryption.

    PKCS #8 Transporting Private Key

    PKCS #10 Certificate Request format.

    PKCS #11 Also known as Cryptographic Token Interface or simply “cryptoki”. API meant for
    Hardware tokens such has Smart Cards and HSMs.
    PKCS #12 Storing Private Keys along with the associated certificates.
    PKCS #11

    It is a platform independent standard API to manage and operate


    hardware tokens such as Smart Cards and HSMs. This API has a wide
    variety of functions used for performing crypto operations such as Key
    Generation, Signing, Encryption, Hashing etc.

    https://en.wikipedia.org/wiki/PKCS_11
    Terminology used in PKCS #11

    SLOTS
    SESSION

    TOKEN LIBRARY

    OBJECTS

    DATA-TYPES
    Wrapper
    FUNCTIONS
    Prefixes
    MECHANISM
    CRYPTOKI MODEL
    PKCS #11 Prefixes and Naming convention

    Prefix Meaning Example


    C_ Function C_Initialize(), C_Finalize()
    CK_ Data Type CK_BBOOL, CK_ULONG
    CKA_ Attribute CKA_TOKEN, CKA_PRIVATE
    CKD_ Key Derivation CKD_SHA1_KDF
    CKF_ Flags CKF_SERIAL_SESSION
    CKK_ Type of key CKK_AES, CKK_RSA
    CKM_ Mechanism CKM_RSA_PKCS
    CKO_ Object class CKO_PRIVATE_KEY
    CKR_ Return value CKR_OK, CKR_DEVICE_ERROR
    CKU_ User Type CKU_SO, CKU_USER
    CKZ_ Parameter Source CKZ_SALT_SPECIFIED
    Some Datatypes used in PKCS #11

    Data Type Type Purpose


    CK_SESSION_HANDLE Unsigned Long Stores Session handle
    CK_OBJECT_HANDLE Unsigned Long Stores object handle
    CK_SLOT_ID Unsigned Long Stores slot ID
    CK_ULONG Unsigned Long Stores a long value
    CK_BBOOL Boolean Stores True or False
    CK_CHAR Signed 8 bit Stores character
    CK_BYTE Unsigned 8 bit Stores byte data
    CK_MECHANISM Unsigned 8 bit Stores mechanism info
    CK_ATTRIBUTE Unsigned 8 bit Stores mechanism info.
    Some basic functions used in PKCS #11

    Function Purpose Prototype


    C_Initialize Initialize memory space C_Initialize(Init_args)

    C_Finalize Finalize memory space C_Finalize(NULL)

    C_OpenSession Open a new session C_OpenSession(slot, flag, null,null,handle)

    C_CloseSession Close a session C_CloseSession(handle)

    C_Login Login to a token C_Login(hSession, user_type, password, password_len)

    C_Logout Logout from a token C_Logout(hSession)

    C_GetSlotList Get number of available slots C_GetSlotList(bool)

    C_GetFunctionList Gets the list of available P11 functions C_GetFunctionList()

    C_GetTokenInfo() Gets information about a token C_GetTokenInfo()

    Please do read
    PKCS #11 v2.20
    manual for
    more about
    these
    functions..
    Practical Stuff
    We’re going to use
    PTK-C as it’s the best
    Protect Server Toolkit way to hon your
    PKCS #11 skills
    • Install Protect Server Tool Kit for C. without needing an
    actual hardware.
    • Configure it for software mode.
    • Create a new slot and initialize it.

    Code Blocks

    • Install TDM-GCC.
    • Install Code Blocks IDE.
    • Configuring Code Blocks IDE for PKCS #11 programming.
    Protect Server Toolkit Installation
    Select “1” for
    Software only mode.
    Follow the arrows..
    Installing TDM-GCC
    Installing Code Blocks
    Configuring Code Blocks for PKCS #11 Programming
    Save the
    configuration
    Settings >> Compiler … with
    whatever
    name you
    want.
    Configuring Code Blocks for PKCS #11 Programming
    Configuring Code Blocks for PKCS #11 Programming

    C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\sw\cryptoki.dll


    Configuring Code Blocks for PKCS #11 Programming

    C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\include


    Configuring Code Blocks for PKCS #11 Programming

    C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\lib


    Configuring Code Blocks for PKCS #11 Programming
    Let’s create
    a new
    project and
    jump right
    into it.
    Configuring Code Blocks for PKCS #11 Programming
    That’s it for today folks !

    In the next session, we will cover the following topics :-

    • PKCS #11 return codes and what they mean.


    • Using Key Attributes
    • Generate Key / Key Pair
    • Changing Key Attributes
    And…special thanks to our Sensei..
    Thank you Sensei… We couldn’t have done it without you 

    Hehe.. I know..
    Ganbatte !

    You might also like