1 / 11

RSA Laboratories’ PKCS Series - a Tutorial

RSA Laboratories’ PKCS Series - a Tutorial. PKCS #11 Magnus Nyström October, 1999. Cryptographic Token Interface Standard. Different from other PKCS documents in that it defines an application programming interface (API)

tao
Download Presentation

RSA Laboratories’ PKCS Series - a Tutorial

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Laboratories’ PKCS Series - a Tutorial PKCS #11 Magnus Nyström October, 1999

  2. Cryptographic Token Interface Standard • Different from other PKCS documents in that it defines an application programming interface (API) • Shields applications from details of cryptographic tokens such as smart cards • Concentrates on cryptographic matters • The API is written for ANSI C • Also known as “Cryptoki”

  3. Cryptographic Token Interface Standard, II • Widely used in many token-aware products, e.g. Netscape Communicator • Simplified user model: Just one user and a security officer (SO)

  4. General model

  5. PKCS #11’s object model • Objects may be created, read, updated and deleted • All access is governed by security states

  6. PKCS #11 states (or sessions)

  7. PKCS #11 Read-write sessions

  8. Functional overview • General purpose functions • Initialize, cleanup, information about the library itself • Slot and token management • GetSlotInfo, GetTokenInfo,… • Session management • OpenSession, CloseSession… • Object management • Create, Destroy, Copy

  9. Functional overview, II • Encryption functions • Decryption functions • Digest functions • Signing functions • MAC functions • Key management (e.g. generate a key pair) • Callbacks (e.g. error handling)

  10. Future enhancements • Support for new types of certificates (e.g. attribute certificates) • Support for multiple PINs • More fine-grained access control • Support for “signature-only” keys • Time plan: v2.1 in Q4’99 • v3.0 perhaps Q3’00

  11. More information • As usual: • http://www.rsasecurity.com/rsalabs/pkcs

More Related