PKCS11Session - Reference Documentation
Class implementing support for cryptographic token with PKCS#11 interface
Index of Methods
- PKCS11Session() constructor
- login()
- initPIN()
- setPIN()
- enumerateObjects()
- generateKey()
- generateKeyPair()
- wrapKey()
- unwrapKey()
- deriveKey()
- signInit()
- sign()
- signUpdate()
- signFinal()
- verifyInit()
- verify()
- verifyUpdate()
- verifyFinal()
- encryptInit()
- encrypt()
- encryptUpdate()
- encryptFinal()
- decryptInit()
- decrypt()
- decryptUpdate()
- decryptFinal()
- close()
Constants
| Type | Name | Description |
|---|---|---|
| Number | CKM_RSA_PKCS_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_RSA_9796 | PKCS#11 mechanism constant |
| Number | CKM_RSA_X_509 | PKCS#11 mechanism constant |
| Number | CKM_MD2_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_MD5_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_SHA1_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD128_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD160_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_RSA_PKCS_OAEP | PKCS#11 mechanism constant |
| Number | CKM_RSA_X9_31_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_RSA_X9_31 | PKCS#11 mechanism constant |
| Number | CKM_SHA1_RSA_X9_31 | PKCS#11 mechanism constant |
| Number | CKM_RSA_PKCS_PSS | PKCS#11 mechanism constant |
| Number | CKM_SHA1_RSA_PKCS_PSS | PKCS#11 mechanism constant |
| Number | CKM_DSA_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_DSA | PKCS#11 mechanism constant |
| Number | CKM_DSA_SHA1 | PKCS#11 mechanism constant |
| Number | CKM_DH_PKCS_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_DH_PKCS_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_X9_42_DH_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_X9_42_DH_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_X9_42_DH_HYBRID_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_X9_42_MQV_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_SHA256_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_SHA384_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_SHA512_RSA_PKCS | PKCS#11 mechanism constant |
| Number | CKM_SHA256_RSA_PKCS_PSS | PKCS#11 mechanism constant |
| Number | CKM_SHA384_RSA_PKCS_PSS | PKCS#11 mechanism constant |
| Number | CKM_SHA512_RSA_PKCS_PSS | PKCS#11 mechanism constant |
| Number | CKM_RC2_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_RC2_ECB | PKCS#11 mechanism constant |
| Number | CKM_RC2_CBC | PKCS#11 mechanism constant |
| Number | CKM_RC2_MAC | PKCS#11 mechanism constant |
| Number | CKM_RC2_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_RC2_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_RC4_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_RC4 | PKCS#11 mechanism constant |
| Number | CKM_DES_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_DES_ECB | PKCS#11 mechanism constant |
| Number | CKM_DES_CBC | PKCS#11 mechanism constant |
| Number | CKM_DES_MAC | PKCS#11 mechanism constant |
| Number | CKM_DES_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_DES_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_DES2_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_DES3_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_DES3_ECB | PKCS#11 mechanism constant |
| Number | CKM_DES3_CBC | PKCS#11 mechanism constant |
| Number | CKM_DES3_MAC | PKCS#11 mechanism constant |
| Number | CKM_DES3_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_DES3_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_CDMF_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_CDMF_ECB | PKCS#11 mechanism constant |
| Number | CKM_CDMF_CBC | PKCS#11 mechanism constant |
| Number | CKM_CDMF_MAC | PKCS#11 mechanism constant |
| Number | CKM_CDMF_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_CDMF_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_MD2 | PKCS#11 mechanism constant |
| Number | CKM_MD2_HMAC | PKCS#11 mechanism constant |
| Number | CKM_MD2_HMAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_MD5 | PKCS#11 mechanism constant |
| Number | CKM_MD5_HMAC | PKCS#11 mechanism constant |
| Number | CKM_MD5_HMAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_SHA_1 | PKCS#11 mechanism constant |
| Number | CKM_SHA_1_HMAC | PKCS#11 mechanism constant |
| Number | CKM_SHA_1_HMAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD128 | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD128_HMAC | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD128_HMAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD160 | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD160_HMAC | PKCS#11 mechanism constant |
| Number | CKM_RIPEMD160_HMAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_CAST_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_CAST_ECB | PKCS#11 mechanism constant |
| Number | CKM_CAST_CBC | PKCS#11 mechanism constant |
| Number | CKM_CAST_MAC | PKCS#11 mechanism constant |
| Number | CKM_CAST_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_CAST_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_CAST3_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_CAST3_ECB | PKCS#11 mechanism constant |
| Number | CKM_CAST3_CBC | PKCS#11 mechanism constant |
| Number | CKM_CAST3_MAC | PKCS#11 mechanism constant |
| Number | CKM_CAST3_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_CAST3_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_CAST5_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_CAST128_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_CAST5_ECB | PKCS#11 mechanism constant |
| Number | CKM_CAST128_ECB | PKCS#11 mechanism constant |
| Number | CKM_CAST5_CBC | PKCS#11 mechanism constant |
| Number | CKM_CAST128_CBC | PKCS#11 mechanism constant |
| Number | CKM_CAST5_MAC | PKCS#11 mechanism constant |
| Number | CKM_CAST128_MAC | PKCS#11 mechanism constant |
| Number | CKM_CAST5_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_CAST128_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_CAST5_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_CAST128_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_RC5_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_RC5_ECB | PKCS#11 mechanism constant |
| Number | CKM_RC5_CBC | PKCS#11 mechanism constant |
| Number | CKM_RC5_MAC | PKCS#11 mechanism constant |
| Number | CKM_RC5_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_RC5_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_IDEA_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_IDEA_ECB | PKCS#11 mechanism constant |
| Number | CKM_IDEA_CBC | PKCS#11 mechanism constant |
| Number | CKM_IDEA_MAC | PKCS#11 mechanism constant |
| Number | CKM_IDEA_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_IDEA_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_GENERIC_SECRET_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_CONCATENATE_BASE_AND_KEY | PKCS#11 mechanism constant |
| Number | CKM_CONCATENATE_BASE_AND_DATA | PKCS#11 mechanism constant |
| Number | CKM_CONCATENATE_DATA_AND_BASE | PKCS#11 mechanism constant |
| Number | CKM_XOR_BASE_AND_DATA | PKCS#11 mechanism constant |
| Number | CKM_EXTRACT_KEY_FROM_KEY | PKCS#11 mechanism constant |
| Number | CKM_SSL3_PRE_MASTER_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_SSL3_MASTER_KEY_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_SSL3_KEY_AND_MAC_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_SSL3_MASTER_KEY_DERIVE_DH | PKCS#11 mechanism constant |
| Number | CKM_TLS_PRE_MASTER_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_TLS_MASTER_KEY_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_TLS_KEY_AND_MAC_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_TLS_MASTER_KEY_DERIVE_DH | PKCS#11 mechanism constant |
| Number | CKM_SSL3_MD5_MAC | PKCS#11 mechanism constant |
| Number | CKM_SSL3_SHA1_MAC | PKCS#11 mechanism constant |
| Number | CKM_MD5_KEY_DERIVATION | PKCS#11 mechanism constant |
| Number | CKM_MD2_KEY_DERIVATION | PKCS#11 mechanism constant |
| Number | CKM_SHA1_KEY_DERIVATION | PKCS#11 mechanism constant |
| Number | CKM_PBE_MD2_DES_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_MD5_DES_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_MD5_CAST_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_MD5_CAST3_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_MD5_CAST5_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_MD5_CAST128_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_CAST5_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_CAST128_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_RC4_128 | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_RC4_40 | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_DES3_EDE_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_DES2_EDE_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_RC2_128_CBC | PKCS#11 mechanism constant |
| Number | CKM_PBE_SHA1_RC2_40_CBC | PKCS#11 mechanism constant |
| Number | CKM_PKCS5_PBKD2 | PKCS#11 mechanism constant |
| Number | CKM_PBA_SHA1_WITH_SHA1_HMAC | PKCS#11 mechanism constant |
| Number | CKM_KEY_WRAP_LYNKS | PKCS#11 mechanism constant |
| Number | CKM_KEY_WRAP_SET_OAEP | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_ECB64 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_CBC64 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_OFB64 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_CFB64 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_CFB32 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_CFB16 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_CFB8 | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_WRAP | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_PRIVATE_WRAP | PKCS#11 mechanism constant |
| Number | CKM_SKIPJACK_RELAYX | PKCS#11 mechanism constant |
| Number | CKM_KEA_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_KEA_KEY_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_FORTEZZA_TIMESTAMP | PKCS#11 mechanism constant |
| Number | CKM_BATON_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_BATON_ECB128 | PKCS#11 mechanism constant |
| Number | CKM_BATON_ECB96 | PKCS#11 mechanism constant |
| Number | CKM_BATON_CBC128 | PKCS#11 mechanism constant |
| Number | CKM_BATON_COUNTER | PKCS#11 mechanism constant |
| Number | CKM_BATON_SHUFFLE | PKCS#11 mechanism constant |
| Number | CKM_BATON_WRAP | PKCS#11 mechanism constant |
| Number | CKM_ECDSA_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_EC_KEY_PAIR_GEN | PKCS#11 mechanism constant |
| Number | CKM_ECDSA | PKCS#11 mechanism constant |
| Number | CKM_ECDSA_SHA1 | PKCS#11 mechanism constant |
| Number | CKM_ECDH1_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_ECDH1_COFACTOR_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_ECMQV_DERIVE | PKCS#11 mechanism constant |
| Number | CKM_JUNIPER_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_JUNIPER_ECB128 | PKCS#11 mechanism constant |
| Number | CKM_JUNIPER_CBC128 | PKCS#11 mechanism constant |
| Number | CKM_JUNIPER_COUNTER | PKCS#11 mechanism constant |
| Number | CKM_JUNIPER_SHUFFLE | PKCS#11 mechanism constant |
| Number | CKM_JUNIPER_WRAP | PKCS#11 mechanism constant |
| Number | CKM_FASTHASH | PKCS#11 mechanism constant |
| Number | CKM_AES_KEY_GEN | PKCS#11 mechanism constant |
| Number | CKM_AES_ECB | PKCS#11 mechanism constant |
| Number | CKM_AES_CBC | PKCS#11 mechanism constant |
| Number | CKM_AES_MAC | PKCS#11 mechanism constant |
| Number | CKM_AES_MAC_GENERAL | PKCS#11 mechanism constant |
| Number | CKM_AES_CBC_PAD | PKCS#11 mechanism constant |
| Number | CKM_DSA_PARAMETER_GEN | PKCS#11 mechanism constant |
| Number | CKM_DH_PKCS_PARAMETER_GEN | PKCS#11 mechanism constant |
| Number | CKM_X9_42_DH_PARAMETER_GEN | PKCS#11 mechanism constant |
Constructor
Prototype
PKCS11Session(PKCS11Provider provider, Number slot)
PKCS11Session(PKCS11Provider provider, Number slot, Boolean readWrite)
Description
Open a new session using the given provider and selected slot.
Arguments
| Type | Name | Description |
|---|---|---|
PKCS11Provider
|
provider | Previously loaded provider |
Number
|
slot | Slot id to use |
Boolean
|
readWrite | True, if session shall allow write access to token. Default is false. |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
var p = new PKCS11Provider("C:/usr/local/lsm/bin/lsmpkcs11.dll");
var s = new PKCS11Session(p, 1, false);
s.close();
login()
Prototype
login(String password)
login(String password, Boolean so)
Description
Login into token as user or security officer
Arguments
| Type | Name | Description |
|---|---|---|
String
|
password | Password to be used for login |
Boolean
|
so | True, if login as security officer is requested. Default is false |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
// Login as user in a read only session
var s = new PKCS11Session(p, 1, false);
s.login("12345678");
s.close();
// Login as security officer in a read/write session
var s = new PKCS11Session(p, 1, true);
s.login("abcdefgh", true);
s.close();
initPIN()
Prototype
initPIN(String password)
Description
Initialize user PIN.
The user PIN can be initialized in a read/write session authenticated by the SO PIN.
Arguments
| Type | Name | Description |
|---|---|---|
String
|
password | The new user PIN |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
// Login as security officer in a read/write session
var s = new PKCS11Session(p, 1, true);
s.login("abcdefgh", true);
s.initPIN("12345678");
s.close();
setPIN()
Prototype
setPIN(String oldPIN, String newPIN)
Description
Change the user PIN.
Arguments
| Type | Name | Description |
|---|---|---|
String
|
oldPIN | The old user PIN |
String
|
newPIN | The new user PIN |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
// Login as security officer in a read/write session
var s = new PKCS11Session(p, 1, true);
s.setPIN("12345678", "12345678");
s.close();
enumerateObjects()
Prototype
enumerateObjects()
enumerateObjects(, Array filterAttrs)
Description
Enumerate all objects available in the session
Arguments
| Type | Name | Description |
|---|---|---|
Array
|
filterAttrs | Array of filter attributes (CKA_*) |
Return
Array of PKCS11Objects
|
Objects found |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
// Login as user in a read only session
var s = new PKCS11Session(p, 1, false);
s.login("12345678");
print("All objects:");
var objs = s.enumerateObjects();
for (var i = 0; i < objs.length; i++) {
print(" Class :" + objs[i].getNumberAttribute(PKCS11Object.CKA_CLASS));
var label = objs[i].getAttribute(PKCS11Object.CKA_LABEL);
if (label) {
print(" Label :" + objs[i].getAttribute(PKCS11Object.CKA_LABEL).toString(ASCII));
}
}
print("Objects with CKA_CLASS = CKO_SECRET_KEY:");
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
var objs = s.enumerateObjects(attr);
for (var i = 0; i < objs.length; i++) {
print(" Class :" + objs[i].getNumberAttribute(PKCS11Object.CKA_CLASS));
var label = objs[i].getAttribute(PKCS11Object.CKA_LABEL);
if (label) {
print(" Label :" + objs[i].getAttribute(PKCS11Object.CKA_LABEL).toString(ASCII));
}
}
s.close();
generateKey()
Prototype
PKCS11Object generateKey(Number mechanism, ByteString param, Array keyAttr)
Description
Call C_GenerateKey() to generate a symmetric key using the mechanism specified with given parameter. The key object is allocated using the attributes from keyAttr.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
ByteString
|
param | Parameter for the generation mechanism |
Array
|
keyAttr | Array of key attributes (CKA_*) |
Return
PKCS11Objects
|
New key object |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// Generate a 168 bit DES key
var s = new PKCS11Session(p, 1, true);
s.login("12345678");
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES3;
attr[PKCS11Object.CKA_ENCRYPT] = true;
attr[PKCS11Object.CKA_DECRYPT] = true;
attr[PKCS11Object.CKA_LABEL] = "GeneratedDES3Key";
var key = s.generateKey(PKCS11Session.CKM_DES3_KEY_GEN, null, attr);
s.close();
generateKeyPair()
Prototype
PKCS11Object[] generateKeyPair(Number mechanism, ByteString param, Array pubAttr, Array priAttr)
Description
Call C_GenerateKeyPair() to generate a key pair using the mechanism specified with given parameter. Key objects are allocated using the attributes from pubAttr and priAttr.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
ByteString
|
param | Parameter for the generation mechanism |
Array
|
pubAttr | Array of public key attributes (CKA_*) |
Array
|
priAttr | Array of private key attributes (CKA_*) |
Return
PKCS11Objects[]
|
Array containing the public key object at index 0, the private key object at index 1. |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// Generate a 2048 bit RSA key pair
var s = new PKCS11Session(p, 1, true);
s.login("12345678");
var priAttr = new Array();
priAttr[PKCS11Object.CKA_SIGN] = true;
priAttr[PKCS11Object.CKA_DECRYPT] = true;
priAttr[PKCS11Object.CKA_UNWRAP] = true;
priAttr[PKCS11Object.CKA_SENSITIVE] = true;
priAttr[PKCS11Object.CKA_ID] = new ByteString("23", HEX);
priAttr[PKCS11Object.CKA_PRIVATE] = true;
priAttr[PKCS11Object.CKA_LABEL] = "GeneratedPrivateKey";
var pubAttr = new Array();
pubAttr[PKCS11Object.CKA_VERIFY] = true;
pubAttr[PKCS11Object.CKA_ENCRYPT] = true;
pubAttr[PKCS11Object.CKA_WRAP] = true;
pubAttr[PKCS11Object.CKA_MODULUS_BITS] = 2048;
pubAttr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("010001", HEX);
pubAttr[PKCS11Object.CKA_LABEL] = "GeneratedPublicKey";
var keys = s.generateKeyPair(PKCS11Session.CKM_RSA_PKCS_KEY_PAIR_GEN, null, pubAttr, priAttr);
s.close();
wrapKey()
Prototype
ByteString wrapKey(Number mechanism, ByteString param, PKCS11Object wrappingKey, PKCS11Object key)
Description
Call C_WrapKey() to wrap a key using another and the mechanism specified with given parameter.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
ByteString
|
param | Parameter for the generation mechanism |
PKCS11Object
|
wrappingKey | The wrapping key |
PKCS11Object
|
key | The key to be wrapped |
Return
ByteString
|
The wrapped key |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
var s = new PKCS11Session(p, 1, true);
s.login("12345678");
// Generate a 56 bit DES key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES;
attr[PKCS11Object.CKA_ENCRYPT] = true;
attr[PKCS11Object.CKA_DECRYPT] = true;
attr[PKCS11Object.CKA_EXTRACTABLE] = true;
attr[PKCS11Object.CKA_LABEL] = "GeneratedDESKeyForWrapping";
var key = s.generateKey(PKCS11Session.CKM_DES_KEY_GEN, null, attr);
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES;
attr[PKCS11Object.CKA_ENCRYPT] = true;
attr[PKCS11Object.CKA_DECRYPT] = true;
attr[PKCS11Object.CKA_WRAP] = true;
attr[PKCS11Object.CKA_UNWRAP] = true;
attr[PKCS11Object.CKA_LABEL] = "GeneratedDESWrappingKey";
var wrapkey = s.generateKey(PKCS11Session.CKM_DES_KEY_GEN, null, attr);
var wrappedkey = s.wrapKey(PKCS11Session.CKM_DES_ECB, null, wrapkey, key);
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES;
attr[PKCS11Object.CKA_ENCRYPT] = true;
attr[PKCS11Object.CKA_DECRYPT] = true;
attr[PKCS11Object.CKA_TOKEN] = true;
attr[PKCS11Object.CKA_LABEL] = "UnwrappedDESKey";
s.unwrapKey(PKCS11Session.CKM_DES_ECB, null, wrapkey, wrappedkey, attr);
s.close();
unwrapKey()
Prototype
PKCS11Object unwrapKey(Number mechanism, ByteString param, PKCS11Object wrappingKey, ByteString wrappedKey, Array keyAttr)
Description
Call C_UnwrapKey() to unwrap a key using another and the mechanism specified with given parameter.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
ByteString
|
param | Parameter for the generation mechanism |
PKCS11Object
|
wrappingKey | The wrapping key |
ByteString
|
wrappedKey | The wrapped key |
Array
|
keyAttr | Array of key attributes (CKA_*) |
Return
PKCS11Objects
|
Unwrapped key object |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See wrapKey() for an example
deriveKey()
Prototype
PKCS11Object deriveKey(Number mechanism, ByteString param, PKCS11Object baseKey, Array keyAttr)
Description
Call C_DeriveKey() to derive one key from another and the mechanism specified with given parameter.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
ByteString
|
param | Parameter for the generation mechanism |
PKCS11Object
|
baseKey | The base key |
Array
|
keyAttr | Array of key attributes for the derived key (CKA_*) |
Return
PKCS11Objects
|
Derived key object |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
var s = new PKCS11Session(p, 1, true);
s.login("12345678");
// Generate a 56 bit DES key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES;
attr[PKCS11Object.CKA_DERIVE] = true;
attr[PKCS11Object.CKA_LABEL] = "GeneratedDESKeyForDerive";
var key = s.generateKey(PKCS11Session.CKM_DES_KEY_GEN, null, attr);
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES;
attr[PKCS11Object.CKA_LABEL] = "DerivedDESKey";
var derivedkey = s.deriveKey(PKCS11Session.CKM_SHA1_KEY_DERIVATION, null, key, attr);
s.close();
signInit()
Prototype
signInit(Number mechanism, PKCS11Object key)
signInit(Number mechanism, Key key)
signInit(Number mechanism, PKCS11Object key, ByteString parameter)
signInit(Number mechanism, Key key, ByteString parameter)
Description
Call C_SignInit() to start a PKCS#11 signature operation.
The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
PKCS11Object
|
key | A PKCS11Object |
Key
|
key | A Key object |
ByteString
|
parameter | Parameter passed with mechanism |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// Login as user in a read/write session
var s = new PKCS11Session(p, 1, true);
s.login("12345678");
// Create RSA private session key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PRIVATE_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA;
attr[PKCS11Object.CKA_LABEL] = "MyPrivateRSAKey";
attr[PKCS11Object.CKA_PRIME_1] = new ByteString("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", HEX);
attr[PKCS11Object.CKA_PRIME_2] = new ByteString("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", HEX);
attr[PKCS11Object.CKA_EXPONENT_1] = new ByteString("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", HEX);
attr[PKCS11Object.CKA_EXPONENT_2] = new ByteString("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", HEX);
attr[PKCS11Object.CKA_COEFFICIENT] = new ByteString("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", HEX);
attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX);
attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX);
var prk = new PKCS11Object(s, attr);
// Create RSA public key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PUBLIC_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA;
attr[PKCS11Object.CKA_LABEL] = "MyPublicRSAKey";
attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX);
attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX);
var puk = new PKCS11Object(s, attr);
// Create RSA public key in SCSH3
var key = new Key();
key.setType(Key.PUBLIC);
key.setComponent(Key.MODULUS, new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX));
key.setComponent(Key.EXPONENT, new ByteString("11", HEX));
var crypto = new Crypto();
// Initiate signing operation
s.signInit(PKCS11Session.CKM_SHA1_RSA_PKCS, prk);
// Single step signing
var msg = new ByteString("Hello World", ASCII);
var signature = s.sign(msg);
print("Signature : " + signature);
// Decrypt block with public key
var plain = crypto.decrypt(key, Crypto.RSA, signature);
print("Plain = " + plain);
// Verify signature with SCSH3
assert(crypto.verify(key, Crypto.RSA, msg, signature));
// Verify signature with PKCS#11
s.verifyInit(PKCS11Session.CKM_SHA1_RSA_PKCS, puk);
// Single step verifying
var msg = new ByteString("Hello World", ASCII);
assert(s.verify(msg, signature));
// Initiate signing operation
s.signInit(PKCS11Session.CKM_SHA1_RSA_PKCS, prk);
// Multi-Step signing (Step 1)
var msg = new ByteString("Hello ", ASCII);
s.signUpdate(msg);
// Multi-Step signing (Step 2)
var msg = new ByteString("World", ASCII);
s.signUpdate(msg);
var signature = s.signFinal();
print("Signature : " + signature);
var plain = crypto.decrypt(key, Crypto.RSA, signature);
print("Plain = " + plain);
// Verify signature with SCSH3
var msg = new ByteString("Hello World", ASCII);
assert(crypto.verify(key, Crypto.RSA, msg, signature));
// Initiate verifying operation
s.verifyInit(PKCS11Session.CKM_SHA1_RSA_PKCS, puk);
// Multi-Step verifying (Step 1)
var msg = new ByteString("Hello ", ASCII);
s.verifyUpdate(msg);
// Multi-Step verifying (Step 2)
var msg = new ByteString("World", ASCII);
s.verifyUpdate(msg);
assert(s.verifyFinal(signature));
s.close();
sign()
Prototype
ByteString sign(ByteString message)
Description
Call C_Sign() to finish a PKCS#11 signature operation.
The method returns the signature.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Message to be signed |
Return
ByteString
|
Signature |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
signUpdate()
Prototype
signUpdate(ByteString message)
Description
Call C_SignUpdate() to continue a PKCS#11 signature operation.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Partial message to be signed |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
signFinal()
Prototype
ByteString signFinal()
Description
Call C_SignFinal() to finish a PKCS#11 signature operation.
The method returns the signature.
Return
ByteString
|
Signature |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
verifyInit()
Prototype
verifyInit(Number mechanism, PKCS11Object key)
verifyInit(Number mechanism, Key key)
verifyInit(Number mechanism, PKCS11Object key, ByteString parameter)
verifyInit(Number mechanism, Key key, ByteString parameter)
Description
Call C_verifyInit() to start a PKCS#11 signature verification operation.
The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
PKCS11Object
|
key | A PKCS11Object |
Key
|
key | A Key object |
ByteString
|
parameter | Parameter passed with mechanism |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
verify()
Prototype
boolean verify(ByteString message, ByteString signature)
Description
Call C_Verify() to finish a PKCS#11 signature verification operation.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Message to be verified |
ByteString
|
signature | Signature to be verified |
Return
boolean
|
True if the signature is valid |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
verifyUpdate()
Prototype
verifyUpdate(ByteString message)
Description
Call C_VerifyUpdate() to continue a PKCS#11 signature verification operation.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Partial message to be verified |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
verifyFinal()
Prototype
boolean signFinal(ByteString signature)
Description
Call C_VerifyFinal() to finish a PKCS#11 signature verification operation.
Return
boolean
|
True if signature is valid |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.signInit() for a complete example
encryptInit()
Prototype
encryptInit(Number mechanism, PKCS11Object key)
encryptInit(Number mechanism, Key key)
encryptInit(Number mechanism, PKCS11Object key, ByteString parameter)
encryptInit(Number mechanism, Key key, ByteString parameter)
Description
Call C_EncryptInit() to start a PKCS#11 encryption operation.
The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
PKCS11Object
|
key | A PKCS11Object |
Key
|
key | A Key object |
ByteString
|
parameter | Parameter passed with mechanism |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// Login as user in a read/write session
var s = new PKCS11Session(p, 1, true);
s.login("12345678");
// Define 3 different single DES key values
var keyval1 = new ByteString("7CA110454A1A6E57", HEX);
var keyval2 = new ByteString("0131D9619DC1376E", HEX);
var keyval3 = new ByteString("9DC1376E0131D961", HEX);
// Create crypto object for internal reference
var crypto = new Crypto();
// Create DES session key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES;
attr[PKCS11Object.CKA_LABEL] = "MyPrivateDESKey1";
attr[PKCS11Object.CKA_ID] = new ByteString("0101", HEX);
attr[PKCS11Object.CKA_TOKEN] = false;
attr[PKCS11Object.CKA_SENSITIVE] = true;
attr[PKCS11Object.CKA_EXTRACTABLE] = false;
attr[PKCS11Object.CKA_VALUE] = keyval1;
var k1p11 = new PKCS11Object(s, attr);
// Internal reference
var k1ref = new Key();
k1ref.setComponent(Key.DES, keyval1);
// Create DES2 session key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES2;
attr[PKCS11Object.CKA_LABEL] = "MyPrivateDESKey2";
attr[PKCS11Object.CKA_ID] = new ByteString("0102", HEX);
attr[PKCS11Object.CKA_TOKEN] = false;
attr[PKCS11Object.CKA_SENSITIVE] = true;
attr[PKCS11Object.CKA_EXTRACTABLE] = false;
attr[PKCS11Object.CKA_VALUE] = keyval1.concat(keyval2);
var k2p11 = new PKCS11Object(s, attr);
// Internal reference
var k2ref = new Key();
k2ref.setComponent(Key.DES, keyval1.concat(keyval2));
// Create DES3 session key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES3;
attr[PKCS11Object.CKA_LABEL] = "MyPrivateDESKey3";
attr[PKCS11Object.CKA_ID] = new ByteString("0103", HEX);
attr[PKCS11Object.CKA_TOKEN] = false;
attr[PKCS11Object.CKA_SENSITIVE] = true;
attr[PKCS11Object.CKA_EXTRACTABLE] = false;
attr[PKCS11Object.CKA_VALUE] = keyval1.concat(keyval2).concat(keyval3);
var k3p11 = new PKCS11Object(s, attr);
// Internal reference
var k3ref = new Key();
k3ref.setComponent(Key.DES, keyval1.concat(keyval2).concat(keyval3));
var message = new ByteString("Hello World !!!!", ASCII);
var iv = new ByteString("0000000000000000", HEX);
// Encrypt with PKCS#11 - single step
s.encryptInit(PKCS11Session.CKM_DES_ECB, k1p11);
var cipher = s.encrypt(message);
print("Cipher : " + cipher);
// Verify with internal reference
var ref = crypto.encrypt(k1ref, Crypto.DES_ECB, message);
print("Ref : " + ref);
assert(ref.equals(cipher));
// Decrypt with PKCS#11
s.decryptInit(PKCS11Session.CKM_DES_ECB, k1p11);
var plain = s.decrypt(cipher);
print("Plain : " + plain.toString(ASCII));
assert(plain.equals(message));
// Encrypt with PKCS#11 - multi step
s.encryptInit(PKCS11Session.CKM_DES_ECB, k1p11);
var cipher = s.encryptUpdate(message.left(8));
var cipher = cipher.concat(s.encryptUpdate(message.right(8)));
var l = s.encryptFinal();
assert(l == null);
print("Cipher : " + cipher);
assert(ref.equals(cipher));
// Encrypt with PKCS#11 - single step
s.encryptInit(PKCS11Session.CKM_DES3_ECB, k2p11);
var cipher = s.encrypt(message);
print("Cipher : " + cipher);
// Verify with internal reference
var ref = crypto.encrypt(k2ref, Crypto.DES_ECB, message);
print("Ref : " + ref);
assert(ref.equals(cipher));
// Decrypt with PKCS#11
s.decryptInit(PKCS11Session.CKM_DES3_ECB, k2p11);
var plain = s.decrypt(cipher);
print("Plain : " + plain.toString(ASCII));
assert(plain.equals(message));
// Encrypt with PKCS#11 - multi step
s.encryptInit(PKCS11Session.CKM_DES3_ECB, k2p11);
var cipher = s.encryptUpdate(message.left(8));
var cipher = cipher.concat(s.encryptUpdate(message.right(8)));
var l = s.encryptFinal();
assert(l == null);
print("Cipher : " + cipher);
assert(ref.equals(cipher));
// Encrypt with PKCS#11 - single step
s.encryptInit(PKCS11Session.CKM_DES3_ECB, k3p11);
var cipher = s.encrypt(message);
print("Cipher : " + cipher);
// Verify with internal reference
var ref = crypto.encrypt(k3ref, Crypto.DES_ECB, message);
print("Ref : " + ref);
assert(ref.equals(cipher));
// Decrypt with PKCS#11
s.decryptInit(PKCS11Session.CKM_DES3_ECB, k3p11);
var plain = s.decrypt(cipher);
print("Plain : " + plain.toString(ASCII));
assert(plain.equals(message));
// Encrypt with PKCS#11 - multi step
s.encryptInit(PKCS11Session.CKM_DES3_ECB, k3p11);
var cipher = s.encryptUpdate(message.left(8));
var cipher = cipher.concat(s.encryptUpdate(message.right(8)));
var l = s.encryptFinal();
assert(l == null);
print("Cipher : " + cipher);
assert(ref.equals(cipher));
// Encrypt with PKCS#11 - single step
s.encryptInit(PKCS11Session.CKM_DES_CBC, k1p11, iv);
var cipher = s.encrypt(message);
print("Cipher : " + cipher);
// Verify with internal reference
var ref = crypto.encrypt(k1ref, Crypto.DES_CBC, message, iv);
print("Ref : " + ref);
assert(ref.equals(cipher));
// Decrypt with PKCS#11
s.decryptInit(PKCS11Session.CKM_DES_CBC, k1p11, iv);
var plain = s.decrypt(cipher);
print("Plain : " + plain.toString(ASCII));
assert(plain.equals(message));
// Encrypt with PKCS#11 - multi step
s.encryptInit(PKCS11Session.CKM_DES_CBC, k1p11, iv);
var cipher = s.encryptUpdate(message.left(8));
var cipher = cipher.concat(s.encryptUpdate(message.right(8)));
var l = s.encryptFinal();
assert(l == null);
print("Cipher : " + cipher);
assert(ref.equals(cipher));
// Encrypt with PKCS#11 - single step
s.encryptInit(PKCS11Session.CKM_DES3_CBC, k2p11, iv);
var cipher = s.encrypt(message);
print("Cipher : " + cipher);
// Verify with internal reference
var ref = crypto.encrypt(k2ref, Crypto.DES_CBC, message, iv);
print("Ref : " + ref);
assert(ref.equals(cipher));
// Decrypt with PKCS#11
s.decryptInit(PKCS11Session.CKM_DES3_CBC, k2p11, iv);
var plain = s.decrypt(cipher);
print("Plain : " + plain.toString(ASCII));
assert(plain.equals(message));
// Encrypt with PKCS#11 - multi step
s.encryptInit(PKCS11Session.CKM_DES3_CBC, k2p11, iv);
var cipher = s.encryptUpdate(message.left(8));
var cipher = cipher.concat(s.encryptUpdate(message.right(8)));
var l = s.encryptFinal();
assert(l == null);
print("Cipher : " + cipher);
assert(ref.equals(cipher));
// Encrypt with PKCS#11 - single step
s.encryptInit(PKCS11Session.CKM_DES3_CBC, k3p11, iv);
var cipher = s.encrypt(message);
print("Cipher : " + cipher);
// Verify with internal reference
var ref = crypto.encrypt(k3ref, Crypto.DES_CBC, message, iv);
print("Ref : " + ref);
assert(ref.equals(cipher));
// Decrypt with PKCS#11
s.decryptInit(PKCS11Session.CKM_DES3_CBC, k3p11, iv);
var plain = s.decrypt(cipher);
print("Plain : " + plain.toString(ASCII));
assert(plain.equals(message));
// Encrypt with PKCS#11 - multi step
s.encryptInit(PKCS11Session.CKM_DES3_CBC, k3p11, iv);
var cipher = s.encryptUpdate(message.left(8));
var cipher = cipher.concat(s.encryptUpdate(message.right(8)));
var l = s.encryptFinal();
assert(l == null);
print("Cipher : " + cipher);
assert(ref.equals(cipher));
// Encrypt / decrypt with RSA
// Create RSA private key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PRIVATE_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA;
attr[PKCS11Object.CKA_LABEL] = "MyPrivateRSAKey";
attr[PKCS11Object.CKA_PRIME_1] = new ByteString("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", HEX);
attr[PKCS11Object.CKA_PRIME_2] = new ByteString("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", HEX);
attr[PKCS11Object.CKA_EXPONENT_1] = new ByteString("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", HEX);
attr[PKCS11Object.CKA_EXPONENT_2] = new ByteString("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", HEX);
attr[PKCS11Object.CKA_COEFFICIENT] = new ByteString("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", HEX);
attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX);
attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX);
var prk = new PKCS11Object(s, attr);
// Create RSA public key
var attr = new Array();
attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PUBLIC_KEY;
attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA;
attr[PKCS11Object.CKA_LABEL] = "MyPublicRSAKey";
attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX);
attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX);
var puk = new PKCS11Object(s, attr);
var message = new ByteString("Hello World !!!!", ASCII);
s.encryptInit(PKCS11Session.CKM_RSA_PKCS, puk);
var cipher = s.encrypt(message);
print("Cipher = " + cipher);
s.decryptInit(PKCS11Session.CKM_RSA_PKCS, prk);
var plain = s.decrypt(cipher);
print("Plain = " + plain.toString(ASCII));
encrypt()
Prototype
ByteString encrypt(ByteString message)
Description
Call C_Encrypt() to perform a PKCS#11 encryption operation.
The method returns the cipher text.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Message to be encrypted |
Return
ByteString
|
Cipher text |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
encryptUpdate()
Prototype
ByteString encryptUpdate(ByteString message)
Description
Call C_EncryptUpdate() to encrypt a block of data in a PKCS#11 encryption operation.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Partial message to be encrypted |
Return
ByteString
|
Cipher text |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
encryptFinal()
Prototype
ByteString encryptFinal()
Description
Call C_EncryptFinal() to finish a PKCS#11 encryption operation.
The method returns the last encrypted block or null, depending on the algorithm.
Return
ByteString
|
Last encrypted block or null |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
decryptInit()
Prototype
decryptInit(Number mechanism, PKCS11Object key)
decryptInit(Number mechanism, Key key)
decryptInit(Number mechanism, PKCS11Object key, ByteString parameter)
decryptInit(Number mechanism, Key key, ByteString parameter)
Description
Call C_DecryptInit() to start a PKCS#11 decryption operation.
The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method.
Arguments
| Type | Name | Description |
|---|---|---|
Number
|
mechanism | A PKCS#11 mechanism as defined by one of the PKCS11Session.CKM_xxx constants |
PKCS11Object
|
key | A PKCS11Object |
Key
|
key | A Key object |
ByteString
|
parameter | Parameter passed with mechanism |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
decrypt()
Prototype
ByteString decrypt(ByteString message)
Description
Call C_Decrypt() to perform a PKCS#11 decryption operation.
The method returns the plain text.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Message to be decrypted |
Return
ByteString
|
Plain text |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
decryptUpdate()
Prototype
ByteString decryptUpdate(ByteString message)
Description
Call C_DecryptUpdate() to decrypt a block of data in a PKCS#11 decryption operation.
Arguments
| Type | Name | Description |
|---|---|---|
ByteString
|
message | Partial message to be decrypted |
Return
ByteString
|
Plain text |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
decryptFinal()
Prototype
ByteString decryptFinal()
Description
Call C_DecryptFinal() to finish a PKCS#11 decryption operation.
The method returns the last decrypted block or null, depending on the algorithm.
Return
ByteString
|
Last decrypted block or null |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.CRYPTO_FAILED | PKCS#11 operation failed |
Example
// See PKCS11Session.encryptInit() for a complete example
close()
Prototype
close()
Description
Close session
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
var s = new PKCS11Session(p, 1, false); s.close();
© Copyright 2003 - 2013 CardContact Software & System Consulting, Minden, Germany