Supported Attributes
All the attributes conform to the PKCS#11 Cryptographic Token Interface Standard v2.40.
The following tables list the attributes implemented in the Crescendo PKCS#11 API:
General Object Attributes
Notes
1. Always set to FALSE (0) in this release
Certificate Object Attributes
Notes
1. In this release, the library will always report the value CKC_X_509 for this attribute 2. In this release, the library will always report the value TRUE (1) for this attribute 3. In this release, the library will always report an empty value for this attribute 4. In this release, the library will always report the value CK_SECURITY_DOMAIN_UNSPECIFIED for this attribute
Key Object Attributes
Notes
1. Only available if the key has a corresponding certificate on the card. 2. In this release, this will always be set to TRUE (1) 3. In this release, this will always return CK_UNAVAILABLE_INFORMATION 4. These attributes are determined on the usage attribute of the associated certificate, if available. In the future, the algorithm to determine this may change so applications should not rely on these values. These attributes should be considered as unsupported in the current release. 5. In this release, this will always be set to FALSE (0)
Hardware Feature Object Attributes
Domain Parameters Object Attributes
OTP Object Attributes
Supported Mechanisms
All the mechanisms conform to the PKCS#11 Cryptographic Token Interface Standard v2.40 and to the PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40.
The following table lists the mechanisms implemented in the Crescendo PKCS#11 API:
Supported Functions
All the functions conform to the PKCS#11 Cryptographic Token Interface Standard v2.40.
The following tables list the functions implemented in the Crescendo PKCS#11 API:
General Purpose Functions
Function | Description | Supported |
C_Initialize | Initializes Cryptoki | Yes |
C_Finalize | Cleans up miscellaneous Cryptoki-associated resources | Yes |
C_GetInfo | Obtains general information about Cryptoki | Yes |
C_GetFunctionList | Obtains entry points of Cryptoki library functions | Yes |
Slot and Token Management Functions
Session Management Functions
Object Management Functions
Encryption Functions
Function | Description | Supported |
C_EncryptInit | Initializes an encryption operation | Yes |
C_Encrypt | Encrypts single-part data | Yes |
C_EncryptUpdate | Continues a multiple-part encryption operation | Yes |
C_EncryptFinal | Finishes a multiple-part encryption operation | Yes |
Decryption Functions
Function | Description | Supported |
C_DecryptInit | Initializes a decryption operation | Yes |
C_Decrypt | Decrypts single-part encrypted data | Yes |
C_DecryptUpdate | Continues a multiple-part decryption operation | Yes |
C_DecryptFinal | Finishes a multiple-part decryption operation | Yes |
Message Digest Functions
Function | Description | Supported |
C_DigestInit | Initializes a message-digesting operation | No |
C_Digest | Digests single-part data | No |
C_DigestUpdate | Continues a multiple-part message-digesting operation | No |
C_DigestKey | Digests the value of a secret key as part of a message-digesting operation | No |
C_DigestFinal | Finishes a multiple-part message-digesting operation | No |
Signing and MACing Functions
Function | Description | Supported |
C_SignInit | Initializes a signature (private key encryption) operation | Yes |
C_Sign | Signs single-part data | Yes |
C_SignUpdate | Continues a multiple-part signature operation | Yes |
C_SignFinal | Finishes a multiple-part signature operation | Yes |
C_SignRecoverInit | Initializes a signature operation, where the data can be recovered from the signature | No |
C_SignRecover | Signs data, where the data can be recovered from the signature | No |
Verifying Signatures and MACs Functions
Function | Description | Supported |
C_VerifyInit | Initializes a verification operation, where the signature is an appendix to the data | Yes |
C_Verify | Verifies a signature, where the signature is an appendix to the data | Yes |
C_VerifyUpdate | Continues a multiple-part verification operation | Yes |
C_VerifyFinal | Finishes a multiple-part verification operation | Yes |
C_VerifyRecoverInit | Initializes a verification operation, where the data is recovered from the signature | No |
C_VerifyRecover | Verifies a signature, where the data is recovered from the signature | No |
Dual-Purpose Cryptographic Functions
Key Management Functions
Function | Description | Supported |
C_GenerateKey | Generates a secret key, creating a new key object | No |
C_GenerateKeyPair | Generates a public/private key pair, creating new key objects | No |
C_WrapKey | Wraps (encrypts) a key, creating a wrapped key object | No |
C_UnwrapKey | Unwraps (decrypts) a wrapped key, creating a new key object | No |
C_DeriveKey | Derives a key from a base key, creating a new key object | No |
Random Number Generation Functions
Function | Description | Supported |
C_SeedRandom | Mixes additional seed material into the token’s random number generator | No |
C_GenerateRandom | Generates random data | No |
Legacy Parallel Function Management Functions