iaik.pkcs.pkcs11.wrapper

Class PKCS11Implementation

java.lang.Object

iaik.pkcs.pkcs11.wrapper.PKCS11Implementation

All Implemented Interfaces:

PKCS11

public class PKCS11Implementation
extends java.lang.Object
implements PKCS11

This is the default implementation of the PKCS11 interface. It connects to the pkcs11wrapper.dll (or libpkcs11wrapper.so), which is the native part of this library. This file either has to be located in the system path or the wrapper's jar file or the location has to be specified as parameter. If the native library included in the jar file is used, it is copied to the temporary-file directory and loaded from there. The strange and awkward looking initialization was chosen to avoid calling System.loadLibrary(String) from a static initialization block, because this would complicate the use in applets.

Author:

Karl Scheibelhofer, Martin Schläffer

Invariants:

(pkcs11ModulePath_ != null)

Field Summary

Fields

Modifier and Type	Field and Description
protected static boolean	linkedAndInitialized_ Indicates, if the static linking and initialization of the library is already done.
static java.lang.String	PKCS11_WRAPPER The name of the native part of the wrapper; i.e.
protected java.lang.String	pkcs11ModulePath_ The PKCS#11 module to connect to.

Method Summary

Modifier and Type	Method and Description
void	C_CancelFunction(long hSession) C_CancelFunction is a legacy function; it cancels a function running in parallel.
void	C_CloseAllSessions(long slotID) C_CloseAllSessions closes all sessions with a token.
void	C_CloseSession(long hSession) C_CloseSession closes a session between an application and a token.
long	C_CopyObject(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_CopyObject copies an object, creating a new object for the copy.
long	C_CreateObject(long hSession, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_CreateObject creates a new object.
byte[]	C_Decrypt(long hSession, byte[] pEncryptedData) C_Decrypt decrypts encrypted data in a single part.
byte[]	C_DecryptDigestUpdate(long hSession, byte[] pEncryptedPart) C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
byte[]	C_DecryptFinal(long hSession) C_DecryptFinal finishes a multiple-part decryption operation.
void	C_DecryptInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_DecryptInit initializes a decryption operation.
byte[]	C_DecryptMessage(long hSession, java.lang.Object pParameter, byte[] pAssociatedData, byte[] pCipherText, boolean useUtf8) C_DecryptMessage decrypts a message in a single part
void	C_DecryptMessageBegin(long hSession, java.lang.Object pParameter, byte[] pAssociatedData, boolean useUtf8) C_DecryptMessageBegin begins a multiple-part message decryption operation
byte[]	C_DecryptMessageNext(long hSession, java.lang.Object pParameter, byte[] pCipherTextPart, long flags, boolean useUtf8) C_DecryptMessageNext continues a multiple-part message decryption operation, processing another message part
byte[]	C_DecryptUpdate(long hSession, byte[] pEncryptedPart) C_DecryptUpdate continues a multiple-part decryption operation.
byte[]	C_DecryptVerifyUpdate(long hSession, byte[] pEncryptedPart) C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
long	C_DeriveKey(long hSession, CK_MECHANISM pMechanism, long hBaseKey, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_DeriveKey derives a key from a base key, creating a new key object.
void	C_DestroyObject(long hSession, long hObject) C_DestroyObject destroys an object.
byte[]	C_Digest(long hSession, byte[] data) C_Digest digests data in a single part.
byte[]	C_DigestEncryptUpdate(long hSession, byte[] pPart) C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
byte[]	C_DigestFinal(long hSession) C_DigestFinal finishes a multiple-part message-digesting operation.
void	C_DigestInit(long hSession, CK_MECHANISM pMechanism, boolean useUtf8) C_DigestInit initializes a message-digesting operation.
void	C_DigestKey(long hSession, long hKey) C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
void	C_DigestUpdate(long hSession, byte[] pPart) C_DigestUpdate continues a multiple-part message-digesting operation.
byte[]	C_Encrypt(long hSession, byte[] pData) C_Encrypt encrypts single-part data.
byte[]	C_EncryptFinal(long hSession) C_EncryptFinal finishes a multiple-part encryption operation.
void	C_EncryptInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_EncryptInit initializes an encryption operation.
byte[]	C_EncryptMessage(long hSession, java.lang.Object pParameter, byte[] pAssociatedData, byte[] pPlainText, boolean useUtf8) C_EncryptMessage encrypts a Message in a single part.
void	C_EncryptMessageBegin(long hSession, java.lang.Object pParameter, byte[] pAssociatedData, boolean jUseUtf8) C_EncryptMessageBegin begins a multiple-part message encryption operation
byte[]	C_EncryptMessageNext(long hSession, java.lang.Object pParameter, byte[] pPlainTextPart, long flags, boolean useUtf8) C_EncryptMessageNext continues a multiple-part message encryption operation, processing another message part
byte[]	C_EncryptUpdate(long hSession, byte[] pPart) C_EncryptUpdate continues a multiple-part encryption operation.
void	C_Finalize(java.lang.Object pReserved) C_Finalize indicates that an application is done with the Cryptoki library (General-purpose)
long[]	C_FindObjects(long hSession, long ulMaxObjectCount) C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
void	C_FindObjectsFinal(long hSession) C_FindObjectsFinal finishes a search for token and session objects.
void	C_FindObjectsInit(long hSession, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_FindObjectsInit initializes a search for token and session objects that match a template.
long	C_GenerateKey(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_GenerateKey generates a secret key, creating a new key object.
long[]	C_GenerateKeyPair(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pPublicKeyTemplate, CK_ATTRIBUTE[] pPrivateKeyTemplate, boolean useUtf8) C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
void	C_GenerateRandom(long hSession, byte[] randomData) C_GenerateRandom generates random data.
void	C_GetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_GetAttributeValue obtains the value of one or more object attributes.
void	C_GetFunctionStatus(long hSession) C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
CK_INFO	C_GetInfo() C_GetInfo returns general information about Cryptoki.
CK_MECHANISM_INFO	C_GetMechanismInfo(long slotID, long type) C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
long[]	C_GetMechanismList(long slotID) C_GetMechanismList obtains a list of mechanism types supported by a token.
long	C_GetObjectSize(long hSession, long hObject) C_GetObjectSize gets the size of an object in bytes.
byte[]	C_GetOperationState(long hSession) C_GetOperationState obtains the state of the cryptographic operation in a session.
CK_SESSION_INFO	C_GetSessionInfo(long hSession) C_GetSessionInfo obtains information about the session.
CK_SLOT_INFO	C_GetSlotInfo(long slotID) C_GetSlotInfo obtains information about a particular slot in the system.
long[]	C_GetSlotList(boolean tokenPresent) C_GetSlotList obtains a list of slots in the system.
CK_TOKEN_INFO	C_GetTokenInfo(long slotID) C_GetTokenInfo obtains information about a particular token in the system.
void	C_Initialize(java.lang.Object pInitArgs, boolean useUtf8) C_Initialize initializes the Cryptoki library.
void	C_InitPIN(long hSession, char[] pPin, boolean useUtf8) C_InitPIN initializes the normal user's PIN.
void	C_InitToken(long slotID, char[] pPin, char[] pLabel, boolean useUtf8) C_InitToken initializes a token.
void	C_Login(long hSession, long userType, char[] pPin, boolean useUtf8) C_Login logs a user into a token.
void	C_LoginUser(long hSession, long userType, char[] pPin, char[] pUsername, boolean useUtf8) C_LoginUser logs a user into a token.
void	C_Logout(long hSession) C_Logout logs a user out from a token.
void	C_MessageDecryptFinal(long hSession) C_MessageDecryptFinal finishes a message-based Decryption process
void	C_MessageDecryptInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_MessageDecryptInit initializes an decryption operation for Messages.
void	C_MessageEncryptFinal(long hSession) C_MessageEncryptFinal finishes a message-based encryption process
void	C_MessageEncryptInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_MessageEncryptInit initializes an encryption operation for Messages.
void	C_MessageSignFinal(long hSession) C_MessageSignFinal finishes a message-based signing process.
void	C_MessageSignInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_MessageSignInit initializes a Message Sign operation
void	C_MessageVerifyFinal(long hSession) C_MessageSignFinal finishes a message-based signing process.
void	C_MessageVerifyInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_MessageVerifyInit initializes a message-based verification process, preparing a session for one or more verification operations that use the same verification mechanism and verification key.
long	C_OpenSession(long slotID, long flags, java.lang.Object pApplication, CK_NOTIFY Notify) C_OpenSession opens a session between an application and a token.
void	C_SeedRandom(long hSession, byte[] pSeed) C_SeedRandom mixes additional seed material into the token's random number generator.
void	C_SessionCancel(long hSession, long flags) C_SessionCancel terminates active session based operations (Session management)
void	C_SetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_SetAttributeValue modifies the value of one or more object attributes (Object management)
void	C_SetOperationState(long hSession, byte[] pOperationState, long hEncryptionKey, long hAuthenticationKey) C_SetOperationState restores the state of the cryptographic operation in a session.
void	C_SetPIN(long hSession, char[] pOldPin, char[] pNewPin, boolean useUtf8) C_SetPIN modifies the PIN of the user who is logged in.
byte[]	C_Sign(long hSession, byte[] pData) C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
byte[]	C_SignEncryptUpdate(long hSession, byte[] pPart) C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
byte[]	C_SignFinal(long hSession) C_SignFinal finishes a multiple-part signature operation, returning the signature.
void	C_SignInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
byte[]	C_SignMessage(long hSession, java.lang.Object pParameter, byte[] pData, boolean useUtf8) C_SignMessage signs a message in a single part, where the signature is an appendix to the message.
void	C_SignMessageBegin(long hSession, java.lang.Object pParameter, boolean useUtf8) C_SignMessageBegin begins a multiple-part message signature operation, where the signature is an appendix to the message.
byte[]	C_SignMessageNext(long hSession, java.lang.Object pParameter, byte[] pData, boolean isLastOperation, boolean useUtf8) C_SignMessageNext continues a multiple-part message signature operation, processing another data part, or finishes a multiple-part message signature operation, returning the signature.
byte[]	C_SignRecover(long hSession, byte[] pData) C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
void	C_SignRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
void	C_SignUpdate(long hSession, byte[] pPart) C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
long	C_UnwrapKey(long hSession, CK_MECHANISM pMechanism, long hUnwrappingKey, byte[] pWrappedKey, CK_ATTRIBUTE[] pTemplate, boolean useUtf8) C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
void	C_Verify(long hSession, byte[] pData, byte[] pSignature) C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
void	C_VerifyFinal(long hSession, byte[] pSignature) C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
void	C_VerifyInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot cannot be recovered from the signature (e.g.
void	C_VerifyMessage(long hSession, java.lang.Object pParameter, byte[] pData, byte[] pSignature, boolean useUtf8) C_VerifyMessage verifies a signature on a message in a single part operation.
void	C_VerifyMessageBegin(long hSession, java.lang.Object pParameter, boolean useUtf8) C_VerifyMessageBegin begins a multiple-part message verification operation
void	C_VerifyMessageNext(long hSession, java.lang.Object pParameter, byte[] pData, byte[] pSignature, boolean useUtf8)
byte[]	C_VerifyRecover(long hSession, byte[] pSignature) C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
void	C_VerifyRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey, boolean useUtf8) C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
void	C_VerifyUpdate(long hSession, byte[] pPart) C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
long	C_WaitForSlotEvent(long flags, java.lang.Object pReserved) C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
byte[]	C_WrapKey(long hSession, CK_MECHANISM pMechanism, long hWrappingKey, long hKey, boolean useUtf8) C_WrapKey wraps (i.e., encrypts) a key.
protected void	connect(java.lang.String pkcs11ModulePath) Connects this object to the specified PKCS#11 library.
protected void	disconnect() Disconnects the PKCS#11 library from this object.
static void	ensureLinkedAndInitialized() This method ensures that the library is linked to this class and that it is initialized.
static void	ensureLinkedAndInitialized(boolean wrapperDebugVersion) This method ensures that the library is linked to this class and that it is initialized.
static void	ensureLinkedAndInitialized(java.lang.String pkcs11WrapperPath) This method ensures that the library is linked to this class and that it is initialized.
static void	ensureUnlinkedAndFinalized() This method does a clean-up in the native module of the wrapper.
boolean	equals(java.lang.Object otherObject) Compares this object with the other object.
void	finalize() Calls disconnect() to cleanup the native part of the wrapper.
protected static void	finalizeLibrary() This method does the finalization of the native library.
int	hashCode() The overriding of this method should ensure that the objects of this class work correctly in a hashtable.
protected static void	initializeLibrary() This method does the initialization of the native library.
boolean	isDisableBufferPreAllocation()
java.lang.String	toString() Returns the string representation of this object.

Methods inherited from class java.lang.Object

clone, getClass, notify, notifyAll, wait, wait, wait

Field Detail

PKCS11_WRAPPER

public static final java.lang.String PKCS11_WRAPPER

The name of the native part of the wrapper; i.e. the filename without the extension (e.g. ".DLL" or ".so").

See Also:

Constant Field Values

linkedAndInitialized_

protected static boolean linkedAndInitialized_

Indicates, if the static linking and initialization of the library is already done.

pkcs11ModulePath_

protected java.lang.String pkcs11ModulePath_

The PKCS#11 module to connect to. This is the PKCS#11 driver of the token; e.g. pk2priv.dll.

Method Detail

initializeLibrary

protected static void initializeLibrary()

This method does the initialization of the native library. It is called exactly once for this class.

finalizeLibrary

protected static void finalizeLibrary()

This method does the finalization of the native library. It is called exactly once for this class. The library uses this method for a clean-up of any resources.

ensureLinkedAndInitialized

public static void ensureLinkedAndInitialized()

This method ensures that the library is linked to this class and that it is initialized. Tries to load the PKCS#11 wrapper native library from the library or the class path (jar file).

ensureLinkedAndInitialized

public static void ensureLinkedAndInitialized(boolean wrapperDebugVersion)

This method ensures that the library is linked to this class and that it is initialized. Tries to load the PKCS#11 wrapper native library from the library path or the class path (jar file). If loaded from the jar file, uses the debug version if wrapperDebugVersion is true.

Parameters:

wrapperDebugVersion - true, if the PKCS#11 wrapper library's debug version shall be loaded

ensureLinkedAndInitialized

public static void ensureLinkedAndInitialized(java.lang.String pkcs11WrapperPath)

This method ensures that the library is linked to this class and that it is initialized. For loading the PKCS#11-wrapper native library, System.load is used with the absolute path to the library including the file name.

Parameters:

pkcs11WrapperPath - the absolute path to the PKCS#11-wrapper native library including the filename

ensureUnlinkedAndFinalized

public static void ensureUnlinkedAndFinalized()

This method does a clean-up in the native module of the wrapper. After a call to this method, this class cannot be used any longer. Because there are no means in Java to really unlink the native code analog to a System.loadLibrary() call, this method also cannot effectively unload the native part.

isDisableBufferPreAllocation

public boolean isDisableBufferPreAllocation()

Specified by:

isDisableBufferPreAllocation in interface PKCS11

connect

protected void connect(java.lang.String pkcs11ModulePath)
                throws java.io.IOException

Connects this object to the specified PKCS#11 library. This method is for internal use only. Declared protected, because incorrect handling may result in errors in the native part.

Parameters:

pkcs11ModulePath - The PKCS#11 library path.

Throws:

java.io.IOException - If cenncting the given module failed.

Preconditions:

(pkcs11ModulePath != null)

disconnect

protected void disconnect()

Disconnects the PKCS#11 library from this object. After calling this method, this object is no longer connected to a native PKCS#11 module and any subsequent calls to C_ methods will fail. This method is for internal use only. Declared protected, because incorrect handling may result in errors in the native part.

C_Initialize

public void C_Initialize(java.lang.Object pInitArgs,
                         boolean useUtf8)
                  throws PKCS11Exception

C_Initialize initializes the Cryptoki library. (General-purpose)

Specified by:

C_Initialize in interface PKCS11

Parameters:

pInitArgs - if pInitArgs is not NULL it gets casted to CK_C_INITIALIZE_ARGS_PTR and dereferenced (PKCS#11 param: CK_VOID_PTR pInitArgs)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Finalize

public void C_Finalize(java.lang.Object pReserved)
                throws PKCS11Exception

C_Finalize indicates that an application is done with the Cryptoki library (General-purpose)

Specified by:

C_Finalize in interface PKCS11

Parameters:

pReserved - is reserved. Should be NULL_PTR (PKCS#11 param: CK_VOID_PTR pReserved)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pReserved == null)

C_GetInfo

public CK_INFO C_GetInfo()
                  throws PKCS11Exception

C_GetInfo returns general information about Cryptoki. (General-purpose)

Specified by:

C_GetInfo in interface PKCS11

Returns:

the information. (PKCS#11 param: CK_INFO_PTR pInfo)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_GetSlotList

public long[] C_GetSlotList(boolean tokenPresent)
                     throws PKCS11Exception

C_GetSlotList obtains a list of slots in the system. (Slot and token management)

Specified by:

C_GetSlotList in interface PKCS11

Parameters:

tokenPresent - if true only Slot IDs with a token are returned (PKCS#11 param: CK_BBOOL tokenPresent)

Returns:

a long array of slot IDs and number of Slot IDs (PKCS#11 param: CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_GetSlotInfo

public CK_SLOT_INFO C_GetSlotInfo(long slotID)
                           throws PKCS11Exception

C_GetSlotInfo obtains information about a particular slot in the system. (Slot and token management)

Specified by:

C_GetSlotInfo in interface PKCS11

Parameters:

slotID - the ID of the slot (PKCS#11 param: CK_SLOT_ID slotID)

Returns:

the slot information (PKCS#11 param: CK_SLOT_INFO_PTR pInfo)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_GetTokenInfo

public CK_TOKEN_INFO C_GetTokenInfo(long slotID)
                             throws PKCS11Exception

C_GetTokenInfo obtains information about a particular token in the system. (Slot and token management)

Specified by:

C_GetTokenInfo in interface PKCS11

Parameters:

slotID - ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

Returns:

the token information (PKCS#11 param: CK_TOKEN_INFO_PTR pInfo)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_GetMechanismList

public long[] C_GetMechanismList(long slotID)
                          throws PKCS11Exception

C_GetMechanismList obtains a list of mechanism types supported by a token. (Slot and token management)

Specified by:

C_GetMechanismList in interface PKCS11

Parameters:

slotID - ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

Returns:

a long array of mechanism types and number of mechanism types (PKCS#11 param: CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_GetMechanismInfo

public CK_MECHANISM_INFO C_GetMechanismInfo(long slotID,
                                            long type)
                                     throws PKCS11Exception

C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token. (Slot and token management)

Specified by:

C_GetMechanismInfo in interface PKCS11

Parameters:

slotID - ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

type - type of mechanism (PKCS#11 param: CK_MECHANISM_TYPE type)

Returns:

the mechanism info (PKCS#11 param: CK_MECHANISM_INFO_PTR pInfo)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_InitToken

public void C_InitToken(long slotID,
                        char[] pPin,
                        char[] pLabel,
                        boolean useUtf8)
                 throws PKCS11Exception

C_InitToken initializes a token. (Slot and token management)

Specified by:

C_InitToken in interface PKCS11

Parameters:

slotID - ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

pPin - the SO's initial PIN and the length in bytes of the PIN (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)

pLabel - 32-byte token label (blank padded) (PKCS#11 param: CK_UTF8CHAR_PTR pLabel)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_InitPIN

public void C_InitPIN(long hSession,
                      char[] pPin,
                      boolean useUtf8)
               throws PKCS11Exception

C_InitPIN initializes the normal user's PIN. (Slot and token management)

Specified by:

C_InitPIN in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPin - the normal user's PIN and the length in bytes of the PIN (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_SetPIN

public void C_SetPIN(long hSession,
                     char[] pOldPin,
                     char[] pNewPin,
                     boolean useUtf8)
              throws PKCS11Exception

C_SetPIN modifies the PIN of the user who is logged in. (Slot and token management)

Specified by:

C_SetPIN in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pOldPin - the old PIN and the length of the old PIN (PKCS#11 param: CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen)

pNewPin - the new PIN and the length of the new PIN (PKCS#11 param: CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_OpenSession

public long C_OpenSession(long slotID,
                          long flags,
                          java.lang.Object pApplication,
                          CK_NOTIFY Notify)
                   throws PKCS11Exception

C_OpenSession opens a session between an application and a token. (Session management)

Specified by:

C_OpenSession in interface PKCS11

Parameters:

slotID - the slot's ID (PKCS#11 param: CK_SLOT_ID slotID)

flags - of CK_SESSION_INFO (PKCS#11 param: CK_FLAGS flags)

pApplication - passed to callback (PKCS#11 param: CK_VOID_PTR pApplication)

Notify - the callback function (PKCS#11 param: CK_NOTIFY Notify)

Returns:

the session handle (PKCS#11 param: CK_SESSION_HANDLE_PTR phSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_CloseSession

public void C_CloseSession(long hSession)
                    throws PKCS11Exception

C_CloseSession closes a session between an application and a token. (Session management)

Specified by:

C_CloseSession in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_CloseAllSessions

public void C_CloseAllSessions(long slotID)
                        throws PKCS11Exception

C_CloseAllSessions closes all sessions with a token. (Session management)

Specified by:

C_CloseAllSessions in interface PKCS11

Parameters:

slotID - the ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_GetSessionInfo

public CK_SESSION_INFO C_GetSessionInfo(long hSession)
                                 throws PKCS11Exception

C_GetSessionInfo obtains information about the session. (Session management)

Specified by:

C_GetSessionInfo in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns:

the session info (PKCS#11 param: CK_SESSION_INFO_PTR pInfo)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_SessionCancel

public void C_SessionCancel(long hSession,
                            long flags)
                     throws PKCS11Exception

C_SessionCancel terminates active session based operations (Session management)

Specified by:

C_SessionCancel in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

flags - indicates which operations should be cancelled (PKCS#11 param: CK_FLAGS)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_GetOperationState

public byte[] C_GetOperationState(long hSession)
                           throws PKCS11Exception

C_GetOperationState obtains the state of the cryptographic operation in a session. (Session management)

Specified by:

C_GetOperationState in interface PKCS11

Parameters:

hSession - session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns:

the state and the state length (PKCS#11 param: CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_SetOperationState

public void C_SetOperationState(long hSession,
                                byte[] pOperationState,
                                long hEncryptionKey,
                                long hAuthenticationKey)
                         throws PKCS11Exception

C_SetOperationState restores the state of the cryptographic operation in a session. (Session management)

Specified by:

C_SetOperationState in interface PKCS11

Parameters:

hSession - session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pOperationState - the state and the state length (PKCS#11 param: CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen)

hEncryptionKey - en/decryption key (PKCS#11 param: CK_OBJECT_HANDLE hEncryptionKey)

hAuthenticationKey - sign/verify key (PKCS#11 param: CK_OBJECT_HANDLE hAuthenticationKey)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Login

public void C_Login(long hSession,
                    long userType,
                    char[] pPin,
                    boolean useUtf8)
             throws PKCS11Exception

C_Login logs a user into a token. (Session management)

Specified by:

C_Login in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

userType - the user type (PKCS#11 param: CK_USER_TYPE userType)

pPin - the user's PIN and the length of the PIN (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)

useUtf8 - if pin should be changed from ASCII to UTF8 encoding in case of incorrect pin

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_LoginUser

public void C_LoginUser(long hSession,
                        long userType,
                        char[] pPin,
                        char[] pUsername,
                        boolean useUtf8)
                 throws PKCS11Exception

C_LoginUser logs a user into a token. (Session management)

Specified by:

C_LoginUser in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

userType - the user type (PKCS#11 param: CK_USER_TYPE userType)

pPin - the user's PIN and the length of the PIN (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)

pUsername - the username and the length of the username (PKCS#11 param: CK_CHAR_PTR pUsername, CK_ULONG ulUsernameLen

useUtf8 - if pin should be changed from ASCII to UTF8 encoding in case of incorrect pin

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Logout

public void C_Logout(long hSession)
              throws PKCS11Exception

C_Logout logs a user out from a token. (Session management)

Specified by:

C_Logout in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_CreateObject

public long C_CreateObject(long hSession,
                           CK_ATTRIBUTE[] pTemplate,
                           boolean useUtf8)
                    throws PKCS11Exception

C_CreateObject creates a new object. (Object management)

Specified by:

C_CreateObject in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pTemplate - the object's template and number of attributes in template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Returns:

the object's handle (PKCS#11 param: CK_OBJECT_HANDLE_PTR phObject)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_CopyObject

public long C_CopyObject(long hSession,
                         long hObject,
                         CK_ATTRIBUTE[] pTemplate,
                         boolean useUtf8)
                  throws PKCS11Exception

C_CopyObject copies an object, creating a new object for the copy. (Object management)

Specified by:

C_CopyObject in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

hObject - the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)

pTemplate - the template for the new object and number of attributes in template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Returns:

the handle of the copy (PKCS#11 param: CK_OBJECT_HANDLE_PTR phNewObject)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_DestroyObject

public void C_DestroyObject(long hSession,
                            long hObject)
                     throws PKCS11Exception

C_DestroyObject destroys an object. (Object management)

Specified by:

C_DestroyObject in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

hObject - the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_GetObjectSize

public long C_GetObjectSize(long hSession,
                            long hObject)
                     throws PKCS11Exception

C_GetObjectSize gets the size of an object in bytes. (Object management)

Specified by:

C_GetObjectSize in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

hObject - the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)

Returns:

the size of the object (PKCS#11 param: CK_ULONG_PTR pulSize)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_GetAttributeValue

public void C_GetAttributeValue(long hSession,
                                long hObject,
                                CK_ATTRIBUTE[] pTemplate,
                                boolean useUtf8)
                         throws PKCS11Exception

C_GetAttributeValue obtains the value of one or more object attributes. The template attributes also receive the values. (Object management) note: in PKCS#11 pTemplate and the result template are the same

Specified by:

C_GetAttributeValue in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

hObject - the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)

pTemplate - specifies the attributes and number of attributes to get The template attributes also receive the values. (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pTemplate != null)

C_SetAttributeValue

public void C_SetAttributeValue(long hSession,
                                long hObject,
                                CK_ATTRIBUTE[] pTemplate,
                                boolean useUtf8)
                         throws PKCS11Exception

C_SetAttributeValue modifies the value of one or more object attributes (Object management)

Specified by:

C_SetAttributeValue in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

hObject - the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)

pTemplate - specifies the attributes and values to get; number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pTemplate != null)

C_FindObjectsInit

public void C_FindObjectsInit(long hSession,
                              CK_ATTRIBUTE[] pTemplate,
                              boolean useUtf8)
                       throws PKCS11Exception

C_FindObjectsInit initializes a search for token and session objects that match a template. (Object management)

Specified by:

C_FindObjectsInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pTemplate - the object's attribute values to match and the number of attributes in search template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_FindObjects

public long[] C_FindObjects(long hSession,
                            long ulMaxObjectCount)
                     throws PKCS11Exception

C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles. (Object management)

Specified by:

C_FindObjects in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

ulMaxObjectCount - the max. object handles to get (PKCS#11 param: CK_ULONG ulMaxObjectCount)

Returns:

the object's handles and the actual number of objects returned (PKCS#11 param: CK_ULONG_PTR pulObjectCount)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_FindObjectsFinal

public void C_FindObjectsFinal(long hSession)
                        throws PKCS11Exception

C_FindObjectsFinal finishes a search for token and session objects. (Object management)

Specified by:

C_FindObjectsFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_EncryptInit

public void C_EncryptInit(long hSession,
                          CK_MECHANISM pMechanism,
                          long hKey,
                          boolean useUtf8)
                   throws PKCS11Exception

C_EncryptInit initializes an encryption operation. (Encryption and decryption)

Specified by:

C_EncryptInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the encryption mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the encryption key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Encrypt

public byte[] C_Encrypt(long hSession,
                        byte[] pData)
                 throws PKCS11Exception

C_Encrypt encrypts single-part data. (Encryption and decryption)

Specified by:

C_Encrypt in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pData - the data to get encrypted and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

Returns:

the encrypted data and the encrypted data's length (PKCS#11 param: CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pData != null)

C_EncryptUpdate

public byte[] C_EncryptUpdate(long hSession,
                              byte[] pPart)
                       throws PKCS11Exception

C_EncryptUpdate continues a multiple-part encryption operation. (Encryption and decryption)

Specified by:

C_EncryptUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPart - the data part to get encrypted and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Returns:

the encrypted data part and the encrypted data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pPart != null)

C_EncryptFinal

public byte[] C_EncryptFinal(long hSession)
                      throws PKCS11Exception

C_EncryptFinal finishes a multiple-part encryption operation. (Encryption and decryption)

Specified by:

C_EncryptFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns:

the last encrypted data part and the last data part's length (PKCS#11 param: CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_MessageEncryptInit

public void C_MessageEncryptInit(long hSession,
                                 CK_MECHANISM pMechanism,
                                 long hKey,
                                 boolean useUtf8)
                          throws PKCS11Exception

C_MessageEncryptInit initializes an encryption operation for Messages. (Encryption and decryption)

Specified by:

C_MessageEncryptInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the encryption mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the encryption key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_EncryptMessage

public byte[] C_EncryptMessage(long hSession,
                               java.lang.Object pParameter,
                               byte[] pAssociatedData,
                               byte[] pPlainText,
                               boolean useUtf8)
                        throws PKCS11Exception

C_EncryptMessage encrypts a Message in a single part.

Specified by:

C_EncryptMessage in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the GCM OR CCM Parameters (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen) Depending on the mechanism, pParameter can be input or output.

pAssociatedData - the Associated Data for usage of AEAD Mechanisms and the data's length (PKCS#11 param: CK_BYTE_PTR pAssociatedData, CK_ULONG ulAssociatedDataLen)

pPlainText - the Plaintext to get encrypted and the text's length (PKCS#11 param: CK_BYTE_PTR pPlaintext, CK_ULONG ulPlaintextLen)

useUtf8 - use UTF-8 encoding

Returns:

the encrypted text and the encrypted text's length (PKCS#11 param: CK_BYTE_PTR pCiphertext, CK_ULONG_PTR CiphertextLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pData != null)

C_EncryptMessageBegin

public void C_EncryptMessageBegin(long hSession,
                                  java.lang.Object pParameter,
                                  byte[] pAssociatedData,
                                  boolean jUseUtf8)
                           throws PKCS11Exception

C_EncryptMessageBegin begins a multiple-part message encryption operation

Specified by:

C_EncryptMessageBegin in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the GCM OR CCM Parameters (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen) Depending on the mechanism, pParameter can be input or output.

pAssociatedData - the Associated Data for usage of AEAD Mechanisms and the data's length (PKCS#11 param: CK_BYTE_PTR pAssociatedData, CK_ULONG ulAssociatedDataLen)

jUseUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_EncryptMessageNext

public byte[] C_EncryptMessageNext(long hSession,
                                   java.lang.Object pParameter,
                                   byte[] pPlainTextPart,
                                   long flags,
                                   boolean useUtf8)
                            throws PKCS11Exception

C_EncryptMessageNext continues a multiple-part message encryption operation, processing another message part

Specified by:

C_EncryptMessageNext in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the GCM OR CCM Parameters (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen) Depending on the mechanism, pParameter can be input or output.

pPlainTextPart - the Plaintext to get encrypted and the text's length (PKCS#11 param: CK_BYTE_PTR pPlaintext, CK_ULONG ulPlaintextLen)

flags - either 0 for continuing the multi-part encryption operation or CKF_END_OF_MESSAGE if this call is the last part of the operation

useUtf8 - use UTF-8 encoding

Returns:

the ciphertext and the ciphertext length (PKCS#11 param: CK_BYTE_PTR pCiphertext, CK_ULONG_PTR CiphertextLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pData != null)

C_MessageEncryptFinal

public void C_MessageEncryptFinal(long hSession)
                           throws PKCS11Exception

C_MessageEncryptFinal finishes a message-based encryption process

Specified by:

C_MessageEncryptFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - in case of error.

C_DecryptInit

public void C_DecryptInit(long hSession,
                          CK_MECHANISM pMechanism,
                          long hKey,
                          boolean useUtf8)
                   throws PKCS11Exception

C_DecryptInit initializes a decryption operation. (Encryption and decryption)

Specified by:

C_DecryptInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the decryption mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the decryption key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Decrypt

public byte[] C_Decrypt(long hSession,
                        byte[] pEncryptedData)
                 throws PKCS11Exception

C_Decrypt decrypts encrypted data in a single part. (Encryption and decryption)

Specified by:

C_Decrypt in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pEncryptedData - the encrypted data to get decrypted and the encrypted data's length (PKCS#11 param: CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen)

Returns:

the decrypted data and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pEncryptedPart != null)

C_DecryptUpdate

public byte[] C_DecryptUpdate(long hSession,
                              byte[] pEncryptedPart)
                       throws PKCS11Exception

C_DecryptUpdate continues a multiple-part decryption operation. (Encryption and decryption)

Specified by:

C_DecryptUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pEncryptedPart - the encrypted data part to get decrypted and the encrypted data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen)

Returns:

the decrypted data part and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pEncryptedPart != null)

C_DecryptFinal

public byte[] C_DecryptFinal(long hSession)
                      throws PKCS11Exception

C_DecryptFinal finishes a multiple-part decryption operation. (Encryption and decryption)

Specified by:

C_DecryptFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns:

the last decrypted data part and the last data part's length (PKCS#11 param: CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_MessageDecryptInit

public void C_MessageDecryptInit(long hSession,
                                 CK_MECHANISM pMechanism,
                                 long hKey,
                                 boolean useUtf8)
                          throws PKCS11Exception

C_MessageDecryptInit initializes an decryption operation for Messages.

Specified by:

C_MessageDecryptInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the encryption mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the decryption key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_DecryptMessage

public byte[] C_DecryptMessage(long hSession,
                               java.lang.Object pParameter,
                               byte[] pAssociatedData,
                               byte[] pCipherText,
                               boolean useUtf8)
                        throws PKCS11Exception

C_DecryptMessage decrypts a message in a single part

Specified by:

C_DecryptMessage in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the GCM OR CCM Parameters (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen) Depending on the mechanism, pParameter can be input or output.

pAssociatedData - the Associated Data for usage of AEAD Mechanisms and the data's length (PKCS#11 param: CK_BYTE_PTR pAssociatedData, CK_ULONG ulAssociatedDataLen)

pCipherText - the Plaintext to get encrypted and the text's length (PKCS#11 param: CK_BYTE_PTR pCiphertext, CK_ULONG ulCiphertextLen)

useUtf8 - use UTF-8 encoding

Returns:

the plaintext and the plaintext's length (PKCS#11 param: CK_BYTE_PTR pPlaintext, CK_ULONG_PTR PlaintextLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pCiphertext != null)

C_DecryptMessageBegin

public void C_DecryptMessageBegin(long hSession,
                                  java.lang.Object pParameter,
                                  byte[] pAssociatedData,
                                  boolean useUtf8)
                           throws PKCS11Exception

C_DecryptMessageBegin begins a multiple-part message decryption operation

Specified by:

C_DecryptMessageBegin in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the GCM OR CCM Parameters (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen) Depending on the mechanism, pParameter can be input or output.

pAssociatedData - the Associated Data for usage of AEAD Mechanisms and the data's length (PKCS#11 param: CK_BYTE_PTR pAssociatedData, CK_ULONG ulAssociatedDataLen)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_DecryptMessageNext

public byte[] C_DecryptMessageNext(long hSession,
                                   java.lang.Object pParameter,
                                   byte[] pCipherTextPart,
                                   long flags,
                                   boolean useUtf8)
                            throws PKCS11Exception

C_DecryptMessageNext continues a multiple-part message decryption operation, processing another message part

Specified by:

C_DecryptMessageNext in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the GCM OR CCM Parameters (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen) Depending on the mechanism, pParameter can be input or output.

pCipherTextPart - the Ciphertext to get decrypted and the text's length (PKCS#11 param: CK_BYTE_PTR pCiphertext, CK_ULONG ulCiphertextLen)

flags - either 0 for continuing the multi-part decryption operation or CKF_END_OF_MESSAGE if this call is the last part of the operation

useUtf8 - use UTF-8 encoding

Returns:

the plaintext and the plaintext length (PKCS#11 param: CK_BYTE_PTR pPlaintext, CK_ULONG_PTR PlaintextLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pData != null)

C_MessageDecryptFinal

public void C_MessageDecryptFinal(long hSession)
                           throws PKCS11Exception

C_MessageDecryptFinal finishes a message-based Decryption process

Specified by:

C_MessageDecryptFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - in case of error.

C_DigestInit

public void C_DigestInit(long hSession,
                         CK_MECHANISM pMechanism,
                         boolean useUtf8)
                  throws PKCS11Exception

C_DigestInit initializes a message-digesting operation. (Message digesting)

Specified by:

C_DigestInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the digesting mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Digest

public byte[] C_Digest(long hSession,
                       byte[] data)
                throws PKCS11Exception

C_Digest digests data in a single part. (Message digesting)

Specified by:

C_Digest in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

data - the data to get digested and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

Returns:

the message digest and the length of the message digest (PKCS#11 param: CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(data != null)

C_DigestUpdate

public void C_DigestUpdate(long hSession,
                           byte[] pPart)
                    throws PKCS11Exception

C_DigestUpdate continues a multiple-part message-digesting operation. (Message digesting)

Specified by:

C_DigestUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPart - the data to get digested and the data's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pPart != null)

C_DigestKey

public void C_DigestKey(long hSession,
                        long hKey)
                 throws PKCS11Exception

C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested. (Message digesting)

Specified by:

C_DigestKey in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

hKey - the handle of the secret key to be digested (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_DigestFinal

public byte[] C_DigestFinal(long hSession)
                     throws PKCS11Exception

C_DigestFinal finishes a multiple-part message-digesting operation. (Message digesting)

Specified by:

C_DigestFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns:

the message digest and the length of the message digest (PKCS#11 param: CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_SignInit

public void C_SignInit(long hSession,
                       CK_MECHANISM pMechanism,
                       long hKey,
                       boolean useUtf8)
                throws PKCS11Exception

C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Specified by:

C_SignInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the signature mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the signature key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Sign

public byte[] C_Sign(long hSession,
                     byte[] pData)
              throws PKCS11Exception

C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Specified by:

C_Sign in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pData - the data to sign and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

Returns:

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pData != null)

C_SignUpdate

public void C_SignUpdate(long hSession,
                         byte[] pPart)
                  throws PKCS11Exception

C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Specified by:

C_SignUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPart - the data part to sign and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pPart != null)

C_SignFinal

public byte[] C_SignFinal(long hSession)
                   throws PKCS11Exception

C_SignFinal finishes a multiple-part signature operation, returning the signature. (Signing and MACing)

Specified by:

C_SignFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns:

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_SignRecoverInit

public void C_SignRecoverInit(long hSession,
                              CK_MECHANISM pMechanism,
                              long hKey,
                              boolean useUtf8)
                       throws PKCS11Exception

C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature. (Signing and MACing)

Specified by:

C_SignRecoverInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the signature mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the signature key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_SignRecover

public byte[] C_SignRecover(long hSession,
                            byte[] pData)
                     throws PKCS11Exception

C_SignRecover signs data in a single operation, where the data can be recovered from the signature. (Signing and MACing)

Specified by:

C_SignRecover in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pData - the data to sign and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

Returns:

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pData != null)

C_MessageSignInit

public void C_MessageSignInit(long hSession,
                              CK_MECHANISM pMechanism,
                              long hKey,
                              boolean useUtf8)

C_MessageSignInit initializes a Message Sign operation

Specified by:

C_MessageSignInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the signature mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the signature key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

C_SignMessage

public byte[] C_SignMessage(long hSession,
                            java.lang.Object pParameter,
                            byte[] pData,
                            boolean useUtf8)

C_SignMessage signs a message in a single part, where the signature is an appendix to the message.

Specified by:

C_SignMessage in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the machanism parameter (PKCS#11 CK_VOID_PTR pParameter, CK_ULONG ulParameterLen)

pData - the data to sign and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

useUtf8 - use UTF-8 encoding

Returns:

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

C_SignMessageBegin

public void C_SignMessageBegin(long hSession,
                               java.lang.Object pParameter,
                               boolean useUtf8)

C_SignMessageBegin begins a multiple-part message signature operation, where the signature is an appendix to the message.

Specified by:

C_SignMessageBegin in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the machanism parameter (PKCS#11 CK_VOID_PTR pParameter, CK_ULONG ulParameterLen)

useUtf8 - use UTF-8 encoding

C_SignMessageNext

public byte[] C_SignMessageNext(long hSession,
                                java.lang.Object pParameter,
                                byte[] pData,
                                boolean isLastOperation,
                                boolean useUtf8)

C_SignMessageNext continues a multiple-part message signature operation, processing another data part, or finishes a multiple-part message signature operation, returning the signature.

Specified by:

C_SignMessageNext in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the machanism parameter (PKCS#11 CK_VOID_PTR pParameter, CK_ULONG ulParameterLen)

pData - the data to sign and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

isLastOperation - true if this is the last message.

useUtf8 - use UTF-8 encoding

Returns:

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

C_MessageSignFinal

public void C_MessageSignFinal(long hSession)

C_MessageSignFinal finishes a message-based signing process.

Specified by:

C_MessageSignFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

C_VerifyInit

public void C_VerifyInit(long hSession,
                         CK_MECHANISM pMechanism,
                         long hKey,
                         boolean useUtf8)
                  throws PKCS11Exception

C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot cannot be recovered from the signature (e.g. DSA). (Signing and MACing)

Specified by:

C_VerifyInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the verification mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the verification key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_Verify

public void C_Verify(long hSession,
                     byte[] pData,
                     byte[] pSignature)
              throws PKCS11Exception

C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Specified by:

C_Verify in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pData - the signed data and the signed data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

pSignature - the signature to verify and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pData != null) and (pSignature != null)

C_VerifyUpdate

public void C_VerifyUpdate(long hSession,
                           byte[] pPart)
                    throws PKCS11Exception

C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Specified by:

C_VerifyUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPart - the signed data part and the signed data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pPart != null)

C_VerifyFinal

public void C_VerifyFinal(long hSession,
                          byte[] pSignature)
                   throws PKCS11Exception

C_VerifyFinal finishes a multiple-part verification operation, checking the signature. (Signing and MACing)

Specified by:

C_VerifyFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pSignature - the signature to verify and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pSignature != null)

C_VerifyRecoverInit

public void C_VerifyRecoverInit(long hSession,
                                CK_MECHANISM pMechanism,
                                long hKey,
                                boolean useUtf8)
                         throws PKCS11Exception

C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature. (Signing and MACing)

Specified by:

C_VerifyRecoverInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the verification mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the verification key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_VerifyRecover

public byte[] C_VerifyRecover(long hSession,
                              byte[] pSignature)
                       throws PKCS11Exception

C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature. (Signing and MACing)

Specified by:

C_VerifyRecover in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pSignature - the signature to verify and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Returns:

the recovered data and the recovered data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

Preconditions:

(pSignature != null)

C_MessageVerifyInit

public void C_MessageVerifyInit(long hSession,
                                CK_MECHANISM pMechanism,
                                long hKey,
                                boolean useUtf8)
                         throws PKCS11Exception

C_MessageVerifyInit initializes a message-based verification process, preparing a session for one or more verification operations that use the same verification mechanism and verification key.

Specified by:

C_MessageVerifyInit in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the signature mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hKey - the handle of the signature key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_VerifyMessage

public void C_VerifyMessage(long hSession,
                            java.lang.Object pParameter,
                            byte[] pData,
                            byte[] pSignature,
                            boolean useUtf8)
                     throws PKCS11Exception

C_VerifyMessage verifies a signature on a message in a single part operation.

Specified by:

C_VerifyMessage in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the mechanism parameter (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen)

pData - the data getting signed (PKCS#11 param: CK_VOID_PTR pData, CK_ULONG ckDataLen)

pSignature - (PKCS#11 param: CK_VOID_PTR pSignature, CK_ULONG ckSignatureLen)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - if the Signature is invalid

C_VerifyMessageBegin

public void C_VerifyMessageBegin(long hSession,
                                 java.lang.Object pParameter,
                                 boolean useUtf8)
                          throws PKCS11Exception

C_VerifyMessageBegin begins a multiple-part message verification operation

Specified by:

C_VerifyMessageBegin in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the mechanism parameter (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen)

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_VerifyMessageNext

public void C_VerifyMessageNext(long hSession,
                                java.lang.Object pParameter,
                                byte[] pData,
                                byte[] pSignature,
                                boolean useUtf8)
                         throws PKCS11Exception

Specified by:

C_VerifyMessageNext in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pParameter - the mechanism parameter (PKCS#11 param: CK_VOID_PTR pParameter, CK_ULONG ulParameterLen)

pData - the data getting signed (PKCS#11 param: CK_VOID_PTR pData, CK_ULONG ckDataLen)

pSignature - the signature to be verified

useUtf8 - use UTF-8 encoding

Throws:

PKCS11Exception - if the Signature is invalid

C_MessageVerifyFinal

public void C_MessageVerifyFinal(long hSession)
                          throws PKCS11Exception

C_MessageSignFinal finishes a message-based signing process.

Specified by:

C_MessageVerifyFinal in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_DigestEncryptUpdate

public byte[] C_DigestEncryptUpdate(long hSession,
                                    byte[] pPart)
                             throws PKCS11Exception

C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation. (Dual-function cryptographic operations)

Specified by:

C_DigestEncryptUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPart - the data part to digest and to encrypt and the data's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Returns:

the digested and encrypted data part and the data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pPart != null)

C_DecryptDigestUpdate

public byte[] C_DecryptDigestUpdate(long hSession,
                                    byte[] pEncryptedPart)
                             throws PKCS11Exception

C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation. (Dual-function cryptographic operations)

Specified by:

C_DecryptDigestUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pEncryptedPart - the encrypted data part to decrypt and to digest and encrypted data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen)

Returns:

the decrypted and digested data part and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pEncryptedPart != null)

C_SignEncryptUpdate

public byte[] C_SignEncryptUpdate(long hSession,
                                  byte[] pPart)
                           throws PKCS11Exception

C_SignEncryptUpdate continues a multiple-part signing and encryption operation. (Dual-function cryptographic operations)

Specified by:

C_SignEncryptUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pPart - the data part to sign and to encrypt and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Returns:

the signed and encrypted data part and the data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pPart != null)

C_DecryptVerifyUpdate

public byte[] C_DecryptVerifyUpdate(long hSession,
                                    byte[] pEncryptedPart)
                             throws PKCS11Exception

C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation. (Dual-function cryptographic operations)

Specified by:

C_DecryptVerifyUpdate in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pEncryptedPart - the encrypted data part to decrypt and to verify and the data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen)

Returns:

the decrypted and verified data part and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pEncryptedPart != null)

C_GenerateKey

public long C_GenerateKey(long hSession,
                          CK_MECHANISM pMechanism,
                          CK_ATTRIBUTE[] pTemplate,
                          boolean useUtf8)
                   throws PKCS11Exception

C_GenerateKey generates a secret key, creating a new key object. (Key management)

Specified by:

C_GenerateKey in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the key generation mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

pTemplate - the template for the new key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Returns:

the handle of the new key (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_GenerateKeyPair

public long[] C_GenerateKeyPair(long hSession,
                                CK_MECHANISM pMechanism,
                                CK_ATTRIBUTE[] pPublicKeyTemplate,
                                CK_ATTRIBUTE[] pPrivateKeyTemplate,
                                boolean useUtf8)
                         throws PKCS11Exception

C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects. (Key management)

Specified by:

C_GenerateKeyPair in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the key generation mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

pPublicKeyTemplate - the template for the new public key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount)

pPrivateKeyTemplate - the template for the new private key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pPrivateKeyTemplate CK_ULONG ulPrivateKeyAttributeCount)

useUtf8 - use UTF-8 encoding

Returns:

a long array with exactly two elements and the public key handle as the first element and the private key handle as the second element (PKCS#11 param: CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null) and (result.length == 2)

Preconditions:

(pMechanism != null)

C_WrapKey

public byte[] C_WrapKey(long hSession,
                        CK_MECHANISM pMechanism,
                        long hWrappingKey,
                        long hKey,
                        boolean useUtf8)
                 throws PKCS11Exception

C_WrapKey wraps (i.e., encrypts) a key. (Key management)

Specified by:

C_WrapKey in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the wrapping mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hWrappingKey - the handle of the wrapping key (PKCS#11 param: CK_OBJECT_HANDLE hWrappingKey)

hKey - the handle of the key to be wrapped (PKCS#11 param: CK_OBJECT_HANDLE hKey)

useUtf8 - use UTF-8 encoding

Returns:

the wrapped key and the length of the wrapped key (PKCS#11 param: CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Postconditions:

(result != null)

C_UnwrapKey

public long C_UnwrapKey(long hSession,
                        CK_MECHANISM pMechanism,
                        long hUnwrappingKey,
                        byte[] pWrappedKey,
                        CK_ATTRIBUTE[] pTemplate,
                        boolean useUtf8)
                 throws PKCS11Exception

C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. (Key management)

Specified by:

C_UnwrapKey in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the unwrapping mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hUnwrappingKey - the handle of the unwrapping key (PKCS#11 param: CK_OBJECT_HANDLE hUnwrappingKey)

pWrappedKey - the wrapped key to unwrap and the wrapped key's length (PKCS#11 param: CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen)

pTemplate - the template for the new key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Returns:

the handle of the unwrapped key (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pWrappedKey != null)

C_DeriveKey

public long C_DeriveKey(long hSession,
                        CK_MECHANISM pMechanism,
                        long hBaseKey,
                        CK_ATTRIBUTE[] pTemplate,
                        boolean useUtf8)
                 throws PKCS11Exception

C_DeriveKey derives a key from a base key, creating a new key object. (Key management)

Specified by:

C_DeriveKey in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pMechanism - the key derivation mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

hBaseKey - the handle of the base key (PKCS#11 param: CK_OBJECT_HANDLE hBaseKey)

pTemplate - the template for the new key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

useUtf8 - use UTF-8 encoding

Returns:

the handle of the derived key (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_SeedRandom

public void C_SeedRandom(long hSession,
                         byte[] pSeed)
                  throws PKCS11Exception

C_SeedRandom mixes additional seed material into the token's random number generator. (Random number generation)

Specified by:

C_SeedRandom in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

pSeed - the seed material and the seed material's length (PKCS#11 param: CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pSeed != null)

C_GenerateRandom

public void C_GenerateRandom(long hSession,
                             byte[] randomData)
                      throws PKCS11Exception

C_GenerateRandom generates random data. (Random number generation)

Specified by:

C_GenerateRandom in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

randomData - receives the random data and the length of RandomData is the length of random data to be generated (PKCS#11 param: CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(randomData != null)

C_GetFunctionStatus

public void C_GetFunctionStatus(long hSession)
                         throws PKCS11Exception

C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application. (Parallel function management)

Specified by:

C_GetFunctionStatus in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_CancelFunction

public void C_CancelFunction(long hSession)
                      throws PKCS11Exception

C_CancelFunction is a legacy function; it cancels a function running in parallel. (Parallel function management)

Specified by:

C_CancelFunction in interface PKCS11

Parameters:

hSession - the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

C_WaitForSlotEvent

public long C_WaitForSlotEvent(long flags,
                               java.lang.Object pReserved)
                        throws PKCS11Exception

C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur. (General-purpose)

Specified by:

C_WaitForSlotEvent in interface PKCS11

Parameters:

flags - blocking/nonblocking flag (PKCS#11 param: CK_FLAGS flags)

pReserved - reserved. Should be null (PKCS#11 param: CK_VOID_PTR pReserved)

Returns:

the slot ID where the event occured (PKCS#11 param: CK_SLOT_ID_PTR pSlot)

Throws:

PKCS11Exception - If function returns other value than CKR_OK.

Preconditions:

(pRserved == null)

equals

public boolean equals(java.lang.Object otherObject)

Compares this object with the other object. Returns only true, if both objects refer to the same PKCS#11 library.

Overrides:

equals in class java.lang.Object

Parameters:

otherObject - The other PKCS11Implementation.

Returns:

True, if this PKCS11Implementation and the other PKCS11Implementation refer to the same PKCS#11 library; False, otherwise.

hashCode

public int hashCode()

The overriding of this method should ensure that the objects of this class work correctly in a hashtable.

Overrides:

hashCode in class java.lang.Object

Returns:

The hash code of this object.

toString

public java.lang.String toString()

Returns the string representation of this object.

Overrides:

toString in class java.lang.Object

Returns:

The string representation of object

finalize

public void finalize()
              throws java.lang.Throwable

Calls disconnect() to cleanup the native part of the wrapper. Once this method is called, this object cannot be used any longer. Any subsequent call to a C_* method will result in a runtime exception.

Specified by:

finalize in interface PKCS11

Overrides:

finalize in class java.lang.Object

Throws:

java.lang.Throwable - If finalization fails.