Summary: Methods | Inherited Methods | [Expand All]

public class

PKCS11

extends Object

java.lang.Object
↳	sun.security.pkcs11.wrapper.PKCS11

Class Overview

This is the default implementation of the PKCS11 interface. IT connects to the pkcs11wrapper.dll file, which is the native part of this library. The strange and awkward looking initialization was chosen to avoid calling loadLibrary from a static initialization block, because this would complicate the use in applets.

Summary

Public Methods
void	C_CloseSession(long hSession) C_CloseSession closes a session between an application and a token.
long	C_CopyObject(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) C_CopyObject copies an object, creating a new object for the copy.
long	C_CreateObject(long hSession, CK_ATTRIBUTE[] pTemplate) C_CreateObject creates a new object.
int	C_Decrypt(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen) C_Decrypt decrypts encrypted data in a single part.
int	C_DecryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) C_DecryptFinal finishes a multiple-part decryption operation.
void	C_DecryptInit(long hSession, CK_MECHANISM pMechanism, long hKey) C_DecryptInit initializes a decryption operation.
int	C_DecryptUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) C_DecryptUpdate continues a multiple-part decryption operation.
long	C_DeriveKey(long hSession, CK_MECHANISM pMechanism, long hBaseKey, CK_ATTRIBUTE[] pTemplate) C_DeriveKey derives a key from a base key, creating a new key object.
void	C_DestroyObject(long hSession, long hObject) C_DestroyObject destroys an object.
int	C_DigestFinal(long hSession, byte[] pDigest, int digestOfs, int digestLen) C_DigestFinal finishes a multiple-part message-digesting operation.
void	C_DigestInit(long hSession, CK_MECHANISM pMechanism) C_DigestInit initializes a message-digesting operation.
void	C_DigestKey(long hSession, long hKey) C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
int	C_DigestSingle(long hSession, CK_MECHANISM pMechanism, byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs, int digestLen) C_Digest digests data in a single part.
void	C_DigestUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) C_DigestUpdate continues a multiple-part message-digesting operation.
int	C_Encrypt(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen) C_Encrypt encrypts single-part data.
int	C_EncryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) C_EncryptFinal finishes a multiple-part encryption operation.
void	C_EncryptInit(long hSession, CK_MECHANISM pMechanism, long hKey) C_EncryptInit initializes an encryption operation.
int	C_EncryptUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) C_EncryptUpdate continues a multiple-part encryption operation.
void	C_Finalize(Object pReserved) C_Finalize indicates that an application is done with the Cryptoki library (General-purpose)
long[]	C_FindObjects(long hSession, long ulMaxObjectCount) C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
void	C_FindObjectsFinal(long hSession) C_FindObjectsFinal finishes a search for token and session objects.
void	C_FindObjectsInit(long hSession, CK_ATTRIBUTE[] pTemplate) C_FindObjectsInit initializes a search for token and session objects that match a template.
long	C_GenerateKey(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate) C_GenerateKey generates a secret key, creating a new key object.
long[]	C_GenerateKeyPair(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pPublicKeyTemplate, CK_ATTRIBUTE[] pPrivateKeyTemplate) C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
void	C_GenerateRandom(long hSession, byte[] randomData) C_GenerateRandom generates random data.
void	C_GetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) C_GetAttributeValue obtains the value of one or more object attributes.
CK_INFO	C_GetInfo() C_GetInfo returns general information about Cryptoki.
CK_MECHANISM_INFO	C_GetMechanismInfo(long slotID, long type) C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
long[]	C_GetMechanismList(long slotID) C_GetMechanismList obtains a list of mechanism types supported by a token.
CK_SESSION_INFO	C_GetSessionInfo(long hSession) C_GetSessionInfo obtains information about the session.
CK_SLOT_INFO	C_GetSlotInfo(long slotID) C_GetSlotInfo obtains information about a particular slot in the system.
long[]	C_GetSlotList(boolean tokenPresent) C_GetSlotList obtains a list of slots in the system.
CK_TOKEN_INFO	C_GetTokenInfo(long slotID) C_GetTokenInfo obtains information about a particular token in the system.
void	C_Login(long hSession, long userType, char[] pPin) C_Login logs a user into a token.
void	C_Logout(long hSession) C_Logout logs a user out from a token.
long	C_OpenSession(long slotID, long flags, Object pApplication, CK_NOTIFY Notify) C_OpenSession opens a session between an application and a token.
void	C_SeedRandom(long hSession, byte[] pSeed) C_SeedRandom mixes additional seed material into the token's random number generator.
void	C_SetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) C_SetAttributeValue modifies the value of one or more object attributes (Object management)
byte[]	C_Sign(long hSession, byte[] pData) C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
byte[]	C_SignFinal(long hSession, int expectedLen) C_SignFinal finishes a multiple-part signature operation, returning the signature.
void	C_SignInit(long hSession, CK_MECHANISM pMechanism, long hKey) C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
int	C_SignRecover(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen) C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
void	C_SignRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
void	C_SignUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
long	C_UnwrapKey(long hSession, CK_MECHANISM pMechanism, long hUnwrappingKey, byte[] pWrappedKey, CK_ATTRIBUTE[] pTemplate) C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
void	C_Verify(long hSession, byte[] pData, byte[] pSignature) C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
void	C_VerifyFinal(long hSession, byte[] pSignature) C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
void	C_VerifyInit(long hSession, CK_MECHANISM pMechanism, long hKey) C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot cannot be recovered from the signature (e.g.
int	C_VerifyRecover(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen) C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
void	C_VerifyRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
void	C_VerifyUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
byte[]	C_WrapKey(long hSession, CK_MECHANISM pMechanism, long hWrappingKey, long hKey) C_WrapKey wraps (i.e., encrypts) a key.
void	finalize() Calls disconnect() to cleanup the native part of the wrapper.
synchronized static PKCS11	getInstance(String pkcs11ModulePath, String functionList, CK_C_INITIALIZE_ARGS pInitArgs, boolean omitInitialize)
static void	loadNative()
String	toString() Returns the string representation of this object.

[Expand]

Inherited Methods

From class java.lang.Object

Object	clone() Creates and returns a copy of this object.
boolean	equals(Object obj) Indicates whether some other object is "equal to" this one.
void	finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
final Class<?>	getClass() Returns the runtime class of this `Object`.
int	hashCode() Returns a hash code value for the object.
final void	notify() Wakes up a single thread that is waiting on this object's monitor.
final void	notifyAll() Wakes up all threads that are waiting on this object's monitor.
String	toString() Returns a string representation of the object.
final void	wait() Causes the current thread to wait until another thread invokes the `notify()` method or the `notifyAll()` method for this object.
final void	wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the `notify()` method or the `notifyAll()` method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed.
final void	wait(long timeout) Causes the current thread to wait until either another thread invokes the `notify()` method or the `notifyAll()` method for this object, or a specified amount of time has elapsed.

Public Methods

public void C_CloseSession (long hSession)

C_CloseSession closes a session between an application and a token. (Session management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long C_CopyObject (long hSession, long hObject, CK_ATTRIBUTE[] pTemplate)

C_CopyObject copies an object, creating a new object for the copy. (Object management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
hObject	the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)
pTemplate	the template for the new object and number of attributes in template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Returns

the handle of the copy (PKCS#11 param: CK_OBJECT_HANDLE_PTR phNewObject)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long C_CreateObject (long hSession, CK_ATTRIBUTE[] pTemplate)

C_CreateObject creates a new object. (Object management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pTemplate	the object's template and number of attributes in template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Returns

the object's handle (PKCS#11 param: CK_OBJECT_HANDLE_PTR phObject)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_Decrypt (long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen)

C_Decrypt decrypts encrypted data in a single part. (Encryption and decryption)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the decrypted data and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_DecryptFinal (long hSession, long directOut, byte[] out, int outOfs, int outLen)

C_DecryptFinal finishes a multiple-part decryption operation. (Encryption and decryption)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the last decrypted data part and the last data part's length (PKCS#11 param: CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_DecryptInit (long hSession, CK_MECHANISM pMechanism, long hKey)

C_DecryptInit initializes a decryption operation. (Encryption and decryption)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the decryption mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hKey	the handle of the decryption key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_DecryptUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen)

C_DecryptUpdate continues a multiple-part decryption operation. (Encryption and decryption)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the decrypted data part and the data part's length (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long C_DeriveKey (long hSession, CK_MECHANISM pMechanism, long hBaseKey, CK_ATTRIBUTE[] pTemplate)

C_DeriveKey derives a key from a base key, creating a new key object. (Key management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the key derivation mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hBaseKey	the handle of the base key (PKCS#11 param: CK_OBJECT_HANDLE hBaseKey)
pTemplate	the template for the new key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Returns

the handle of the derived key (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_DestroyObject (long hSession, long hObject)

C_DestroyObject destroys an object. (Object management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
hObject	the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_DigestFinal (long hSession, byte[] pDigest, int digestOfs, int digestLen)

C_DigestFinal finishes a multiple-part message-digesting operation. (Message digesting)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the message digest and the length of the message digest (PKCS#11 param: CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_DigestInit (long hSession, CK_MECHANISM pMechanism)

C_DigestInit initializes a message-digesting operation. (Message digesting)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the digesting mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_DigestKey (long hSession, long hKey)

C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested. (Message digesting)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
hKey	the handle of the secret key to be digested (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_DigestSingle (long hSession, CK_MECHANISM pMechanism, byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs, int digestLen)

C_Digest digests data in a single part. (Message digesting)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the message digest and the length of the message digest (PKCS#11 param: CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_DigestUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen)

C_DigestUpdate continues a multiple-part message-digesting operation. (Message digesting)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_Encrypt (long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen)

C_Encrypt encrypts single-part data. (Encryption and decryption)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the encrypted data and the encrypted data's length (PKCS#11 param: CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_EncryptFinal (long hSession, long directOut, byte[] out, int outOfs, int outLen)

C_EncryptFinal finishes a multiple-part encryption operation. (Encryption and decryption)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the last encrypted data part and the last data part's length (PKCS#11 param: CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_EncryptInit (long hSession, CK_MECHANISM pMechanism, long hKey)

C_EncryptInit initializes an encryption operation. (Encryption and decryption)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the encryption mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hKey	the handle of the encryption key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_EncryptUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen)

C_EncryptUpdate continues a multiple-part encryption operation. (Encryption and decryption)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the encrypted data part and the encrypted data part's length (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_Finalize (Object pReserved)

C_Finalize indicates that an application is done with the Cryptoki library (General-purpose)

Parameters

pReserved	is reserved. Should be NULL_PTR (PKCS#11 param: CK_VOID_PTR pReserved)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long[] C_FindObjects (long hSession, long ulMaxObjectCount)

C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles. (Object management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
ulMaxObjectCount	the max. object handles to get (PKCS#11 param: CK_ULONG ulMaxObjectCount)

Returns

the object's handles and the actual number of objects returned (PKCS#11 param: CK_ULONG_PTR pulObjectCount)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_FindObjectsFinal (long hSession)

C_FindObjectsFinal finishes a search for token and session objects. (Object management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_FindObjectsInit (long hSession, CK_ATTRIBUTE[] pTemplate)

C_FindObjectsInit initializes a search for token and session objects that match a template. (Object management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pTemplate	the object's attribute values to match and the number of attributes in search template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long C_GenerateKey (long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate)

C_GenerateKey generates a secret key, creating a new key object. (Key management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the key generation mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
pTemplate	the template for the new key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Returns

the handle of the new key (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long[] C_GenerateKeyPair (long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pPublicKeyTemplate, CK_ATTRIBUTE[] pPrivateKeyTemplate)

C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects. (Key management)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the key generation mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
pPublicKeyTemplate	the template for the new public key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount)
pPrivateKeyTemplate	the template for the new private key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pPrivateKeyTemplate CK_ULONG ulPrivateKeyAttributeCount)

Returns

a long array with exactly two elements and the public key handle as the first element and the private key handle as the second element (PKCS#11 param: CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_GenerateRandom (long hSession, byte[] randomData)

C_GenerateRandom generates random data. (Random number generation)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_GetAttributeValue (long hSession, long hObject, CK_ATTRIBUTE[] pTemplate)

C_GetAttributeValue obtains the value of one or more object attributes. The template attributes also receive the values. (Object management) note: in PKCS#11 pTemplate and the result template are the same

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
hObject	the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)
pTemplate	specifies the attributes and number of attributes to get The template attributes also receive the values. (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public CK_INFO C_GetInfo ()

C_GetInfo returns general information about Cryptoki. (General-purpose)@preconditions

Returns

the information. (PKCS#11 param: CK_INFO_PTR pInfo)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public CK_MECHANISM_INFO C_GetMechanismInfo (long slotID, long type)

C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token. (Slot and token management)@preconditions

Parameters

slotID	ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)
type	type of mechanism (PKCS#11 param: CK_MECHANISM_TYPE type)

Returns

the mechanism info (PKCS#11 param: CK_MECHANISM_INFO_PTR pInfo)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long[] C_GetMechanismList (long slotID)

C_GetMechanismList obtains a list of mechanism types supported by a token. (Slot and token management)@preconditions

Parameters

slotID	ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

Returns

a long array of mechanism types and number of mechanism types (PKCS#11 param: CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public CK_SESSION_INFO C_GetSessionInfo (long hSession)

C_GetSessionInfo obtains information about the session. (Session management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the session info (PKCS#11 param: CK_SESSION_INFO_PTR pInfo)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public CK_SLOT_INFO C_GetSlotInfo (long slotID)

C_GetSlotInfo obtains information about a particular slot in the system. (Slot and token management)@preconditions

Parameters

slotID	the ID of the slot (PKCS#11 param: CK_SLOT_ID slotID)

Returns

the slot information (PKCS#11 param: CK_SLOT_INFO_PTR pInfo)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long[] C_GetSlotList (boolean tokenPresent)

C_GetSlotList obtains a list of slots in the system. (Slot and token management)@preconditions

Parameters

tokenPresent	if true only Slot IDs with a token are returned (PKCS#11 param: CK_BBOOL tokenPresent)

Returns

a long array of slot IDs and number of Slot IDs (PKCS#11 param: CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public CK_TOKEN_INFO C_GetTokenInfo (long slotID)

C_GetTokenInfo obtains information about a particular token in the system. (Slot and token management)@preconditions

Parameters

slotID	ID of the token's slot (PKCS#11 param: CK_SLOT_ID slotID)

Returns

the token information (PKCS#11 param: CK_TOKEN_INFO_PTR pInfo)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_Login (long hSession, long userType, char[] pPin)

C_Login logs a user into a token. (Session management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
userType	the user type (PKCS#11 param: CK_USER_TYPE userType)
pPin	the user's PIN and the length of the PIN (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_Logout (long hSession)

C_Logout logs a user out from a token. (Session management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long C_OpenSession (long slotID, long flags, Object pApplication, CK_NOTIFY Notify)

C_OpenSession opens a session between an application and a token. (Session management)@preconditions

Parameters

slotID	the slot's ID (PKCS#11 param: CK_SLOT_ID slotID)
flags	of CK_SESSION_INFO (PKCS#11 param: CK_FLAGS flags)
pApplication	passed to callback (PKCS#11 param: CK_VOID_PTR pApplication)
Notify	the callback function (PKCS#11 param: CK_NOTIFY Notify)

Returns

the session handle (PKCS#11 param: CK_SESSION_HANDLE_PTR phSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_SeedRandom (long hSession, byte[] pSeed)

C_SeedRandom mixes additional seed material into the token's random number generator. (Random number generation)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pSeed	the seed material and the seed material's length (PKCS#11 param: CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_SetAttributeValue (long hSession, long hObject, CK_ATTRIBUTE[] pTemplate)

C_SetAttributeValue modifies the value of one or more object attributes (Object management)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
hObject	the object's handle (PKCS#11 param: CK_OBJECT_HANDLE hObject)
pTemplate	specifies the attributes and values to get; number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public byte[] C_Sign (long hSession, byte[] pData)

C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pData	the data to sign and the data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)

Returns

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public byte[] C_SignFinal (long hSession, int expectedLen)

C_SignFinal finishes a multiple-part signature operation, returning the signature. (Signing and MACing)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_SignInit (long hSession, CK_MECHANISM pMechanism, long hKey)

C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the signature mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hKey	the handle of the signature key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_SignRecover (long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen)

C_SignRecover signs data in a single operation, where the data can be recovered from the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the signature and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_SignRecoverInit (long hSession, CK_MECHANISM pMechanism, long hKey)

C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature. (Signing and MACing)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the signature mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hKey	the handle of the signature key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_SignUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen)

C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public long C_UnwrapKey (long hSession, CK_MECHANISM pMechanism, long hUnwrappingKey, byte[] pWrappedKey, CK_ATTRIBUTE[] pTemplate)

C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. (Key management)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the unwrapping mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hUnwrappingKey	the handle of the unwrapping key (PKCS#11 param: CK_OBJECT_HANDLE hUnwrappingKey)
pWrappedKey	the wrapped key to unwrap and the wrapped key's length (PKCS#11 param: CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen)
pTemplate	the template for the new key and the number of attributes in the template (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Returns

the handle of the unwrapped key (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_Verify (long hSession, byte[] pData, byte[] pSignature)

C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pData	the signed data and the signed data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)
pSignature	the signature to verify and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_VerifyFinal (long hSession, byte[] pSignature)

C_VerifyFinal finishes a multiple-part verification operation, checking the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pSignature	the signature to verify and the signature's length (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_VerifyInit (long hSession, CK_MECHANISM pMechanism, long hKey)

C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot cannot be recovered from the signature (e.g. DSA). (Signing and MACing)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the verification mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hKey	the handle of the verification key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public int C_VerifyRecover (long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen)

C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Returns

the recovered data and the recovered data's length (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_VerifyRecoverInit (long hSession, CK_MECHANISM pMechanism, long hKey)

C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature. (Signing and MACing)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the verification mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hKey	the handle of the verification key (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void C_VerifyUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen)

C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature. (Signing and MACing)

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public byte[] C_WrapKey (long hSession, CK_MECHANISM pMechanism, long hWrappingKey, long hKey)

C_WrapKey wraps (i.e., encrypts) a key. (Key management)@preconditions

Parameters

hSession	the session's handle (PKCS#11 param: CK_SESSION_HANDLE hSession)
pMechanism	the wrapping mechanism (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
hWrappingKey	the handle of the wrapping key (PKCS#11 param: CK_OBJECT_HANDLE hWrappingKey)
hKey	the handle of the key to be wrapped (PKCS#11 param: CK_OBJECT_HANDLE hKey)

Returns

the wrapped key and the length of the wrapped key (PKCS#11 param: CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)

Throws

PKCS11Exception	If function returns other value than CKR_OK.

public void finalize ()

Calls disconnect() to cleanup the native part of the wrapper. Once this method is called, this object cannot be used any longer. Any subsequent call to a C_* method will result in a runtime exception.

Throws

Throwable	If finalization fails.

public static synchronized PKCS11 getInstance (String pkcs11ModulePath, String functionList, CK_C_INITIALIZE_ARGS pInitArgs, boolean omitInitialize)

Throws

IOException
PKCS11Exception

Interfaces

Classes

Exceptions

PKCS11

Class Overview

Summary

Public Methods

public void C_CloseSession (long hSession)

Parameters

Throws

public long C_CopyObject (long hSession, long hObject, CK_ATTRIBUTE[] pTemplate)

Parameters

Returns

Throws

public long C_CreateObject (long hSession, CK_ATTRIBUTE[] pTemplate)

Parameters

Returns

Throws

public int C_Decrypt (long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen)

Parameters

Returns

Throws

public int C_DecryptFinal (long hSession, long directOut, byte[] out, int outOfs, int outLen)

Parameters

Returns

Throws

public void C_DecryptInit (long hSession, CK_MECHANISM pMechanism, long hKey)

Parameters

Throws

public int C_DecryptUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen)

Parameters

Returns

Throws

public long C_DeriveKey (long hSession, CK_MECHANISM pMechanism, long hBaseKey, CK_ATTRIBUTE[] pTemplate)

Parameters

Returns

Throws

public void C_DestroyObject (long hSession, long hObject)

Parameters

Throws

public int C_DigestFinal (long hSession, byte[] pDigest, int digestOfs, int digestLen)

Parameters

Returns

Throws

public void C_DigestInit (long hSession, CK_MECHANISM pMechanism)

Parameters

Throws

public void C_DigestKey (long hSession, long hKey)

Parameters

Throws

public int C_DigestSingle (long hSession, CK_MECHANISM pMechanism, byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs, int digestLen)

Parameters

Returns

Throws

public void C_DigestUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen)

Parameters

Throws

public int C_Encrypt (long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen)

Parameters

Returns

Throws

public int C_EncryptFinal (long hSession, long directOut, byte[] out, int outOfs, int outLen)

Parameters

Returns

Throws

public void C_EncryptInit (long hSession, CK_MECHANISM pMechanism, long hKey)

Parameters

Throws

public int C_EncryptUpdate (long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen)

Parameters

Returns

Throws

public void C_Finalize (Object pReserved)

Parameters

Throws

public long[] C_FindObjects (long hSession, long ulMaxObjectCount)

Parameters

Returns

Throws

public void C_FindObjectsFinal (long hSession)