The PKCS #11 library provides a suite of standard API operations for accessing and using hardware security modules (HSMs). The library encompasses a broad range of features such as key management, encryption and decryption, signing and verification, message digest, authentication, random number generation, session management, and object management in fields such as banking, communications, enterprises and public service sectors. This topic describes API operations supported by the PKCS #11 library.
Feature | PKCS#11 API |
General-purpose feature | C_Initialize |
C_Finalize | |
C_GetInfo | |
C_GetFunctionList | |
Slot and token management | C_GetSlotInfo |
C_GetTokenInfo | |
C_GetMechanismList | |
C_GetMechanismInfo | |
Session management | C_OpenSession |
C_Login | |
C_Logout | |
C_GetSessionInfo | |
Object management | C_CreateObject |
C_DestroyObject | |
C_GetAttributeValue | |
C_FindObjectsInit | |
C_FindObjects | |
C_FindObjectsFinal | |
Encryption | C_EncryptInit |
C_Encrypt | |
C_EncryptUpdate | |
C_EncryptFinal | |
Decryption | C_DecryptInit |
C_Decrypt | |
C_DecryptUpdate | |
C_DecryptFinal | |
Message digest | C_DigestInit |
C_Digest | |
C_DigestUpdate | |
C_DigestFinal | |
Signing and MAC | C_SignInit |
C_SignUpdate | |
C_SignFinal | |
C_SignRecoverInit | |
C_SignRecover | |
Verification and MAC | C_VerifyInit |
C_Verify | |
C_VerifyUpdate | |
C_VerifyFinal | |
C_VerifyRecoverInit | |
C_VerifyRecover | |
Random number generation | C_GenerateRandom |
Key management | C_GenerateKey |
C_GenerateKeyPair | |
C_WrapKey | |
C_UnwrapKey | |
C_DeriveKey |