PKCS11命令流 [英] PKCS11 command flow

问题描述

我正在尝试访问PKCS11加密令牌（智能卡）。我以前使用的智能卡有自己的专有的API访问卡，所以我试图了解我如何映射到PKCS11令牌。

在我以前的智能卡，我不得不连接到设备，然后发出API调用各种功能，如验证PIN，获取卡信息，选择文件，读取文件，写入文件，执行加密功能（RNG，对称/不对称加密，等等），最后，我将从设备断开。

PKCS11令牌有类似的流程吗？我查找了各种功能，如C_Initialize，C_OpenSession等，但我不完全确定他们做什么，也没有什么参数使用。

谢谢！

在C中显示应用程序如何访问令牌以说明验证PIN的一些简单示例将非常有帮助。我写了PKCS＃11包装器，名为 Pkcs11Interop

/ a>，其中包含涵盖PKCS＃11 API提供的所有函数的单元测试。您可以查看其 LowLevelAPI测试，可以轻松映射到ANSI C。

您还应该考虑至少阅读第2章 - 范围，第6章 - 概述和 a href =http://pkcs11interop.net/rsa-pkcs11-2.20/pkcs-11v2-20.pdf =nofollow> PKCS＃11标准。

I'm trying to access a PKCS11 cryptographic token (smart card). I was previously using a smart card that had its own proprietary API for card access, so I'm trying to understand how I can map this out to a PKCS11 token.

In my previous smart card, I had to connect to the device, then issue API calls for various functions such as Verify PIN, Get card info, Select File, Read File, Write File, perform cryptographic functions (RNG, symmetric/assymmetric encryption, etc), and finally, I would disconnect from the device.

Is there a similar flow for PKCS11 tokens? I looked up the various functions such as C_Initialize, C_OpenSession, etc, but I'm not exactly sure what they do, nor what parameters to use. Some simple examples in C showing how an application accesses the token to, say, verify PIN, would be very helpful.

Thanks!

解决方案

I have written PKCS#11 wrapper for .NET called Pkcs11Interop which comes with unit tests covering all functions provided by PKCS#11 API. You can take a look at its LowLevelAPI tests which can be easily mapped to ANSI C.

You should also consider reading at least "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 standard.

这篇关于PKCS11命令流的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！