Slot and token management functions

The following functions perform as described in the PKCS #11 specification:

C_GetSlotInfo

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_GetSlotInfo

tbc

Without modifications

2.40

C_GetTokenInfo

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_GetTokenInfo

tbc

Without modifications

2.40

C_GetMechanismList

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_GetMechanismList

tbc

Without modifications

2.40

C_GetMechanismInfo

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_GetMechanismInfo

tbc

Without modifications

2.40

C_GetSlotList

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_GetSlotList

tbc

Without modifications

2.40

Notes

This function returns an array of PKCS #11 slots. Within each module, the slots are in the order:

  1. module(s)

  2. smart card reader(s)

  3. software tokens, if present.

Each module is listed in ascending order by nShield ModuleID.

C_GetSlotList returns an array of handles. You cannot make any assumptions about the values of these handles. In particular, these handles are not equivalent to the slot numbers returned by the nCore API command GetSlotList.

C_InitToken

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_InitToken

tbc

Without modifications

2.40

Notes

C_InitToken sets the card passphrase to the same value as the current token’s passphrase and sets the CKF_USER_PIN_INITIALIZED flag.

This function is supported in load-sharing mode only when using softcards. To use C_InitToken in load-sharing mode, you must have created a softcard with the command ppmk -n before selecting the corresponding slot.

The C_InitToken function is not supported for use in non-load-sharing FIPS 140 Level 3 Security Worlds.

C_InitPIN

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_InitPin

tbc

Without modifications

2.40

Notes

There is usually no need to call C_InitPIN, because C_InitToken sets the card passphrase.

Because the nShield PKCS #11 library can only maintain a single passphrase, C_InitPIN has the effect of changing the current token’s passphrase.

This function is supported in load-sharing mode only when using softcards. To use C_InitPIN in load-sharing mode, you must have created a softcard with the command ppmk -n before selecting the corresponding slot.

C_SetPIN

Function Supported in Security World Performs as in PKCS #11 spec PKCS #11 spec version

C_SetPin

tbc

Without modifications

2.40

Notes

The card passphrase may be any value.

Because the nShield PKCS #11 library can only maintain a single passphrase, C_SetPIN has the effect of changing the current token’s passphrase or, if called in a Security Officer session, the card passphrase.

This function is supported in load-sharing mode only when using softcards. To use C_SetPIN in load-sharing mode, you must have created a Softcard with the command ppmk -n before selecting the corresponding slot.