问题
I'm trying to access a PKCS11 cryptographic token (smart card). I was previously using a smart card that had its own proprietary API for card access, so I'm trying to understand how I can map this out to a PKCS11 token.
In my previous smart card, I had to connect to the device, then issue API calls for various functions such as Verify PIN, Get card info, Select File, Read File, Write File, perform cryptographic functions (RNG, symmetric/assymmetric encryption, etc), and finally, I would disconnect from the device.
Is there a similar flow for PKCS11 tokens? I looked up the various functions such as C_Initialize, C_OpenSession, etc, but I'm not exactly sure what they do, nor what parameters to use. Some simple examples in C showing how an application accesses the token to, say, verify PIN, would be very helpful.
Thanks!
回答1:
I have written PKCS#11 wrapper for .NET called Pkcs11Interop which comes with unit tests covering all functions provided by PKCS#11 API. You can take a look at its LowLevelAPI tests which can be easily mapped to ANSI C.
You should also consider reading at least "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 standard.
回答2:
The pkcs11-tool source from opensc would serve as a good reference.
https://github.com/OpenSC/OpenSC/blob/master/src/tools/pkcs11-tool.c
来源:https://stackoverflow.com/questions/29092252/pkcs11-command-flow