'\" te
.\" Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights    reserved.
.TH pkcs11_kernel 5 "16 Jun 2015" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
pkcs11_kernel \- PKCS#11 interface to Kernel Cryptographic Framework
.SH SYNOPSIS
.LP
.nf
/usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so
.fi

.SH DESCRIPTION
.sp
.LP
The \fBpkcs11_kernel.so\fR object implements the RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki), v2.20, specification by  using  a private interface to communicate with the Kernel Cryptographic Framework.
.sp
.LP
Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots.
.sp
.LP
The PKCS#11 mechanisms provided by this library is determined by the available hardware providers.
.sp
.LP
Application developers should link to \fBlibpkcs11.so\fR rather than link directly to \fBpkcs11_kernel.so\fR. See \fBlibpkcs11\fR(3LIB).
.sp
.LP
All of the Standard PKCS#11 functions listed on \fBlibpkcs11\fR(3LIB) are implemented except for the following:
.sp
.in +2
.nf
C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent
.fi
.in -2

.sp
.LP
A call to these functions returns \fBCKR_FUNCTION_NOT_SUPPORTED\fR.
.sp
.LP
Buffers cannot be greater than 2 megabytes. For example, \fBC_Encrypt()\fR can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext.
.sp
.LP
The maximum number of object handles that can be returned by a call to \fBC_FindObjects()\fR is 512.
.sp
.LP
The maximum amount of kernel memory that can be used for crypto operations is limited by the \fBproject.max-crypto-memory\fR resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control.
.SH RETURN VALUES
.sp
.LP
The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification.
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for a description of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Interface StabilityCommitted
_
MT-LevelT{
MT-Safe with exceptions. See section 6.6.2 of RSA PKCS#11 v2.20
T}
_
StandardPKCS#11 v2.20
.TE

.SH SEE ALSO
.sp
.LP
\fBcryptoadm\fR(1M), \fBrctladm\fR(1M), \fBlibpkcs11\fR(3LIB), \fBattributes\fR(5), \fBpkcs11_softtoken\fR(5)
.SH NOTES
.sp
.LP
Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable.