SConnect is the generic framework required to be installed on the end-user computer to host the PKCS#11 add-on. The installation, setup and configuration is automatically done from the web application.
The web application must declare in its HTML code the following JavaScript libraries:
The SConnect framework is automatically installed when the function 'Install' is invoked. At that time SConnect loads your custom server configuration (a set of path describing where on your server are deployed the SConnect componnet to use when the web application is running. See the 'serverConfiguration' variable below to have a complete example of server configuration). This is generally done whe the web application page is load (see 'onPageUnload' function below). The SConnect installation is operated interactively wth the end-user.
var serverConfiguration = {
// Define the server configuration to use by SConnect to check or get SConnect installers and add-ons
// In this example the SConnect component are stored at the URL "https://your-web-server-url/path-to-your-SConnect-repository"
serverConfiguration = {
// Mind to modify the URL to connect to your web server.
// THE "impPath", "extPath", "eulaPath", "faqPath" AND "addonPath" URLS ARE ALWAYS ABSOLUTE PATH.
imgPath: "https://your-web-server-url/path-to-your-SConnect-repository/images/",
extPath: "https://your-web-server-url/path-to-your-SConnect-repository/extensions/",
eulaPath: "https://your-web-server-url/path-to-your-SConnect-repository/eula/",
faqPath: "https://your-web-server-url/path-to-your-SConnect-repository/faq/",
addonPath: "https://your-web-server-url/path-to-your-SConnect-repository/addons/"
// Mind to modify the licensePath URL accordingdly to your web server.
// THE LICENSE PATH IS ALWAYS RELATIVE PATH.
//,licensePath : "/sconnect.lic"
};
// Configure the path to reach the SConnect components
SConnect.ConfigResources(serverConfiguration);
// Start the SConnect initialization or the automatic installation if SConnect is not installed on the end-user computer
SConnect.Install(installCallback);
Once the installation succesfully done (see 'installationCallback'), the function 'ValidateServer' must be invoked to check the security between the SConnect framework and the web application server.
var installCallback = {
success: function () {
log('sconnect-install-success');
SConnect.ValidateServer(validateCallback);
},
error: function (code) {
log('sconnect-install-failed, reason: ' + code);
}
};
Once the validation succesfully done (see 'validateCallback'), the function 'InstallAddOns' must be invoked to install atutomatically or set up the already installed add-ons required by the web application.
var validateCallback = {
success: function () {
'use strict';
log('sconnect-validate-success');
SConnect.InstallAddOns([new SConnect.PKCS11Info()], installAddOnsCallback);
},
error: function (code) {
'use strict';
log('validate-server-failed, reason: ' + code);
}
};
Once the add-on installation succesfully done (see 'installAddOnsCallback'), the web application creates the PKCS#11 onstance to be used to apply the PKCS#11 API (See function 'SConnect.PKCS11.Create').
var installAddOnsCallback = {
success: function () {
'use strict';
log('install-addon-success');
SConnect.PKCS11.Create(createCallback);
},
error: function (code, info) {
'use strict';
log('install-addons-failed, reason: ' + code);
}
};
Once the PKCS#11 instance created (see 'createCallback'), the web application is ready to use the PKCS#11 API.
var createCallback = {
success: function (pkcs11) {
'use strict';
theObjectPKCS11 = pkcs11;
},
error: function (code) {
'use strict';
log('failed to create PKCS11 instance, reason: ' + code);
}
};
When the PKCS#11 instance created is no more required, the web application must dispose the PKCS#11 instance and the listener must be stopped. This is generally done when the web application page is unload.
function onPageUnload() {
'use strict';
// Stop the PKCS11 event handler
SConnect.PKCS11.StopTokenEventHandler();
// Release the PKCS11 object
if (theObjectPKCS11) {
theObjectPKCS11.dispose();
}
}
Here is the full code used in this page:
////////////////////////////////////////////////////////////
//
// SConnect initialization & PKCS11 addon creation
//
///////////////////////////////////////////////////////////
var serverConfiguration = {
// Mind to modify the URL to connect to your web server.
// THE "impPath", "extPath", "eulaPath", "faqPath" AND "addonPath" URLS ARE ALWAYS ABSOLUTE PATH.
imgPath: "https://your-web-server-url/path-to-your-SConnect-repository/images/",
extPath: "https://your-web-server-url/path-to-your-SConnect-repository/extensions/",
eulaPath: "https://your-web-server-url/path-to-your-SConnect-repository/eula/",
faqPath: "https://your-web-server-url/path-to-your-SConnect-repository/faq/",
addonPath: "https://your-web-server-url/path-to-your-SConnect-repository/addons/"
// Mind to modify the licensePath URL accordingdly to your web server.
// THE LICENSE PATH IS ALWAYS RELATIVE PATH.
//,licensePath : "/sconnect.lic"
};
var createCallback = {
success: function (p11) {
'use strict';
theObjectPKCS11 = p11;
},
error: function (code) {
'use strict';
log(' ERROR !!! Failed to create PKCS11 instance (error code ' + code + ')');
}
};
var installAddOnsCallback = {
success: function () {
'use strict';
log('install-addon-success');
SConnect.PKCS11.Create(createCallback);
},
error: function (code) {
'use strict';
log('install-addons-failed, reason: ' + code);
}
};
var validateCallback = {
success: function () {
'use strict';
log('sconnect-validate-success');
SConnect.InstallAddOns([new SConnect.PKCS11Info()], installAddOnsCallback);
},
error: function (code) {
'use strict';
log('validate-server-failed, reason: ' + code);
}
};
function onPageLoad() {
'use strict';
var installCallback = {
success: function () {
log('sconnect-install-success');
SConnect.ValidateServer(validateCallback);
},
error: function (code) {
log('sconnect-install-failed, reason: ' + code);
}
};
// Configure the path to reach the SConnect components
SConnect.ConfigResources(serverConfiguration);
// Start the SConnect initialization or the automatic installation if SConnect is not installed on the end-user computer
SConnect.Install(installCallback);
}
var finalStopTokenEventHandlerCallback = {
success: function () {
log('StopTokenEventHandler success');
// Release the PKCS11 object
if (theObjectPKCS11) {
theObjectPKCS11.C_Finalize( /*finalizeCallback*/ );
theObjectPKCS11.dispose();
}
},
error: function (code) {
log('StopTokenEventHandler failed ' + code);
}
};
/**
* Releases all SConnect & PKCS11 resources
*/
function onPageUnload() {
'use strict';
// Stop the PKCS11 event handler
SConnect.PKCS11.StopTokenEventHandler(finalStopTokenEventHandlerCallback);
}
// Initialize the SConnect & PKCS11 addon when the web page is load
window.onload = onPageLoad;
// Release all resources when the page is unload
window.onunload = onPageUnload;
Once SConnect & PKCS11 add-on installation, the web application can start to use the PKCS11 API and start to listen to slot events
var tokenEventCallback = {
onTokenInsertion: function (resp) {
'use strict';
log('onTokenInsertion - slotId (' + resp.slotId + ')');
log('onTokenInsertion - label (' + resp.label + ')');
},
onTokenRemoval: function (resp) {
'use strict';
log('onTokenRemoval - slotId (' + resp.slotId + ')');
log('onTokenRemoval - label (' + resp.label + ')');
}
};
var initializeCallback = {
success: function (status, data) {
'use strict';
log("C_Initialize succeeded");
log("C_Initialize status " + status);
log("C_Initialize data " + data);
SConnect.PKCS11.StartTokenEventHandler(tokenEventCallback);
},
error: function (status) {
'use strict';
log("C_Initialize failed !!!");
log("C_Initialize status " + status);
}
};
function SetUpWebApplication() {
'use strict';
if(theObjectPKCS11)
theObjectPKCS11.C_Initialize();
}
}
The PKCS#11 addon must be initialized before any use. C_Initialize allocates all necessary ressources.
var initializeCallback = {
success: function (status, data) {
'use strict';
log("C_Initialize succeeded");
log("C_Initialize status " + status);
log("C_Initialize data " + data);
// Start the slot event handler after the successfull initialization
SConnect.PKCS11.StartTokenEventHandler(tokenEventCallback);
},
error: function (status) {
'use strict';
log("C_Initialize failed !!!");
log("C_Initialize status " + status);
}
};
$("#C_InitializeButton").click(function () {
'use strict';
if (theObjectPKCS11) {
log("C_Initialize invoked");
theObjectPKCS11.C_Initialize(initializeCallback);
}
});
Click the button to invoke the function.
The library must be disposed after use. C_Finalize is called to indicate that an application is finished with the PKCS11 API. It should be the last Cryptoki call made by an application. All allocated resources are then released.
If the device event handler has been started by your web application then it must be dispose before the C_Finalize invocation (see the sample below).
var finalizeCallback = {
success: function (status, data) {
'use strict';
log("C_Finalize succeeded");
},
error: function (status) {
'use strict';
log("C_Finalize failed !!!");
}
};
var stopTokenEventHandlerCallback = {
success: function (status, data) {
'use strict';
log("StopTokenEventHandler succeeded");
// NOW INVOKE C_Finalize
if (theObjectPKCS11) {
theObjectPKCS11.C_Finalize(finalizeCallback);
}
},
error: function (status) {
'use strict';
log("StopTokenEventHandler failed !!!");
}
};
YourWebApplicationFunctionFinalizing() {
'use strict';
// FIRST STOP THE DEVICE HANDLER WHILE THE LIBRARY IS NOT FINALIZED !
SConnect.PKCS11.StopTokenEventHandler(stopTokenEventHandlerCallback);
};
Click the button to invoke the function.
C_GetInfo returns general information about the PKCS11 in the form of a JSON object containing the CK_INFO properties.
var getInfoCallback = {
success: function (status, data) {
'use strict';
console.log("C_GetInfo success");
console.log("C_GetInfo status " + status);
console.log("C_GetInfo cryptokiVersion.major " + data.cryptokiVersion.major);
console.log("C_GetInfo cryptokiVersion.minor " + data.cryptokiVersion.minor);
console.log("C_GetInfo flags " + data.flags);
console.log("C_GetInfo libraryDescription " + data.libraryDescription);
console.log("C_GetInfo libraryVersion.major " + data.libraryVersion.major);
console.log("C_GetInfo libraryVersion.minor " + data.libraryVersion.minor);
console.log("C_GetInfo manufacturerID " + data.manufacturerID);
},
error: function (status) {
'use strict';
console.log("C_GetInfo failed");
console.log("C_GetInfo status " + status);
}
};
// Invoke the function through the instance of the PKCS11 add-on
theAddonPKCS11.C_GetInfo(getInfoCallback);
Click the button to invoke the function.
C_GetSlotList is used to obtain a list of slots in the system.
The boolean parameter 'tokenPresent' indicates whether the list obtained includes only those slots with a token present (true), or all slots (false).
var getSlotListCallback = {
success: function (status, data) {
'use strict';
log("C_GetSlotList success");
log("C_GetSlotList status " + status);
log("C_GetSlotList data " + data);
},
error: function (status) {
'use strict';
log("C_GetSlotList failed");
log("C_GetSlotList status " + status);
}
};
// Configure the parameter to get the list of the slots with a token present
var tokenPresent = true;
// Invoke the function through the instance of the PKCS11 add-on
theAddonPKCS11.C_GetSlotList(tokenPresent, getSlotListCallback);
Click the button to invoke the function.
C_GetSlotInfo obtains information about a particular slot in the system.
The Number parameter 'slotID' is the ID of the slot.
The returned data is a JSON object containing the CK_SLOT_INFO properties.
var getSlotInfoCallback = {
success: function (status, data) {
'use strict';
log("C_GetSlotInfo success");
log("C_GetSlotInfo status " + status);
log("C_GetSlotInfo slotDescription " + data.slotDescription);
log("C_GetSlotInfo manufacturerID " + data.manufacturerID);
log("C_GetSlotInfo flags " + data.flags);
log("C_GetSlotInfo hardwareVersion.major " + data.hardwareVersion.major);
log("C_GetSlotInfo hardwareVersion.minor " + data.hardwareVersion.minor);
log("C_GetSlotInfo firmwareVersion.major " + data.firmwareVersion.major);
log("C_GetSlotInfo firmwareVersion.minor " + data.firmwareVersion.minor);
},
error: function (status) {
'use strict';
log("C_GetSlotInfo failed !!!");
log("C_GetSlotInfo status " + status);
}
};
theAddonPKCS11.C_GetSlotInfo(slotId, getSlotInfoCallback);
Click the button to invoke the function.
C_GetTokenInfo obtains information about a particular token in the system.
The Number parameter 'slotID' is the ID of the slot.
The returned data is a JSON object containing the CK_TOKEN_INFO properties.
var getTokenInfoCallback = {
success: function (status, data) {
'use strict';
log("C_GetTokenInfo success");
log("C_GetTokenInfo status " + status);
log("C_GetTokenInfo label " + data.label);
log("C_GetTokenInfo manufacturerID " + data.manufacturerID);
log("C_GetTokenInfo model " + data.model);
log("C_GetTokenInfo serialNumber " + data.serialNumber);
log("C_GetTokenInfo flags " + data.flags);
log("C_GetTokenInfo maxSessionCount " + data.maxSessionCount);
log("C_GetTokenInfo sessionCount " + data.sessionCount);
log("C_GetTokenInfo maxRwSessionCount " + data.maxRwSessionCount);
log("C_GetTokenInfo rwSessionCount " + data.rwSessionCount);
log("C_GetTokenInfo maxPinLen " + data.maxPinLen);
log("C_GetTokenInfo minPinLen " + data.minPinLen);
log("C_GetTokenInfo totalPublicMemory " + data.totalPublicMemory);
log("C_GetTokenInfo freePublicMemory " + data.freePublicMemory);
log("C_GetTokenInfo totalPrivateMemory " + data.totalPrivateMemory);
log("C_GetTokenInfo freePrivateMemory " + data.freePrivateMemory);
log("C_GetTokenInfo hardwareVersion.major " + data.hardwareVersion.major);
log("C_GetTokenInfo hardwareVersion.minor " + data.hardwareVersion.minor);
log("C_GetTokenInfo firmwareVersion.major " + data.firmwareVersion.major);
log("C_GetTokenInfo firmwareVersion.minor " + data.firmwareVersion.minor);
log("C_GetTokenInfo time " + data.time);
},
error: function (status) {
'use strict';
log("C_GetTokenInfo failed !!!");
log("C_GetTokenInfo status " + status);
}
};
theAddonPKCS11.C_GetTokenInfo(slotId, getTokenInfoCallback);
Press this button to execute this sample code
Click the button to invoke the function.
C_GetMechanismList is used to obtain a list of mechanism types supported by a token.
The Number parameter 'slotID' is the ID of the slot.
The returned data is a [1..n] JSON array of Number containing the supported CKM_xxx.
var getMechanismListCallback = {
success: function (status, data) {
'use strict';
log("C_GetMechanismList success");
log("C_GetMechanismList status " + status);
log("C_GetMechanismList data " + JSON.stringify(data));
},
error: function (status) {
'use strict';
log("C_GetMechanismList failed !!!");
log("C_GetMechanismList status " + status);
}
};
theAddonPKCS11.C_GetMechanismList(slotId, getMechanismListCallback);
Click the button to invoke the function.
C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
The Number parameter 'slotID' is the ID of the slot.
The Number parameter 'mechanismType' is the type of mechanism.
The returned data is a JSON object containing the CK_MECHANISM_INFO properties.
var callback = {
success : function (status, data) {
var message = "The function returned the following CK_MECHANISM_INFO information:";
message += "minKeySize (" + data.minKeySize + ")";
message += "maxKeySize (" + data.maxKeySize + ")";
message += "flags (" + data.flags + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
mechanismType = 1,
slotId = 1;
theObjectPKCS11.C_GetMechanismInfo(slotId, mechanismType, callback);
Click the button to invoke the function.
C_InitToken initializes a token.
The Number parameter 'slotID' is the ID of the slot.
The String parameter 'pin' is the user’s PIN.
The String parameter 'label' is the token’s label.
var callback = {
success : function (status, data) {
var message = "The function returned the following status " + status;
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
slotId = 0,
pin = "mySoPin",
label = "MyLabel";
theObjectPKCS11.C_InitToken(slotId, pin, label);
Click the button to invoke the function.
C_OpenSession opens a session between an application and a token in a particular slot.
The Number parameter 'slotId' is the slot's ID.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
// Prepare to open a session on the slotId 1
slotId = 0,
// Prepare the flags to open a RW session (CKF_SERIAL_SESSION | CKF_RW_SESSION = 6)
flags = 6;
theObjectPKCS11.C_OpenSession(slotId, flags, callback);
Click the button to invoke the function.
C_GetSessionInfo obtains information about a session.
The Number parameter 'sessionHandle' is the session’s handle.
var callback = {
success : function (status, data) {
var message = "The function returned the following CK_SESSION_INFO object: ";
message += "slot id (" + data.slotId + ")";
message += "state (" + data.state + ")";
message += "flags (" + data.flags + ")";
message += "deviceError (" + data.deviceError + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2;
theObjectPKCS11.C_GetSessionInfo(sessionHandle, callback);
Click the button to invoke the function.
C_CloseSession closes a session between an application and a token.
The Number parameter 'sessionHandle' is the session’s handle.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2;
theObjectPKCS11.C_CloseSession(sessionHandle, callback);
Click the button to invoke the function.
C_CloseAllSessions closes all sessions an application has with a token. When a session is closed, all session objects created by the session are destroyed automatically. After successful execution of this function, the login state of the token for the application returns to public sessions. Any new sessions to the token opened by the application will be either R/O Public or R/W Public sessions.
The Number parameter 'slotId' is the slot’s ID.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
slotId = 0;
theObjectPKCS11.C_CloseAllSessions(slotId, callback);
Click the button to invoke the function.
C_Login logs a user into a token.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'userType' is the value of any CKU_xx.
The String parameter 'pin' is the user’s PIN.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
userType = 1,
pin = "1234";
theObjectPKCS11.C_Login(sessionHandle, userType, pin, callback);
Click the button to invoke the function.
C_Logout logs a user out from a token.
The Number parameter 'sessionHandle' is the session’s handle.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2;
theObjectPKCS11.C_Logout(sessionHandle, callback);
Click the button to invoke the function.
C_InitPIN initializes the normal user’s PIN.
The Number parameter 'sessionHandle' is the session handle (see C_OpenSession to get one).
The plain text String parameter 'pin' is the user PIN.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 1,
// The end-user PIN is a plain text string
pin = "1234";
theObjectPKCS11.C_InitPIN(sessionHandle, pin, callback);
Click the button to invoke the function.
C_SetPIN modifies the PIN of the user that is currently logged in, or the user PIN if the session is not logged in.
The Number parameter 'sessionHandle' is the session handle (see C_OpenSession to get one).
The String parameter 'oldPin' is the old PIN.
The String parameter 'newPin' is the new PIN.
var callback = {
success : function (status, data) {
var message = "The function returned the following status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 1,
oldPin = "1234",
newPin = "5678";
theObjectPKCS11.C_SetPIN(sessionHandle, oldPin, newPin, callback);
Click the button to invoke the function.
C_CreateObject creates a new object.
The Number parameter 'sessionHandle' is the session’s handle.
The Object parameter 'attributes' is the set of properties required to create the object. Each property name is the String of the CKA_xx attribute to set. Each property value is the value to set for the property.
var callback = {
success : function (status, data) {
var message = "The function returned the following the object handle (" + data.objectHandle + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
attributes;
// The attribute name is any CKA_ characteristic as defined in the PKCS11 specification
// The attribute value can be a boolean (with value true or false), a number, a string or a binary data expressed as unprefixed consecutive hexadecimal pairs ("010A" interpreted as [0x01, 0x0A]).
// Here is the create a data object using the attributes CKA_CLASS, CKA_TOKEN, CKA_APPLICATION and CKA_VALUE.
attributes.CKA_CLASS = 0;
attributes.CKA_TOKEN = true;
attributes.CKA_APPLICATION = [49, 50, 51, 52, 53, 54];
attributes.CKA_VALUE = [65, 66, 67, 68, 69, 70];
theObjectPKCS11.C_CreateObject(sessionHandle, attributes, callback);
Click the button to invoke the function.
C_DestroyObject destroys an object.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the object"s handle to delete.
var callback = {
success : function (status, data) {
var message = "The function returned the following the status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
objectHandle = 12;
theObjectPKCS11.C_DestroyObject(sessionHandle, objectHandle, callback);
Click the button to invoke the function.
C_GetAttributeValue obtains the value of one or more attributes of an object.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the object"s handle to get value from.
The Array of Number parameter 'attributes' is the set of CK_ATTRIBUTE_TYPE required to read. Each property name is the String of the CKA_xx attribute to get.
var callback = {
success : function (status, data) {
var message = "The function returned the following the attributes :";
for(var key in data) {
message += "attribute (" + key + ") - value (" + data[key] + ")";
}
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
objectHandle = 12,
// Set a CK_ATTRIBUTE_TYPE array to get the CKA_CLASS (0x00000000), CKA_TOKEN (0x00000001) and CKA_VALUE (0x00000011) attribute of the object
attributes = [0, 1, 11];
theObjectPKCS11.C_GetAttributeValue(sessionHandle, objectHandle, attributes, callback);
Click the button to invoke the function.
C_SetAttributeValue modifies the value of one or more attributes of an object.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the object's handle to set value.
The JSON object parameter 'attributes' is the set of properties to write. Each property name is the String of the CKA_xx attribute to set. Each property value is the value to set for the property.
var callback = {
success : function (status, data) {
var message = "The function returned the following the attributes :";
for(var i in data) {
message += "attribute (" + i + ") - value (" + data[i] + ")";
}
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
objectHandle = 12,
attributes;
//The attribute can be a boolean (with value true or false), a number, a string
//or a binary data (such as encrypted data) expressed as unprefixed consecutive hexadecimal pairs ("010A" interpreted as [0x01, 0x0A]).
attributes.CKA_CLASS = 0;
attributes.CKA_TOKEN = true;
attributes.CKA_LABEL = [116,101,115,116,48,49];
theObjectPKCS11.C_SetAttributeValue(sessionHandle, objectHandle, attributes, callback);
Click the button to invoke the function.
C_FindObjects initializes, continues and terminates a search for token and session objects that match a template
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the object's handle to set value.
The JSON object parameter 'attributes' is the set of properties to search for. Each property name is the String of the CKA_xx attribute to set. Each property value is the value to set for the property.
var callback = {
success : function (status, data) {
var message = "The function returned the following the object handles:";
for(var key in data) {
message += "object (" + data[key] + ")";
}
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
attributes;
// Search all the CKO_DATA available in the token
attributes.CKA_CLASS = 0;
theObjectPKCS11.C_FindObjects(sessionHandle, attributes, callback);
Click the button to invoke the function.
C_GenerateKeyPair generates a public/private key pair, creating new key objects.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'mechanismType' is the mechanism type to generate with. The expected value is the value of a "CKM_xx" mechanism type.
The JSON object parameter 'attributesPublicKey' containing the attributes of the public key.
The JSON object parameter 'attributesPrivateKey' containing the attributes of the private key.
The 'success' callback returns the handles of thegenrated privtae and public keys.
var callback = {
success : function (status, data) {
// Save key handles for other operations
publicKeyObjectHandle = data.publicKey;
privateKeyObjectHandle = data.privateKey;
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
mechanismType = 0, // value of CKM_RSA_PKCS_KEY_PAIR_GEN as defined into the PKCKS11 specification
attributesKeyPublic = {},
attributesKeyPrivate = {},
signOnly = false;
// Add the attributes (see the PKCS11 specification for attributes list, type & usage)
attributesKeyPublic.CKA_MODULUS_BITS = 2048;
attributesKeyPublic.CKA_TOKEN = true;
attributesKeyPublic.CKA_CLASS = 2; // value of CKO_PUBLIC_KEY as defined into the PKCKS11 specification
attributesKeyPublic.CKA_KEY_TYPE = 0; // value of CKK_RSA as defined into the PKCKS11 specification
attributesKeyPublic.CKA_PRIVATE = false;
attributesKeyPublic.CKA_ENCRYPT = !signOnly;
attributesKeyPublic.CKA_WRAP = !signOnly;
attributesKeyPublic.CKA_VERIFY_RECOVER = true;
attributesKeyPublic.CKA_VERIFY = true;
attributesKeyPublic.CKA_ID = [116,101,115,116,48,49]; // Buffer containing the string "test01"
attributesKeyPublic.CKA_PUBLIC_EXPONENT = [1,0,1];
attributesKeyPrivate.CKA_TOKEN = true;
attributesKeyPrivate.CKA_PRIVATE = true;
attributesKeyPrivate.CKA_EXTRACTABLE = false;
attributesKeyPrivate.CKA_SENSITIVE = true;
attributesKeyPrivate.CKA_DECRYPT = !signOnly;
attributesKeyPrivate.CKA_UNWRAP = !signOnly;
attributesKeyPrivate.CKA_SIGN_RECOVER = true;
attributesKeyPrivate.CKA_SIGN = true;
attributesKeyPrivate.CKA_ID = [116,101,115,116,48,49];
theObjectPKCS11.C_GenerateKeyPair(sessionHandle, mechanismType, attributesKeyPublic, attributesKeyPrivate, generateKeyPairCallback);
Click the button to invoke the function.
C_Encrypt initializes, continues and terminates an encryption operation.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the key object's handle to encrypt with.
The Number parameter 'mechanismType' is the mechanism type to encrypt with. The expected value is the the value of a "CKM_xx" mechanism type.
The Byte Array object parameter 'data' is the data to encrypt (as [123, 124]).
var callback = {
success : function (status, data) {
var message = "The function returned the following the encrypted data (" + data.buffer + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
keyObjectHandle = 12,
mechanismType = 1, // Value of CKM_RSA_PKCS as described in the PKCS11 specification
data = [12, 13, 14, 15, 16];
theObjectPKCS11.C_Encrypt(sessionHandle, keyObjectHandle, mechanismType, data, callback);
Click the button to invoke the function.
C_Decrypt initializes, continues and terminates a decryption operation.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the key object's handle to decrypt with.
The Number parameter 'mechanismType' is the mechanism type to decrypt with. The expected value is the the value of a "CKM_xx" mechanism type.
The Byte Array object parameter 'data' is the data to decrypt (for example [123, 124]).
var callback = {
success : function (status, data) {
var message = "The function returned the following the decrypted data (" + data.buffer + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
keyObjectHandle = 12,
mechanismType = 1, // Value of CKM_RSA_PKCS as described in the PKCS11 specification
data = [12, 13, 14, 15, 16];
theObjectPKCS11.C_Decrypt(sessionHandle, keyObjectHandle, mechanismType, data, callback);
Click the button to invoke the function.
C_Sign initializes, continues and terminates a signature operation.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the object's handle to sign with.
The Number parameter 'mechanismType' is the mechanism type to sign with. The expected value is the the value of a "CKM_xx" mechanism type.
The Byte Array object parameter 'data' is the data to sign (as [123, 124]).
var callback = {
success : function (status, data) {
var message = "The function returned the following the signature (" + data.buffer + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
keyObjectHandle = 12,
mechanismType = 1,
data = [12,13,14,15,16];
theObjectPKCS11.C_Sign(sessionHandle, keyObjectHandle, mechanismType, data, callback);
Click the button to invoke the function.
C_Verify initializes, continues and terminates a signature verification.
The Number parameter 'sessionHandle' is the session’s handle.
The Number parameter 'objectHandle' is the object's handle to verify with.
The Number parameter 'mechanismType' is the mechanism type to verify with. The expected value is the the value of a "CKM_xx" mechanism type.
The Byte Array object parameter 'data' is the data to use for the verification (as [123, 124]).
The Byte Array object parameter 'signature' is the signature to verify (as [123, 124]).
var callback = {
success : function (status, data) {
var message = "The function returned the following the status (" + status + ")";
alert(message);
},
error : function (errorCode) {
alert("The function failed with code (" + errorCode + ")");
}
},
sessionHandle = 2,
keyObjectHandle = 12,
mechanismType = 1,
data = [12,13,14,15,16];
signature = [123, 125, ...];
theObjectPKCS11.C_Verify(sessionHandle, keyObjectHandle, mechanismType, data, signature, callback);
Click the button to invoke the function.