HP-UX Kernel Cryptographic Module 1.0 User Guide (766149-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Kernel Cryptographic Module (KCM)

Asymmetric key operationsGenerate key pair, Sign,

Verify, Wrap key, and

Unwrap key

1024 and 1536RSA

Digest operationsDigest160SHA-1

Key-Hash Message Authentication Code

(HMAC)

Digest (with key)160HMAC-SHA1

The interfaces supported by the library follows RSA Security Inc. PKCS#11 V.2.20 specification.

For more information see, PKCS#11 specifications document.

PKCS #11 API considerations

Following are the API considerations for PKCS#11:

• In PKCS#11 terminology, KCM is a soft token used for software implementation. Hardware

related functions, data types, and features are not implemented by default.

• There is only one conceptual slot with slotID=0 and conceptual token is assumed to be present

in the slot.

• KCM does not store public or private token objects such as keys/certificates. Following are

the ramifications of this consideration:

◦ KCM does not implement PIN related functions or functions that require PIN (For example,

C_Login) specified by PKCS#11.

◦ Session type will be R/W user functions by default. There is no distinction between R/O

and R/W session types.

◦ No distinction is made between user session and SO session. The user is considered as

logged in by default at the point of opening a session and logged out when the session

is closed.

• KCM implements CK_RV type functions and does not support CK_NOTIFY type. Hence it does

not support callback functions and events.

• Multiple thread access to a single PKCS#11 session is not supported.

• There will be limited support for objects and object related functions as per the scope of APIs

implemented by KCM. They are used only to invoke KCM supported PKCS#11 functions and

retrieve the data returned by functions.

KCM supports the following objects:

◦ Data objects – CKO_DATA

◦ Key objects - CKO_PUBLIC_KEY, CKO_PRIVATE_KEY, CKO_SECRET_KEY

• Table 1 (page 6) describes the mechanisms supported by HP-UX KCM.

Table 1 Mechanisms supported by HP-UX KCM

FunctionsMechanism

DeriveWrap

and

Unwrap

Gen Key or

Key Pair

DigestSR and

Sign

and

Verify

Encrypt

and

Decrypt

√CKM_RSA_PKCS_KEY_PAIR_GEN

√√√CKM_RSA_PKCS

√CKM_SHA256_RSA_PKCS

√CKM_SHA384_RSA_PKCS

6 Overview