Manualshelf

HP-UX Kernel Cryptographic Module 2.1 User Guide (766149-002, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Kernel Cryptographic Module (KCM)
12345678910
HP-UX KCM also implements the following algorithms, which are required for supportability purposes
even though they are not FIPS 140-2 compliant.
PurposeOperationsKey sizeNon FIPS algo
Symmetric key operationsGenerate, Encrypt, and
Decrypt
128, 192, and 256
Mode: CFB
AES
Asymmetric key operationsGenerate key pair, Sign,
Verify, Wrap key, and
Unwrap key
1024 and 1536RSA
Digest operationsDigest160SHA-1
Key-Hash Message Authentication Code
(HMAC)
Digest (with key)160HMAC-SHA1
The interfaces supported by the library follows RSA Security Inc. PKCS #11 Cryptographic Token
Interface (Cryptoki) v 2.20 specification. For more information see, PKCS#11 specifications
document.
PKCS #11 API considerations
Following are the API considerations for PKCS#11:
In PKCS#11 terminology, KCM is a soft token used for software implementation. Hardware
related functions, data types, and features are not implemented by default.
There is only one conceptual slot with slotID=0 and conceptual token is assumed to be present
in the slot.
KCM does not store public or private token objects such as keys/certificates. Following are
the ramifications of this consideration:
KCM does not implement PIN related functions or functions that require PIN (For example,
C_Login) specified by PKCS#11.
Session type will be R/W user functions by default. There is no distinction between R/O
and R/W session types.
No distinction is made between user session and SO session. The user is considered as
logged in by default at the point of opening a session and logged out when the session
is closed.
KCM implements CK_RV type functions and does not support CK_NOTIFY type. Hence it does
not support callback functions and events.
Multiple thread access to a single PKCS#11 session is not supported.
There will be limited support for objects and object related functions as per the scope of APIs
implemented by KCM. They are used only to invoke KCM supported PKCS#11 functions and
retrieve the data returned by functions.
KCM supports the following objects:
Data objects CKO_DATA
Key objects - CKO_PUBLIC_KEY, CKO_PRIVATE_KEY, CKO_SECRET_KEY
6 Overview