This option allows you to encrypt a file. You are asked which encryption mechanism you wish to use, then the path and filename of the file to be encrypted, and finally the key handle of the key to be used in the encryption operation.

This option allows you to decrypt an encrypted file. You are asked for the encryption mechanism to use to decrypt the file, path and name of the file to be decrypted, and the handle of the key to be used for the decryption.

This option signs a string of data using a token signing mechanism. You are prompted for the signing mechanism that you wish to use, the data to be signed, and the key handle of the signing key (private key when using a Private/Public key pair).

NOTE   This option takes in a string of data to be signed from the keyboard, rather than a filename of a file containing the data (like encryption does). The signature is saved to a file called SIGN.BIN.

This option verifies a signature against a string of data. You are prompted for the mechanism to be used for verification, the data to be verified and the key handle of the verification key. The signature is read from the file SIGN.BIN that is generated during the sign operation.

File This option prompts for the hashing mechanism to be used, and the name of the file to be hashed. The hash value is saved to a file called DIGEST.HSH at the end of the operation.

This option performs key generation on the token. You are presented with a menu of possible key types. Depending on the key type being generated, you are asked a list of question about the attributes of the key(s). If the option to use array attributes is enabled through the OTHERS menu, you are presented with the option to use and edit a CKA_UNWRAP_TEMPLATE or CKA_DERIVE_TEMPLATE. These templates affect the (61) Unwrap Key and (63) Derive Key functions.