Signing and MACing functions
This section describes PKCS#11 signing and MACing functions.
C_SignInit
This function operates as specified in PKCS#11.
In addition it is required to specify the signing key and signing mechanism used to create X509 certificates with the CKM_ENCODE_X_509
, CKM_ENCODE_LOCAL_CERT
and CKM_ENCODE_PKCS10
mechanisms.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session, the session state must be either CKS_RW_USER_FUNCTIONS
, or CKS_RO_USER_FUNCTIONS
otherwise the error result CKR_USER_NOT_LOGGED_IN
is returned.
If the object referenced by the hKey parameter has the CKA_USAGE_COUNT
attribute its value is incremented by this function.
Synopsis
C_SignInit(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
C_Sign
This function operates as specified in PKCS#11.
Synopsis
C_Sign(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
C_SignUpdate
This function operates as specified in PKCS#11.
Synopsis
C_SignUpdate(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
C_SignFinal
This function operates as specified in PKCS#11.
Synopsis
C_SignFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
C_SignRecoverInit
This function operates as specified in PKCS#11.
If the CKF_LOGIN_REQUIRED
flag is set for the Token associated with the provided session the session state must be either CKS_RW_USER_FUNCTIONS
, or CKS_RO_USER_FUNCTIONS
otherwise the error result CKR_USER_NOT_LOGGED_IN
is returned.
If the object referenced by the hKey parameter has the CKA_USAGE_COUNT
attribute its value is incremented by this function.
Synopsis
C_SignRecoverInit(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
C_SignRecover
This function operates as specified in PKCS#11.
Synopsis
C_SignRecover(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);