Profile

I have a feeling it was Solaris that requested CKM_AES_CTS be added to PKCS#11 2.40, if so it would have been for use by Kerberos. So according to SP800-38a-aad that suggests it would be CS3. Oracle Solaris 11.4 has CKM_AES_CTS implemented in pkcs11_softtoken and our kernel aes module. A quick ...

On 22/10/2021 13:02, Daniel Minder wrote: Section 4.13.2: Definition of CKA_VALIDATION_LEVEL : an ULONG type fits well to specify a FIPS Level like 1,2, 3 or 4. It doesn t fit that well to specify a Common Criteria Evaluation Assurance Level which may be 4+ for example. A type CK_UTF8CHAR might fit better ...

On 27/05/2021 22:50, Robert Relyea wrote: On 5/27/21 2:46 AM, Darren J Moffat wrote: Why would we need a new function for an FIPS indicator ? For a session could we use a flag that can be reported via the CK_SESSION_INFO ? Similarly a flag for CK_MECHANISM_INFO to indicate if the slot/token combination ...

Why would we need a new function for an FIPS indicator ? For a session could we use a flag that can be reported via the CK_SESSION_INFO ? Similarly a flag for CK_MECHANISM_INFO to indicate if the slot/token combination allows it to provide services in a FIPS 140 compatible way. Then for keys an attribute ...

On 09/02/2017 01:21, Tim Hudson wrote: A simple extension to C_Login to allow specification of a username for those devices which support multiple users. /* C_LoginUser logs a user into a token. */ CK_PKCS11_FUNCTION_INFO(C_LoginUser) #ifdef CK_NEED_ARG_LIST ( CK_SESSION_HANDLE hSession, /* the session's ...