This guide contains all the necessary information for application developers in order to use certgate's middleware with dedicated smartcards. It gives a basic instruction to PKCS11 and lists all deviations from the cryptoki-standard which are necessary to support all certgate products with pre-installed smartcard applets (e.g. cgCard or cgToken). This guide is devided as follows:
- Chapter
First we introduce you with some basic knownledge of PKCS11 and its underlying class layout - Chapter
Then all PKCS11-functions supported by our middleware are listed. Each function implements pre-defined requirements engineered in accordance with cryptoki-specification. These are also listed identified by the following requirement syntax:
@CTXXX where X are numbers between 0-9.
e.g. @CT001: pInitArgs shall have value NULL or shall point to a structure of type CK_C_INITIALIZE_ARGS.
Furthermore we show which cryptographic mechanisms are supported by our library. - Chapter
Then function specific templates are given. Most of the functions communicating with the smartcard handle those templates in order to e.g. generate a key-pair stored on the card. A template combines several attributes where not all functions support all combinations. This chapter shows which attributes are mandatory and how they are combined to build different use cases (e.g. object import or object generation). - Chapter
Followed by showing the differences to standard cryptoki-specification. In order to support all the features offered by the applet some deviations are necessary. In this part of the documentation we give you information and reasons about those differences. - Chapter
At the end of this guide basic examples shall strengthen the understading of PKCS11 / the use of the middleware.
Who is this guide for?
For app developers who want to use native PKCS11 code to maintain smartcard-objects (keypairs, secret keys, certificates, storage objects) or use on-card-cryptography. PKCS11 can be used platform independent (all systems which support c / c++). Our library is shipped platform specific as e.g. .dll or .lib (with separate headers) and can be dynamically loaded into your program. Loading the library is outside of scope of this documentation.
What typographical conventions are used?
| Warning |
| Note Provides additional information on a topic, and emphasize important facts and considerations. |
| Tip Inform about best practices and other recommendations. |
| Note You should have some basic understanding about Public-Key cryptography, digital certificates, digital signature and Public Key Infrastructure (PKI) in order for you to understand the discussed topics. |