DoD CAC Middleware Requirements - IDManagement.gov
DoD CAC Middleware Requirements - IDManagement.gov
DoD CAC Middleware Requirements - IDManagement.gov
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Appendix C- PKCS 11 Functions<br />
The P11 module should be compatible with at least Version 2.11 of the cryptoki header files<br />
available at: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/index.html.<br />
Note: <strong>DoD</strong> understands during the development of this document, a newer version was released,<br />
but version 2.11 is still widely used so is a minimum requirement.<br />
The PKCS#11 registry setting shall identify the vendor and the fully qualified path of the DLL<br />
that supports the PKCS#11 interface.<br />
Key<br />
[HKEY_LOCAL_MACHINE\SOFTWARE\GSC\Cryptography\PKCS#11\<br />
Key Values Type Setting Default Setting<br />
“PKCS#11DLL” String N/A<br />
“Vendor” String N/A<br />
Setting Description<br />
Fully qualified path to the PKCS11 DLL<br />
Vendor’s full name.<br />
Example<br />
[HKEY_LOCAL_MACHINE\SOFTWARE\GSC\Cryptography\PKCS#11\Vendor1]<br />
”PKCS#11DLL”=”c:\windows\system32\pkcs11.dll”<br />
“Vendor”=”<strong>Middleware</strong> Vendor 1”<br />
Figure 9<br />
PKCS#11 Test Inputs<br />
CK_ATTRIBUTE one[7], two[7], three[7]; two[3].type = CKA_MODIFIABLE;<br />
CK_OBJECT_CLASS cko_data =<br />
CKO_DATA;<br />
two[3].pValue = &__true;<br />
CK_BBOOL __false = CK_FALSE, __true = two[3].ulValueLen =<br />
CK_TRUE;<br />
sizeof(CK_BBOOL);<br />
char *key = "TEST PROGRAM"; two[4].type = CKA_LABEL;<br />
CK_ULONG key_len = strlen(key); two[4].pValue = "Test data object two";<br />
one[0].type = CKA_CLASS; two[4].ulValueLen = strlen((const<br />
char*)two[4].pValue);<br />
one[0].pValue = &cko_data; two[5].type = CKA_APPLICATION;<br />
one[0].ulValueLen =<br />
sizeof(CK_OBJECT_CLASS);<br />
two[5].pValue = key;<br />
UNCLASSIFIED 30