Technical Specifications

Mechanisms

The PKCS#11 standard defines a mechanism as "a process for implementing a cryptographic operation". In short, it is a cryptographic algorithm, sequence of algorithms or protocol.

The mechanisms currently supported by ProtectToolKit C include:

• Public Key Encryption - RSA (up to 4096 bits)
• Key Agreement - Diffie-Hellman (DH, up to 4096 bit)
• Digital Signatures - RSA (up to 4096 bit), Digital Signature Algorithm (DSA, 1024-bit), ECDSA (NIST reference curves, e.g. P-224, P-384, P-521)
• Symmetric Ciphers - AES,DES,3DES,IDEA,CAST-128,RC2,RC4,SEED, PKCS#5 Password Based Encryption (PBE)
• Message Digests - MDC2, MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160
• Message Authentication Codes (MAC) - AES-MAC, DES-MAC, 3DES-MAC, X 9.9, X9.19, CAST-128-MAC, IDEA-MAC, HMAC-MD2, HMAC-MD5, HMAC-RIPEMD128, HMAC-RIPEMD160, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, SEED-MAC, SSL3-MD5-MAC, SSL3-SHA1-MAC
• Certificate handling - PKCS#10, X.509, PKCS#7 decode, PKCS#12 key and certificate import
• Key Management - Random generation, Split custody key entry, N-of-M secret sharing
• Key Derivation - XOR, concatenation, DH Derive, ZKA MDC2 Derive
• Miscellaneous - SSL mechanisms

Supported Smart Cards and Smart Card Readers

• Smart Cards: Gemplus GPK 4000/GPK 8000/GPK 16000
• Smart Card Readers: Towitoko CHIPDRIVE Extern 320/CHIPDRIVE Micro 120/
• Gemplus GemPC410

Check with SafeNet Inc. to confirm latest smart card additions.

Platforms

• Windows WIN32, NT 4.0, 2000, XP, Server 2003
• Solaris (SPARC), 2.7, 2.8, 2.9
• Linux kernel 2.2, 2,4, 2.6 (Intel), Red Hat, Fedora and SuSE
• SCO UnixWare 7
• SCO OpenServer 5
• HP-UX 11i (PA-RISC and Itanium)
• AIX 5.2, 5.3
• The Remote PKCS#11 Client is easily portable to support other operating system environments