Skip to end of metadata
Go to start of metadata

Use case: Initialising a token

Description

This use case describes the steps taken internally within SoftHSM v2 to initialise a token when a caller of the library calls C_InitToken

Sequence diagram

Steps in the sequence diagram

  1. An external application calls C_GetSlotList on the PKCS#11 interface
  2. This triggers a call to the Slot Manager component to obtain a list of available slots
  3. The PKCS#11 interface component translates this result to PKCS#11 primitives and returns from the call to C_GetSlotList
  4. The external application calls C_GetTokenInfo on the PKCS#11 interface
  5. This triggers a call to the Slot Manager component to obtain information about the requested slot
  6. The PKCS#11 interface component translates the result to PKCS#11 primitives and returns from the call to C_GetTokenInfo
  7. The external application calls C_InitToken on the PKCS#11 interface
  8. This triggers a call to the Slot Manager component
  9. The Slot Manager calls the Secure Object Store to request the creation of a new token
  10. The Secure Object Store returns a new token object
  11. The Slot Manager calls the User Manager to set a new SO PIN on the newly created token
  12. The User Manager calls the Crypto Abstraction to hash the SO PIN
  13. The User Manager calls the Secure Object Store to store the hashed SO PIN
  14. The call to C_InitToken on the PKCS#11 interface returns succesfully
  15. The external application calls C_OpenSession to open a session to the new token in the specified slot
  16. The PKCS#11 interface calls the Session Manager to open a session
  17. The Session Manager calls the Slot Manager to check if a token is present in the specified slot
  18. The Slot Manager calls the Secure Object Store to check if a token is present
  19. The call to C_OpenSession returns succesfully
  20. The external application calls C_Login to login with the SO PIN
  21. The PKCS#11 interface calls the Session Manager to log the session in
  22. The Session Manager calls the User Manager to verify the PIN
  23. The call to C_Login returns successfully
  24. The external application calls C_InitPIN to initialise the user PIN
  25. The PKCS#11 interface calls the Session Manager to initialise the PIN for the token in that session
  26. The Session Manager calls the User Manager to initialise the user PIN
  27. The User Manager calls the Crypto Abstraction to hash the user PIN
  28. The User Manager calls the Secure Object Store to store the hashed PIN
  29. The User Manager calls the Secure Data Manager to create a new secret key derived from the PIN
  30. The Secure Data Manager derives a new key from the PIN using the Crypto Abstraction
  31. The Secure Data Manager generates a new secret key which it encrypts using the key derived from the PIN
  32. The Secure Data Manager returns the encrypted key which is stored by the User Manager in the Secure Object Store
  33. The call to C_InitPIN returns successfully
  • No labels