D 2019-06-12T21:41:10.853
L TclPKCS11
N text/x-markdown
P 0b83e8c6f42781a77225ee796e431124c7ff2d9a4d56a3a180cf3f9e8868b3db
U rkeene
W 1733
# RSA's Public Key Cryptographic Standard (PKCS) #11 for Tcl
## Introduction
Public Key Cryptography Standard (PKCS) Number 11 specifies an API for interfacing with cryptographic tokens. These cryptographic tokens are usually separate hardware devices that do not provide direct access to the keying materials under normal use -- instead they directly perform the cryptographic operations on the hardware module. This provides additional security and can be used for off-loading CPU intensive operations to specialized hardware.
This package lets Tcl scripts interface with PKCS#11 modules.
This package requires the "pki" extension, which is pure Tcl and can be
found in Tcllib.
Some PKCS#11 providers:
* [CACKey](https://cackey.rkeene.org/)
* [CoolKey](http://directory.fedoraproject.org/wiki/CoolKey)
* [OpenSC](http://www.opensc-project.org/opensc)
## Downloads
* [Latest Release](/uv/releases/tclpkcs11-0.9.12.tar.gz)
* [Archive](/uvlist)
## Information
* [Usage](/doc/trunk/usage.txt)
## Simple Example
package require pki
package require pki::pkcs11
set handle [pki::pkcs11::loadmodule /usr/lib/pkcs11/libcackey.so]
pki::pkcs11::login $handle $slotId 123456
set slots [pki::pkcs11::listslots $handle]
set slotId [lindex $slots 0 0]
set certs [pki::pkcs11::listcerts $handle $slotId]
set cert [lindex $certs 0]
set plain "TestMsg"
set cipher [pki::encrypt -binary -pub -- $plain $cert]
set check [pki::decrypt -binary -priv -- $cipher $cert]
puts "Plain: $plain"
puts "Check: $check"
Z db807fb0d5b157bab3326c544f03a6e5