Sample code for 30+ languages & platforms
DataFlex

PKCS11 Get Token Info

See more PKCS11 Examples

Example showing how to discover the readers (slots) and smart cards and tokens available through a vendor's PKCS11 Cryptoki module, and get token information for each.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoPkcs11
    Boolean iOnlyTokensPresent
    Variant vJson
    Handle hoJson
    Integer iId
    String sSlotDescription
    Boolean iTokenPresent
    Boolean iRemovableDevice
    Boolean iHardwareSlot
    Integer iHardwareVersionMajor
    Integer iHardwareVersionMinor
    Integer iFirmwareVersionMajor
    Integer iFirmwareVersionMinor
    String sTokenLabel
    String sTokenManufacturerID
    String sTokenModel
    String sTokenSerialNumber
    Integer iTokenMaxSessionCount
    Integer iTokenSessionCount
    Integer iTokenMaxRwSessionCount
    Integer iTokenRwSessionCount
    Integer iTokenMaxPinLen
    Integer iTokenMinPinLen
    Integer iTokenTotalPublicMemory
    Integer iTokenFreePublicMemory
    Integer iTokenTotalPrivateMemory
    Integer iTokenFreePrivateMemory
    Integer iTokenHardwareVersionMajor
    Integer iTokenHardwareVersionMinor
    Integer iTokenFirmwareVersionMajor
    Integer iTokenFirmwareVersionMinor
    String sTokenUtcTime
    Integer iTokenRsaMinKeySize
    Integer iTokenRsaMaxKeySize
    Integer j
    Integer iCount_j
    String sStrVal
    String sTokenFlag
    Integer iCryptokiVersionMajor
    Integer iCryptokiVersionMinor
    String sManufacturerID
    String sLibraryDescription
    Integer iLibraryVersionMajor
    Integer iLibraryVersionMinor
    Integer i
    Integer iCount_i
    Variant vAFlags
    Handle hoAFlags
    String sTemp1
    Integer iTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

    Get Create (RefClass(cComChilkatPkcs11)) To hoPkcs11
    If (Not(IsComObjectCreated(hoPkcs11))) Begin
        Send CreateComObject of hoPkcs11
    End

    // Specify the vendor's Cryptoki module DLL / shared lib.
    // The following PKCS11 driver DLL is for the WatchData ProxKey USB token. 
    // You would use your smartcard/token vendor's PKCS11 driver DLL.
    Set ComSharedLibPath Of hoPkcs11 To "SignatureP11.dll"

    Get ComInitialize Of hoPkcs11 To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Call Discover to discover what's available.
    // Indicate that we only want to return slots (readers) where tokens (or smart cards) are present.
    Move True To iOnlyTokensPresent
    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get pvComObject of hoJson to vJson
    Get ComDiscover Of hoPkcs11 iOnlyTokensPresent vJson To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Set ComEmitCompact Of hoJson To False
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // Sample JSON output.
    // Code for parsing this JSON is shown below..

    // {
    //   "cryptokiVersion": {
    //     "major": 2,
    //     "minor": 10
    //   },
    //   "manufacturerID": "WatchData",
    //   "libraryDescription": "PKCS#11 cryptoki module",
    //   "libraryVersion": {
    //     "major": 3,
    //     "minor": 10
    //   },
    //   "slot": [
    //     {
    //       "id": 16385,
    //       "slotDescription": "Watchdata IC CARD Reader/Writer",
    //       "manufacturerID": "Watchdata",
    //       "tokenPresent": true,
    //       "removableDevice": true,
    //       "hardwareSlot": true,
    //       "hardwareVersion": {
    //         "major": 1,
    //         "minor": 0
    //       },
    //       "firmwareVersion": {
    //         "major": 1,
    //         "minor": 0
    //       },
    //       "token": {
    //         "label": "WD PROXKey",
    //         "manufacturerID": "Watchdata Corp.",
    //         "model": "TimeCos/PK",
    //         "serialNumber": "WD05376504",
    //         "flags": [
    //           "CKF_RNG",
    //           "CKF_LOGIN_REQUIRED",
    //           "CKF_USER_PIN_INITIALIZED",
    //           "CKF_DUAL_CRYPTO_OPERATIONS",
    //           "CKF_TOKEN_INITIALIZED"
    //         ],
    //         "maxSessionCount": 0,
    //         "sessionCount": 0,
    //         "maxRwSessionCount": 0,
    //         "rwSessionCount": 0,
    //         "maxPinLen": 32,
    //         "minPinLen": 6,
    //         "totalPublicMemory": 61440,
    //         "freePublicMemory": 70144,
    //         "totalPrivateMemory": 61440,
    //         "freePrivateMemory": 70144,
    //         "hardwareVersion": {
    //           "major": 2,
    //           "minor": 1
    //         },
    //         "firmwareVersion": {
    //           "major": 0,
    //           "minor": 0
    //         },
    //         "utcTime": "2024011509254600",
    //         "mechanism": [
    //           "CKM_RSA_PKCS_KEY_PAIR_GEN",
    //           "CKM_EC_KEY_PAIR_GEN",
    //           "CKM_DES_KEY_GEN",
    //           "80000001",
    //           "8000000B",
    //           "CKM_AES_KEY_GEN",
    //           "CKM_DES2_KEY_GEN",
    //           "CKM_DES3_KEY_GEN",
    //           "CKM_RSA_PKCS",
    //           "CKM_RSA_X_509",
    //           "CKM_ECDSA",
    //           "CKM_ECDSA_SHA1",
    //           "CKM_MD2_RSA_PKCS",
    //           "CKM_MD5_RSA_PKCS",
    //           "CKM_SHA1_RSA_PKCS",
    //           "CKM_SHA256_RSA_PKCS",
    //           "CKM_DES_ECB",
    //           "CKM_DES_CBC",
    //           "CKM_DES_CBC_PAD",
    //           "80000002",
    //           "CKM_CPK_ECDSA",
    //           "CKM_CPK_ECDSA_SHA1",
    //           "8000000C",
    //           "8000000D",
    //           "8000000E",
    //           "CKM_AES_ECB",
    //           "CKM_AES_CBC",
    //           "CKM_AES_CBC_PAD",
    //           "CKM_DES3_ECB",
    //           "CKM_DES3_CBC",
    //           "CKM_DES3_CBC_PAD",
    //           "CKM_SHA_1",
    //           "CKM_SHA_1_HMAC",
    //           "CKM_SHA_1_HMAC_GENERAL",
    //           "CKM_SHA256",
    //           "CKM_SHA256_HMAC",
    //           "CKM_SHA256_HMAC_GENERAL",
    //           "CKM_MD2",
    //           "CKM_MD2_HMAC",
    //           "CKM_MD2_HMAC_GENERAL",
    //           "CKM_MD5",
    //           "CKM_MD5_HMAC",
    //           "CKM_MD5_HMAC_GENERAL",
    //           "CKM_SSL3_PRE_MASTER_KEY_GEN",
    //           "CKM_SSL3_MASTER_KEY_DERIVE",
    //           "CKM_SSL3_KEY_AND_MAC_DERIVE",
    //           "CKM_SSL3_MD5_MAC",
    //           "CKM_SSL3_SHA1_MAC"
    //         ],
    //         "rsa": {
    //           "minKeySize": 1024,
    //           "maxKeySize": 4096
    //         }
    //       }
    //     }
    //   ]
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    Get ComIntOf Of hoJson "cryptokiVersion.major" To iCryptokiVersionMajor
    Get ComIntOf Of hoJson "cryptokiVersion.minor" To iCryptokiVersionMinor
    Get ComStringOf Of hoJson "manufacturerID" To sManufacturerID
    Get ComStringOf Of hoJson "libraryDescription" To sLibraryDescription
    Get ComIntOf Of hoJson "libraryVersion.major" To iLibraryVersionMajor
    Get ComIntOf Of hoJson "libraryVersion.minor" To iLibraryVersionMinor
    Move 0 To i
    Get ComSizeOfArray Of hoJson "slot" To iCount_i
    While (i < iCount_i)
        Set ComI Of hoJson To i
        Get ComIntOf Of hoJson "slot[i].id" To iId
        Get ComStringOf Of hoJson "slot[i].slotDescription" To sSlotDescription
        Get ComStringOf Of hoJson "slot[i].manufacturerID" To sManufacturerID
        Get ComBoolOf Of hoJson "slot[i].tokenPresent" To iTokenPresent
        Get ComBoolOf Of hoJson "slot[i].removableDevice" To iRemovableDevice
        Get ComBoolOf Of hoJson "slot[i].hardwareSlot" To iHardwareSlot
        Get ComIntOf Of hoJson "slot[i].hardwareVersion.major" To iHardwareVersionMajor
        Get ComIntOf Of hoJson "slot[i].hardwareVersion.minor" To iHardwareVersionMinor
        Get ComIntOf Of hoJson "slot[i].firmwareVersion.major" To iFirmwareVersionMajor
        Get ComIntOf Of hoJson "slot[i].firmwareVersion.minor" To iFirmwareVersionMinor
        Get ComStringOf Of hoJson "slot[i].token.label" To sTokenLabel
        Get ComStringOf Of hoJson "slot[i].token.manufacturerID" To sTokenManufacturerID
        Get ComStringOf Of hoJson "slot[i].token.model" To sTokenModel
        Get ComStringOf Of hoJson "slot[i].token.serialNumber" To sTokenSerialNumber
        Get ComIntOf Of hoJson "slot[i].token.maxSessionCount" To iTokenMaxSessionCount
        Get ComIntOf Of hoJson "slot[i].token.sessionCount" To iTokenSessionCount
        Get ComIntOf Of hoJson "slot[i].token.maxRwSessionCount" To iTokenMaxRwSessionCount
        Get ComIntOf Of hoJson "slot[i].token.rwSessionCount" To iTokenRwSessionCount
        Get ComIntOf Of hoJson "slot[i].token.maxPinLen" To iTokenMaxPinLen
        Get ComIntOf Of hoJson "slot[i].token.minPinLen" To iTokenMinPinLen
        Get ComIntOf Of hoJson "slot[i].token.totalPublicMemory" To iTokenTotalPublicMemory
        Get ComIntOf Of hoJson "slot[i].token.freePublicMemory" To iTokenFreePublicMemory
        Get ComIntOf Of hoJson "slot[i].token.totalPrivateMemory" To iTokenTotalPrivateMemory
        Get ComIntOf Of hoJson "slot[i].token.freePrivateMemory" To iTokenFreePrivateMemory
        Get ComIntOf Of hoJson "slot[i].token.hardwareVersion.major" To iTokenHardwareVersionMajor
        Get ComIntOf Of hoJson "slot[i].token.hardwareVersion.minor" To iTokenHardwareVersionMinor
        Get ComIntOf Of hoJson "slot[i].token.firmwareVersion.major" To iTokenFirmwareVersionMajor
        Get ComIntOf Of hoJson "slot[i].token.firmwareVersion.minor" To iTokenFirmwareVersionMinor
        Get ComStringOf Of hoJson "slot[i].token.utcTime" To sTokenUtcTime
        Get ComIntOf Of hoJson "slot[i].token.rsa.minKeySize" To iTokenRsaMinKeySize
        Get ComIntOf Of hoJson "slot[i].token.rsa.maxKeySize" To iTokenRsaMaxKeySize

        // The following token flag strings are possible:

        // CKF_RNG: has random # generator

        // CKF_WRITE_PROTECTED: token is write-protected

        // CKF_LOGIN_REQUIRED:user must login

        // CKF_USER_PIN_INITIALIZED:normal user's PIN is set

        // CKF_RESTORE_KEY_NOT_NEEDED: Every time the state of cryptographic operations of a session is
        //    successfully saved, all keys needed to continue those operations are stored in the state

        // CKF_CLOCK_ON_TOKEN: The token has some sort of clock.  The time on the clock is returned in the slot[i].token.utcTime

        // CKF_PROTECTED_AUTHENTICATION_PATH: There is some way for the user to login without sending a PIN through the Cryptoki library itself

        // CKF_DUAL_CRYPTO_OPERATIONS: A single session with the token can perform dual simultaneous cryptographic operations
        //    (digest and encrypt; decrypt and digest; sign and encrypt; and decrypt and sign)

        // CKF_TOKEN_INITIALIZED: The token has been initialized.

        // CKF_SECONDARY_AUTHENTICATION: The token supports secondary authentication for private key objects.

        // CKF_USER_PIN_COUNT_LOW: An incorrect user login PIN has been entered at least once since the last successful authentication.

        // CKF_USER_PIN_FINAL_TRY: Supplying an incorrect user PIN will it to become locked.

        // CKF_USER_PIN_LOCKED: The user PIN has been locked. User login to the token is not possible.

        // CKF_USER_PIN_TO_BE_CHANGED: The user PIN value is the default value set by token initialization or manufacturing,
        //    or the PIN has been expired by the card.

        // CKF_SO_PIN_COUNT_LOW: An incorrect SO login PIN has been entered at least once since the last successful authentication.

        // CKF_SO_PIN_FINAL_TRY: Supplying an incorrect SO PIN will it to become locked.

        // CKF_SO_PIN_LOCKED: The SO PIN has been locked. SO login to the token is not possible.

        // CKF_SO_PIN_TO_BE_CHANGED: The SO PIN value is the default value set by token initialization or manufacturing,
        //    or the PIN has been expired by the card.

        // To see if particular flags are present:
        Get ComArrayOf Of hoJson "slot[i].token.flags" To vAFlags
        If (IsComObject(vAFlags)) Begin
            Get Create (RefClass(cComChilkatJsonArray)) To hoAFlags
            Set pvComObject Of hoAFlags To vAFlags
        End
        Get ComFindString Of hoAFlags "CKF_USER_PIN_LOCKED" True To iTemp1
        If (iTemp1 >= 0) Begin
            Showln "The token is locked."
        End

        Get ComFindString Of hoAFlags "CKF_RNG" True To iTemp1
        If (iTemp1 >= 0) Begin
            Showln "The token has a random number generator."
        End

        // ...
        Send Destroy of hoAFlags

        // To iterate over all flags..
        Move 0 To j
        Get ComSizeOfArray Of hoJson "slot[i].token.flags" To iCount_j
        While (j < iCount_j)
            Set ComJ Of hoJson To j
            Get ComStringOf Of hoJson "slot[i].token.flags[j]" To sTokenFlag
            Move (j + 1) To j
        Loop

        Move 0 To j
        Get ComSizeOfArray Of hoJson "slot[i].token.mechanism" To iCount_j
        While (j < iCount_j)
            Set ComJ Of hoJson To j
            Get ComStringOf Of hoJson "slot[i].token.mechanism[j]" To sStrVal
            Move (j + 1) To j
        Loop

        Move (i + 1) To i
    Loop



End_Procedure