Session Methods

Create a signature configuration based on signing certificate

Create a signature configuration based on the private key's ID and an external certificate

Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).

The private key object is identified using its ID, i.e. the CKA_ID object attribute in the PKCS#11 store.

The certificates of the trust chain should be added using AddCertificate(Stream).

Create a signature configuration based on the private key's label (name) and an external certificate

Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).

The private key object is identified using its label, i.e. the CKA_LABEL object attribute in the PKCS#11 store.

The certificates of the trust chain should be added using AddCertificate(Stream).

Create a signature configuration based on certificate name

Create a time-stamp configuration

Close the object

Log in user into the cryptographic device

Login is typically required to enable cryptographic operations. Furthermore, some of the device's objects such as certificates or private keys might only be visible when logged in.

Note that many devices are locked after a number of failed login attempts. Therefore, it is crucial to not retry this method using the same password after a failed attempt.