Sample code for 30+ languages & platforms
Delphi DLL

PKCS11 Get Token Info

See more PKCS11 Examples

Example showing how to discover the readers (slots) and smart cards and tokens available through a vendor's PKCS11 Cryptoki module, and get token information for each.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, JsonArray, Pkcs11, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
pkcs11: HCkPkcs11;
onlyTokensPresent: Boolean;
json: HCkJsonObject;
id: Integer;
slotDescription: PWideChar;
tokenPresent: Boolean;
removableDevice: Boolean;
hardwareSlot: Boolean;
hardwareVersionMajor: Integer;
hardwareVersionMinor: Integer;
firmwareVersionMajor: Integer;
firmwareVersionMinor: Integer;
tokenLabel: PWideChar;
tokenManufacturerID: PWideChar;
tokenModel: PWideChar;
tokenSerialNumber: PWideChar;
tokenMaxSessionCount: Integer;
tokenSessionCount: Integer;
tokenMaxRwSessionCount: Integer;
tokenRwSessionCount: Integer;
tokenMaxPinLen: Integer;
tokenMinPinLen: Integer;
tokenTotalPublicMemory: Integer;
tokenFreePublicMemory: Integer;
tokenTotalPrivateMemory: Integer;
tokenFreePrivateMemory: Integer;
tokenHardwareVersionMajor: Integer;
tokenHardwareVersionMinor: Integer;
tokenFirmwareVersionMajor: Integer;
tokenFirmwareVersionMinor: Integer;
tokenUtcTime: PWideChar;
tokenRsaMinKeySize: Integer;
tokenRsaMaxKeySize: Integer;
j: Integer;
count_j: Integer;
strVal: PWideChar;
tokenFlag: PWideChar;
cryptokiVersionMajor: Integer;
cryptokiVersionMinor: Integer;
manufacturerID: PWideChar;
libraryDescription: PWideChar;
libraryVersionMajor: Integer;
libraryVersionMinor: Integer;
i: Integer;
count_i: Integer;
aFlags: HCkJsonArray;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

pkcs11 := CkPkcs11_Create();

// Specify the vendor's Cryptoki module DLL / shared lib.
// The following PKCS11 driver DLL is for the WatchData ProxKey USB token. 
// You would use your smartcard/token vendor's PKCS11 driver DLL.
CkPkcs11_putSharedLibPath(pkcs11,'SignatureP11.dll');

success := CkPkcs11_Initialize(pkcs11);
if (success = False) then
  begin
    Memo1.Lines.Add(CkPkcs11__lastErrorText(pkcs11));
    Exit;
  end;

// Call Discover to discover what's available.
// Indicate that we only want to return slots (readers) where tokens (or smart cards) are present.
onlyTokensPresent := True;
json := CkJsonObject_Create();
success := CkPkcs11_Discover(pkcs11,onlyTokensPresent,json);
if (success = False) then
  begin
    Memo1.Lines.Add(CkPkcs11__lastErrorText(pkcs11));
    Exit;
  end;

CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

// Sample JSON output.
// Code for parsing this JSON is shown below..

// {
//   "cryptokiVersion": {
//     "major": 2,
//     "minor": 10
//   },
//   "manufacturerID": "WatchData",
//   "libraryDescription": "PKCS#11 cryptoki module",
//   "libraryVersion": {
//     "major": 3,
//     "minor": 10
//   },
//   "slot": [
//     {
//       "id": 16385,
//       "slotDescription": "Watchdata IC CARD Reader/Writer",
//       "manufacturerID": "Watchdata",
//       "tokenPresent": true,
//       "removableDevice": true,
//       "hardwareSlot": true,
//       "hardwareVersion": {
//         "major": 1,
//         "minor": 0
//       },
//       "firmwareVersion": {
//         "major": 1,
//         "minor": 0
//       },
//       "token": {
//         "label": "WD PROXKey",
//         "manufacturerID": "Watchdata Corp.",
//         "model": "TimeCos/PK",
//         "serialNumber": "WD05376504",
//         "flags": [
//           "CKF_RNG",
//           "CKF_LOGIN_REQUIRED",
//           "CKF_USER_PIN_INITIALIZED",
//           "CKF_DUAL_CRYPTO_OPERATIONS",
//           "CKF_TOKEN_INITIALIZED"
//         ],
//         "maxSessionCount": 0,
//         "sessionCount": 0,
//         "maxRwSessionCount": 0,
//         "rwSessionCount": 0,
//         "maxPinLen": 32,
//         "minPinLen": 6,
//         "totalPublicMemory": 61440,
//         "freePublicMemory": 70144,
//         "totalPrivateMemory": 61440,
//         "freePrivateMemory": 70144,
//         "hardwareVersion": {
//           "major": 2,
//           "minor": 1
//         },
//         "firmwareVersion": {
//           "major": 0,
//           "minor": 0
//         },
//         "utcTime": "2024011509254600",
//         "mechanism": [
//           "CKM_RSA_PKCS_KEY_PAIR_GEN",
//           "CKM_EC_KEY_PAIR_GEN",
//           "CKM_DES_KEY_GEN",
//           "80000001",
//           "8000000B",
//           "CKM_AES_KEY_GEN",
//           "CKM_DES2_KEY_GEN",
//           "CKM_DES3_KEY_GEN",
//           "CKM_RSA_PKCS",
//           "CKM_RSA_X_509",
//           "CKM_ECDSA",
//           "CKM_ECDSA_SHA1",
//           "CKM_MD2_RSA_PKCS",
//           "CKM_MD5_RSA_PKCS",
//           "CKM_SHA1_RSA_PKCS",
//           "CKM_SHA256_RSA_PKCS",
//           "CKM_DES_ECB",
//           "CKM_DES_CBC",
//           "CKM_DES_CBC_PAD",
//           "80000002",
//           "CKM_CPK_ECDSA",
//           "CKM_CPK_ECDSA_SHA1",
//           "8000000C",
//           "8000000D",
//           "8000000E",
//           "CKM_AES_ECB",
//           "CKM_AES_CBC",
//           "CKM_AES_CBC_PAD",
//           "CKM_DES3_ECB",
//           "CKM_DES3_CBC",
//           "CKM_DES3_CBC_PAD",
//           "CKM_SHA_1",
//           "CKM_SHA_1_HMAC",
//           "CKM_SHA_1_HMAC_GENERAL",
//           "CKM_SHA256",
//           "CKM_SHA256_HMAC",
//           "CKM_SHA256_HMAC_GENERAL",
//           "CKM_MD2",
//           "CKM_MD2_HMAC",
//           "CKM_MD2_HMAC_GENERAL",
//           "CKM_MD5",
//           "CKM_MD5_HMAC",
//           "CKM_MD5_HMAC_GENERAL",
//           "CKM_SSL3_PRE_MASTER_KEY_GEN",
//           "CKM_SSL3_MASTER_KEY_DERIVE",
//           "CKM_SSL3_KEY_AND_MAC_DERIVE",
//           "CKM_SSL3_MD5_MAC",
//           "CKM_SSL3_SHA1_MAC"
//         ],
//         "rsa": {
//           "minKeySize": 1024,
//           "maxKeySize": 4096
//         }
//       }
//     }
//   ]
// }

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

cryptokiVersionMajor := CkJsonObject_IntOf(json,'cryptokiVersion.major');
cryptokiVersionMinor := CkJsonObject_IntOf(json,'cryptokiVersion.minor');
manufacturerID := CkJsonObject__stringOf(json,'manufacturerID');
libraryDescription := CkJsonObject__stringOf(json,'libraryDescription');
libraryVersionMajor := CkJsonObject_IntOf(json,'libraryVersion.major');
libraryVersionMinor := CkJsonObject_IntOf(json,'libraryVersion.minor');
i := 0;
count_i := CkJsonObject_SizeOfArray(json,'slot');
while i < count_i do
  begin
    CkJsonObject_putI(json,i);
    id := CkJsonObject_IntOf(json,'slot[i].id');
    slotDescription := CkJsonObject__stringOf(json,'slot[i].slotDescription');
    manufacturerID := CkJsonObject__stringOf(json,'slot[i].manufacturerID');
    tokenPresent := CkJsonObject_BoolOf(json,'slot[i].tokenPresent');
    removableDevice := CkJsonObject_BoolOf(json,'slot[i].removableDevice');
    hardwareSlot := CkJsonObject_BoolOf(json,'slot[i].hardwareSlot');
    hardwareVersionMajor := CkJsonObject_IntOf(json,'slot[i].hardwareVersion.major');
    hardwareVersionMinor := CkJsonObject_IntOf(json,'slot[i].hardwareVersion.minor');
    firmwareVersionMajor := CkJsonObject_IntOf(json,'slot[i].firmwareVersion.major');
    firmwareVersionMinor := CkJsonObject_IntOf(json,'slot[i].firmwareVersion.minor');
    tokenLabel := CkJsonObject__stringOf(json,'slot[i].token.label');
    tokenManufacturerID := CkJsonObject__stringOf(json,'slot[i].token.manufacturerID');
    tokenModel := CkJsonObject__stringOf(json,'slot[i].token.model');
    tokenSerialNumber := CkJsonObject__stringOf(json,'slot[i].token.serialNumber');
    tokenMaxSessionCount := CkJsonObject_IntOf(json,'slot[i].token.maxSessionCount');
    tokenSessionCount := CkJsonObject_IntOf(json,'slot[i].token.sessionCount');
    tokenMaxRwSessionCount := CkJsonObject_IntOf(json,'slot[i].token.maxRwSessionCount');
    tokenRwSessionCount := CkJsonObject_IntOf(json,'slot[i].token.rwSessionCount');
    tokenMaxPinLen := CkJsonObject_IntOf(json,'slot[i].token.maxPinLen');
    tokenMinPinLen := CkJsonObject_IntOf(json,'slot[i].token.minPinLen');
    tokenTotalPublicMemory := CkJsonObject_IntOf(json,'slot[i].token.totalPublicMemory');
    tokenFreePublicMemory := CkJsonObject_IntOf(json,'slot[i].token.freePublicMemory');
    tokenTotalPrivateMemory := CkJsonObject_IntOf(json,'slot[i].token.totalPrivateMemory');
    tokenFreePrivateMemory := CkJsonObject_IntOf(json,'slot[i].token.freePrivateMemory');
    tokenHardwareVersionMajor := CkJsonObject_IntOf(json,'slot[i].token.hardwareVersion.major');
    tokenHardwareVersionMinor := CkJsonObject_IntOf(json,'slot[i].token.hardwareVersion.minor');
    tokenFirmwareVersionMajor := CkJsonObject_IntOf(json,'slot[i].token.firmwareVersion.major');
    tokenFirmwareVersionMinor := CkJsonObject_IntOf(json,'slot[i].token.firmwareVersion.minor');
    tokenUtcTime := CkJsonObject__stringOf(json,'slot[i].token.utcTime');
    tokenRsaMinKeySize := CkJsonObject_IntOf(json,'slot[i].token.rsa.minKeySize');
    tokenRsaMaxKeySize := CkJsonObject_IntOf(json,'slot[i].token.rsa.maxKeySize');

    // The following token flag strings are possible:

    // CKF_RNG: has random # generator

    // CKF_WRITE_PROTECTED: token is write-protected

    // CKF_LOGIN_REQUIRED:user must login

    // CKF_USER_PIN_INITIALIZED:normal user's PIN is set

    // CKF_RESTORE_KEY_NOT_NEEDED: Every time the state of cryptographic operations of a session is
    //    successfully saved, all keys needed to continue those operations are stored in the state

    // CKF_CLOCK_ON_TOKEN: The token has some sort of clock.  The time on the clock is returned in the slot[i].token.utcTime

    // CKF_PROTECTED_AUTHENTICATION_PATH: There is some way for the user to login without sending a PIN through the Cryptoki library itself

    // CKF_DUAL_CRYPTO_OPERATIONS: A single session with the token can perform dual simultaneous cryptographic operations
    //    (digest and encrypt; decrypt and digest; sign and encrypt; and decrypt and sign)

    // CKF_TOKEN_INITIALIZED: The token has been initialized.

    // CKF_SECONDARY_AUTHENTICATION: The token supports secondary authentication for private key objects.

    // CKF_USER_PIN_COUNT_LOW: An incorrect user login PIN has been entered at least once since the last successful authentication.

    // CKF_USER_PIN_FINAL_TRY: Supplying an incorrect user PIN will it to become locked.

    // CKF_USER_PIN_LOCKED: The user PIN has been locked. User login to the token is not possible.

    // CKF_USER_PIN_TO_BE_CHANGED: The user PIN value is the default value set by token initialization or manufacturing,
    //    or the PIN has been expired by the card.

    // CKF_SO_PIN_COUNT_LOW: An incorrect SO login PIN has been entered at least once since the last successful authentication.

    // CKF_SO_PIN_FINAL_TRY: Supplying an incorrect SO PIN will it to become locked.

    // CKF_SO_PIN_LOCKED: The SO PIN has been locked. SO login to the token is not possible.

    // CKF_SO_PIN_TO_BE_CHANGED: The SO PIN value is the default value set by token initialization or manufacturing,
    //    or the PIN has been expired by the card.

    // To see if particular flags are present:
    aFlags := CkJsonObject_ArrayOf(json,'slot[i].token.flags');
    if (CkJsonArray_FindString(aFlags,'CKF_USER_PIN_LOCKED',True) >= 0) then
      begin
        Memo1.Lines.Add('The token is locked.');
      end;
    if (CkJsonArray_FindString(aFlags,'CKF_RNG',True) >= 0) then
      begin
        Memo1.Lines.Add('The token has a random number generator.');
      end;
    // ...
    CkJsonArray_Dispose(aFlags);

    // To iterate over all flags..
    j := 0;
    count_j := CkJsonObject_SizeOfArray(json,'slot[i].token.flags');
    while j < count_j do
      begin
        CkJsonObject_putJ(json,j);
        tokenFlag := CkJsonObject__stringOf(json,'slot[i].token.flags[j]');
        j := j + 1;
      end;

    j := 0;
    count_j := CkJsonObject_SizeOfArray(json,'slot[i].token.mechanism');
    while j < count_j do
      begin
        CkJsonObject_putJ(json,j);
        strVal := CkJsonObject__stringOf(json,'slot[i].token.mechanism[j]');
        j := j + 1;
      end;

    i := i + 1;
  end;

CkPkcs11_Dispose(pkcs11);
CkJsonObject_Dispose(json);

end;