Sample code for 30+ languages & platforms
AutoIt

PKCS11 Get Token Info

See more PKCS11 Examples

Example showing how to discover the readers (slots) and smart cards and tokens available through a vendor's PKCS11 Cryptoki module, and get token information for each.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

$oPkcs11 = ObjCreate("Chilkat.Pkcs11")

; Specify the vendor's Cryptoki module DLL / shared lib.
; The following PKCS11 driver DLL is for the WatchData ProxKey USB token. 
; You would use your smartcard/token vendor's PKCS11 driver DLL.
$oPkcs11.SharedLibPath = "SignatureP11.dll"

$bSuccess = $oPkcs11.Initialize()
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    Exit
EndIf

; Call Discover to discover what's available.
; Indicate that we only want to return slots (readers) where tokens (or smart cards) are present.
Local $bOnlyTokensPresent = True
$oJson = ObjCreate("Chilkat.JsonObject")
$bSuccess = $oPkcs11.Discover($bOnlyTokensPresent,$oJson)
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    Exit
EndIf

$oJson.EmitCompact = False
ConsoleWrite($oJson.Emit() & @CRLF)

; Sample JSON output.
; Code for parsing this JSON is shown below..

; {
;   "cryptokiVersion": {
;     "major": 2,
;     "minor": 10
;   },
;   "manufacturerID": "WatchData",
;   "libraryDescription": "PKCS#11 cryptoki module",
;   "libraryVersion": {
;     "major": 3,
;     "minor": 10
;   },
;   "slot": [
;     {
;       "id": 16385,
;       "slotDescription": "Watchdata IC CARD Reader/Writer",
;       "manufacturerID": "Watchdata",
;       "tokenPresent": true,
;       "removableDevice": true,
;       "hardwareSlot": true,
;       "hardwareVersion": {
;         "major": 1,
;         "minor": 0
;       },
;       "firmwareVersion": {
;         "major": 1,
;         "minor": 0
;       },
;       "token": {
;         "label": "WD PROXKey",
;         "manufacturerID": "Watchdata Corp.",
;         "model": "TimeCos/PK",
;         "serialNumber": "WD05376504",
;         "flags": [
;           "CKF_RNG",
;           "CKF_LOGIN_REQUIRED",
;           "CKF_USER_PIN_INITIALIZED",
;           "CKF_DUAL_CRYPTO_OPERATIONS",
;           "CKF_TOKEN_INITIALIZED"
;         ],
;         "maxSessionCount": 0,
;         "sessionCount": 0,
;         "maxRwSessionCount": 0,
;         "rwSessionCount": 0,
;         "maxPinLen": 32,
;         "minPinLen": 6,
;         "totalPublicMemory": 61440,
;         "freePublicMemory": 70144,
;         "totalPrivateMemory": 61440,
;         "freePrivateMemory": 70144,
;         "hardwareVersion": {
;           "major": 2,
;           "minor": 1
;         },
;         "firmwareVersion": {
;           "major": 0,
;           "minor": 0
;         },
;         "utcTime": "2024011509254600",
;         "mechanism": [
;           "CKM_RSA_PKCS_KEY_PAIR_GEN",
;           "CKM_EC_KEY_PAIR_GEN",
;           "CKM_DES_KEY_GEN",
;           "80000001",
;           "8000000B",
;           "CKM_AES_KEY_GEN",
;           "CKM_DES2_KEY_GEN",
;           "CKM_DES3_KEY_GEN",
;           "CKM_RSA_PKCS",
;           "CKM_RSA_X_509",
;           "CKM_ECDSA",
;           "CKM_ECDSA_SHA1",
;           "CKM_MD2_RSA_PKCS",
;           "CKM_MD5_RSA_PKCS",
;           "CKM_SHA1_RSA_PKCS",
;           "CKM_SHA256_RSA_PKCS",
;           "CKM_DES_ECB",
;           "CKM_DES_CBC",
;           "CKM_DES_CBC_PAD",
;           "80000002",
;           "CKM_CPK_ECDSA",
;           "CKM_CPK_ECDSA_SHA1",
;           "8000000C",
;           "8000000D",
;           "8000000E",
;           "CKM_AES_ECB",
;           "CKM_AES_CBC",
;           "CKM_AES_CBC_PAD",
;           "CKM_DES3_ECB",
;           "CKM_DES3_CBC",
;           "CKM_DES3_CBC_PAD",
;           "CKM_SHA_1",
;           "CKM_SHA_1_HMAC",
;           "CKM_SHA_1_HMAC_GENERAL",
;           "CKM_SHA256",
;           "CKM_SHA256_HMAC",
;           "CKM_SHA256_HMAC_GENERAL",
;           "CKM_MD2",
;           "CKM_MD2_HMAC",
;           "CKM_MD2_HMAC_GENERAL",
;           "CKM_MD5",
;           "CKM_MD5_HMAC",
;           "CKM_MD5_HMAC_GENERAL",
;           "CKM_SSL3_PRE_MASTER_KEY_GEN",
;           "CKM_SSL3_MASTER_KEY_DERIVE",
;           "CKM_SSL3_KEY_AND_MAC_DERIVE",
;           "CKM_SSL3_MD5_MAC",
;           "CKM_SSL3_SHA1_MAC"
;         ],
;         "rsa": {
;           "minKeySize": 1024,
;           "maxKeySize": 4096
;         }
;       }
;     }
;   ]
; }

; Use this online tool to generate parsing code from sample JSON: 
; Generate Parsing Code from JSON

Local $id
Local $slotDescription
Local $bTokenPresent
Local $bRemovableDevice
Local $bHardwareSlot
Local $iHardwareVersionMajor
Local $iHardwareVersionMinor
Local $iFirmwareVersionMajor
Local $iFirmwareVersionMinor
Local $sTokenLabel
Local $sTokenManufacturerID
Local $sTokenModel
Local $sTokenSerialNumber
Local $iTokenMaxSessionCount
Local $iTokenSessionCount
Local $iTokenMaxRwSessionCount
Local $iTokenRwSessionCount
Local $iTokenMaxPinLen
Local $iTokenMinPinLen
Local $iTokenTotalPublicMemory
Local $iTokenFreePublicMemory
Local $iTokenTotalPrivateMemory
Local $iTokenFreePrivateMemory
Local $iTokenHardwareVersionMajor
Local $iTokenHardwareVersionMinor
Local $iTokenFirmwareVersionMajor
Local $iTokenFirmwareVersionMinor
Local $sTokenUtcTime
Local $iTokenRsaMinKeySize
Local $iTokenRsaMaxKeySize
Local $iJ
Local $iCount_j
Local $strVal
Local $sTokenFlag

; Use this online tool to generate parsing code from sample JSON: 
; Generate Parsing Code from JSON

Local $iCryptokiVersionMajor = $oJson.IntOf("cryptokiVersion.major")
Local $iCryptokiVersionMinor = $oJson.IntOf("cryptokiVersion.minor")
Local $sManufacturerID = $oJson.StringOf("manufacturerID")
Local $sLibraryDescription = $oJson.StringOf("libraryDescription")
Local $iLibraryVersionMajor = $oJson.IntOf("libraryVersion.major")
Local $iLibraryVersionMinor = $oJson.IntOf("libraryVersion.minor")
Local $i = 0
Local $iCount_i = $oJson.SizeOfArray("slot")
While $i < $iCount_i
    $oJson.I = $i
    $id = $oJson.IntOf("slot[i].id")
    $slotDescription = $oJson.StringOf("slot[i].slotDescription")
    $sManufacturerID = $oJson.StringOf("slot[i].manufacturerID")
    $bTokenPresent = $oJson.BoolOf("slot[i].tokenPresent")
    $bRemovableDevice = $oJson.BoolOf("slot[i].removableDevice")
    $bHardwareSlot = $oJson.BoolOf("slot[i].hardwareSlot")
    $iHardwareVersionMajor = $oJson.IntOf("slot[i].hardwareVersion.major")
    $iHardwareVersionMinor = $oJson.IntOf("slot[i].hardwareVersion.minor")
    $iFirmwareVersionMajor = $oJson.IntOf("slot[i].firmwareVersion.major")
    $iFirmwareVersionMinor = $oJson.IntOf("slot[i].firmwareVersion.minor")
    $sTokenLabel = $oJson.StringOf("slot[i].token.label")
    $sTokenManufacturerID = $oJson.StringOf("slot[i].token.manufacturerID")
    $sTokenModel = $oJson.StringOf("slot[i].token.model")
    $sTokenSerialNumber = $oJson.StringOf("slot[i].token.serialNumber")
    $iTokenMaxSessionCount = $oJson.IntOf("slot[i].token.maxSessionCount")
    $iTokenSessionCount = $oJson.IntOf("slot[i].token.sessionCount")
    $iTokenMaxRwSessionCount = $oJson.IntOf("slot[i].token.maxRwSessionCount")
    $iTokenRwSessionCount = $oJson.IntOf("slot[i].token.rwSessionCount")
    $iTokenMaxPinLen = $oJson.IntOf("slot[i].token.maxPinLen")
    $iTokenMinPinLen = $oJson.IntOf("slot[i].token.minPinLen")
    $iTokenTotalPublicMemory = $oJson.IntOf("slot[i].token.totalPublicMemory")
    $iTokenFreePublicMemory = $oJson.IntOf("slot[i].token.freePublicMemory")
    $iTokenTotalPrivateMemory = $oJson.IntOf("slot[i].token.totalPrivateMemory")
    $iTokenFreePrivateMemory = $oJson.IntOf("slot[i].token.freePrivateMemory")
    $iTokenHardwareVersionMajor = $oJson.IntOf("slot[i].token.hardwareVersion.major")
    $iTokenHardwareVersionMinor = $oJson.IntOf("slot[i].token.hardwareVersion.minor")
    $iTokenFirmwareVersionMajor = $oJson.IntOf("slot[i].token.firmwareVersion.major")
    $iTokenFirmwareVersionMinor = $oJson.IntOf("slot[i].token.firmwareVersion.minor")
    $sTokenUtcTime = $oJson.StringOf("slot[i].token.utcTime")
    $iTokenRsaMinKeySize = $oJson.IntOf("slot[i].token.rsa.minKeySize")
    $iTokenRsaMaxKeySize = $oJson.IntOf("slot[i].token.rsa.maxKeySize")

    ; The following token flag strings are possible:

    ; CKF_RNG: has random # generator

    ; CKF_WRITE_PROTECTED: token is write-protected

    ; CKF_LOGIN_REQUIRED:user must login

    ; CKF_USER_PIN_INITIALIZED:normal user's PIN is set

    ; CKF_RESTORE_KEY_NOT_NEEDED: Every time the state of cryptographic operations of a session is
    ;    successfully saved, all keys needed to continue those operations are stored in the state

    ; CKF_CLOCK_ON_TOKEN: The token has some sort of clock.  The time on the clock is returned in the slot[i].token.utcTime

    ; CKF_PROTECTED_AUTHENTICATION_PATH: There is some way for the user to login without sending a PIN through the Cryptoki library itself

    ; CKF_DUAL_CRYPTO_OPERATIONS: A single session with the token can perform dual simultaneous cryptographic operations
    ;    (digest and encrypt; decrypt and digest; sign and encrypt; and decrypt and sign)

    ; CKF_TOKEN_INITIALIZED: The token has been initialized.

    ; CKF_SECONDARY_AUTHENTICATION: The token supports secondary authentication for private key objects.

    ; CKF_USER_PIN_COUNT_LOW: An incorrect user login PIN has been entered at least once since the last successful authentication.

    ; CKF_USER_PIN_FINAL_TRY: Supplying an incorrect user PIN will it to become locked.

    ; CKF_USER_PIN_LOCKED: The user PIN has been locked. User login to the token is not possible.

    ; CKF_USER_PIN_TO_BE_CHANGED: The user PIN value is the default value set by token initialization or manufacturing,
    ;    or the PIN has been expired by the card.

    ; CKF_SO_PIN_COUNT_LOW: An incorrect SO login PIN has been entered at least once since the last successful authentication.

    ; CKF_SO_PIN_FINAL_TRY: Supplying an incorrect SO PIN will it to become locked.

    ; CKF_SO_PIN_LOCKED: The SO PIN has been locked. SO login to the token is not possible.

    ; CKF_SO_PIN_TO_BE_CHANGED: The SO PIN value is the default value set by token initialization or manufacturing,
    ;    or the PIN has been expired by the card.

    ; To see if particular flags are present:
Local $oAFlags = $oJson.ArrayOf("slot[i].token.flags")
    If ($oAFlags.FindString("CKF_USER_PIN_LOCKED",True) >= 0) Then
        ConsoleWrite("The token is locked." & @CRLF)
    EndIf

    If ($oAFlags.FindString("CKF_RNG",True) >= 0) Then
        ConsoleWrite("The token has a random number generator." & @CRLF)
    EndIf

    ; ...

    ; To iterate over all flags..
    $iJ = 0
    $iCount_j = $oJson.SizeOfArray("slot[i].token.flags")
    While $iJ < $iCount_j
        $oJson.J = $iJ
        $sTokenFlag = $oJson.StringOf("slot[i].token.flags[j]")
        $iJ = $iJ + 1
    Wend

    $iJ = 0
    $iCount_j = $oJson.SizeOfArray("slot[i].token.mechanism")
    While $iJ < $iCount_j
        $oJson.J = $iJ
        $strVal = $oJson.StringOf("slot[i].token.mechanism[j]")
        $iJ = $iJ + 1
    Wend
    $i = $i + 1
Wend