Sample code for 30+ languages & platforms
Swift

PKCS11 Get Token Info

See more PKCS11 Examples

Example showing how to discover the readers (slots) and smart cards and tokens available through a vendor's PKCS11 Cryptoki module, and get token information for each.

Chilkat Swift Downloads

Swift

func chilkatTest() {
    var success: Bool = false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

    let pkcs11 = CkoPkcs11()!

    // Specify the vendor's Cryptoki module DLL / shared lib.
    // The following PKCS11 driver DLL is for the WatchData ProxKey USB token. 
    // You would use your smartcard/token vendor's PKCS11 driver DLL.
    pkcs11.sharedLibPath = "SignatureP11.dll"

    success = pkcs11.initialize()
    if success == false {
        print("\(pkcs11.lastErrorText!)")
        return
    }

    // Call Discover to discover what's available.
    // Indicate that we only want to return slots (readers) where tokens (or smart cards) are present.
    var onlyTokensPresent: Bool = true
    let json = CkoJsonObject()!
    success = pkcs11.discover(onlyTokensPresent: onlyTokensPresent, json: json)
    if success == false {
        print("\(pkcs11.lastErrorText!)")
        return
    }

    json.emitCompact = false
    print("\(json.emit()!)")

    // Sample JSON output.
    // Code for parsing this JSON is shown below..

    // {
    //   "cryptokiVersion": {
    //     "major": 2,
    //     "minor": 10
    //   },
    //   "manufacturerID": "WatchData",
    //   "libraryDescription": "PKCS#11 cryptoki module",
    //   "libraryVersion": {
    //     "major": 3,
    //     "minor": 10
    //   },
    //   "slot": [
    //     {
    //       "id": 16385,
    //       "slotDescription": "Watchdata IC CARD Reader/Writer",
    //       "manufacturerID": "Watchdata",
    //       "tokenPresent": true,
    //       "removableDevice": true,
    //       "hardwareSlot": true,
    //       "hardwareVersion": {
    //         "major": 1,
    //         "minor": 0
    //       },
    //       "firmwareVersion": {
    //         "major": 1,
    //         "minor": 0
    //       },
    //       "token": {
    //         "label": "WD PROXKey",
    //         "manufacturerID": "Watchdata Corp.",
    //         "model": "TimeCos/PK",
    //         "serialNumber": "WD05376504",
    //         "flags": [
    //           "CKF_RNG",
    //           "CKF_LOGIN_REQUIRED",
    //           "CKF_USER_PIN_INITIALIZED",
    //           "CKF_DUAL_CRYPTO_OPERATIONS",
    //           "CKF_TOKEN_INITIALIZED"
    //         ],
    //         "maxSessionCount": 0,
    //         "sessionCount": 0,
    //         "maxRwSessionCount": 0,
    //         "rwSessionCount": 0,
    //         "maxPinLen": 32,
    //         "minPinLen": 6,
    //         "totalPublicMemory": 61440,
    //         "freePublicMemory": 70144,
    //         "totalPrivateMemory": 61440,
    //         "freePrivateMemory": 70144,
    //         "hardwareVersion": {
    //           "major": 2,
    //           "minor": 1
    //         },
    //         "firmwareVersion": {
    //           "major": 0,
    //           "minor": 0
    //         },
    //         "utcTime": "2024011509254600",
    //         "mechanism": [
    //           "CKM_RSA_PKCS_KEY_PAIR_GEN",
    //           "CKM_EC_KEY_PAIR_GEN",
    //           "CKM_DES_KEY_GEN",
    //           "80000001",
    //           "8000000B",
    //           "CKM_AES_KEY_GEN",
    //           "CKM_DES2_KEY_GEN",
    //           "CKM_DES3_KEY_GEN",
    //           "CKM_RSA_PKCS",
    //           "CKM_RSA_X_509",
    //           "CKM_ECDSA",
    //           "CKM_ECDSA_SHA1",
    //           "CKM_MD2_RSA_PKCS",
    //           "CKM_MD5_RSA_PKCS",
    //           "CKM_SHA1_RSA_PKCS",
    //           "CKM_SHA256_RSA_PKCS",
    //           "CKM_DES_ECB",
    //           "CKM_DES_CBC",
    //           "CKM_DES_CBC_PAD",
    //           "80000002",
    //           "CKM_CPK_ECDSA",
    //           "CKM_CPK_ECDSA_SHA1",
    //           "8000000C",
    //           "8000000D",
    //           "8000000E",
    //           "CKM_AES_ECB",
    //           "CKM_AES_CBC",
    //           "CKM_AES_CBC_PAD",
    //           "CKM_DES3_ECB",
    //           "CKM_DES3_CBC",
    //           "CKM_DES3_CBC_PAD",
    //           "CKM_SHA_1",
    //           "CKM_SHA_1_HMAC",
    //           "CKM_SHA_1_HMAC_GENERAL",
    //           "CKM_SHA256",
    //           "CKM_SHA256_HMAC",
    //           "CKM_SHA256_HMAC_GENERAL",
    //           "CKM_MD2",
    //           "CKM_MD2_HMAC",
    //           "CKM_MD2_HMAC_GENERAL",
    //           "CKM_MD5",
    //           "CKM_MD5_HMAC",
    //           "CKM_MD5_HMAC_GENERAL",
    //           "CKM_SSL3_PRE_MASTER_KEY_GEN",
    //           "CKM_SSL3_MASTER_KEY_DERIVE",
    //           "CKM_SSL3_KEY_AND_MAC_DERIVE",
    //           "CKM_SSL3_MD5_MAC",
    //           "CKM_SSL3_SHA1_MAC"
    //         ],
    //         "rsa": {
    //           "minKeySize": 1024,
    //           "maxKeySize": 4096
    //         }
    //       }
    //     }
    //   ]
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    var id: Int
    var slotDescription: String?
    var tokenPresent: Bool
    var removableDevice: Bool
    var hardwareSlot: Bool
    var hardwareVersionMajor: Int
    var hardwareVersionMinor: Int
    var firmwareVersionMajor: Int
    var firmwareVersionMinor: Int
    var tokenLabel: String?
    var tokenManufacturerID: String?
    var tokenModel: String?
    var tokenSerialNumber: String?
    var tokenMaxSessionCount: Int
    var tokenSessionCount: Int
    var tokenMaxRwSessionCount: Int
    var tokenRwSessionCount: Int
    var tokenMaxPinLen: Int
    var tokenMinPinLen: Int
    var tokenTotalPublicMemory: Int
    var tokenFreePublicMemory: Int
    var tokenTotalPrivateMemory: Int
    var tokenFreePrivateMemory: Int
    var tokenHardwareVersionMajor: Int
    var tokenHardwareVersionMinor: Int
    var tokenFirmwareVersionMajor: Int
    var tokenFirmwareVersionMinor: Int
    var tokenUtcTime: String?
    var tokenRsaMinKeySize: Int
    var tokenRsaMaxKeySize: Int
    var j: Int
    var count_j: Int
    var strVal: String?
    var tokenFlag: String?

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    var cryptokiVersionMajor: Int = json.int(of: "cryptokiVersion.major").intValue
    var cryptokiVersionMinor: Int = json.int(of: "cryptokiVersion.minor").intValue
    var manufacturerID: String? = json.string(of: "manufacturerID")
    var libraryDescription: String? = json.string(of: "libraryDescription")
    var libraryVersionMajor: Int = json.int(of: "libraryVersion.major").intValue
    var libraryVersionMinor: Int = json.int(of: "libraryVersion.minor").intValue
    var i: Int = 0
    var count_i: Int = json.size(ofArray: "slot").intValue
    while i < count_i {
        json.i = i
        id = json.int(of: "slot[i].id").intValue
        slotDescription = json.string(of: "slot[i].slotDescription")
        manufacturerID = json.string(of: "slot[i].manufacturerID")
        tokenPresent = json.bool(of: "slot[i].tokenPresent")
        removableDevice = json.bool(of: "slot[i].removableDevice")
        hardwareSlot = json.bool(of: "slot[i].hardwareSlot")
        hardwareVersionMajor = json.int(of: "slot[i].hardwareVersion.major").intValue
        hardwareVersionMinor = json.int(of: "slot[i].hardwareVersion.minor").intValue
        firmwareVersionMajor = json.int(of: "slot[i].firmwareVersion.major").intValue
        firmwareVersionMinor = json.int(of: "slot[i].firmwareVersion.minor").intValue
        tokenLabel = json.string(of: "slot[i].token.label")
        tokenManufacturerID = json.string(of: "slot[i].token.manufacturerID")
        tokenModel = json.string(of: "slot[i].token.model")
        tokenSerialNumber = json.string(of: "slot[i].token.serialNumber")
        tokenMaxSessionCount = json.int(of: "slot[i].token.maxSessionCount").intValue
        tokenSessionCount = json.int(of: "slot[i].token.sessionCount").intValue
        tokenMaxRwSessionCount = json.int(of: "slot[i].token.maxRwSessionCount").intValue
        tokenRwSessionCount = json.int(of: "slot[i].token.rwSessionCount").intValue
        tokenMaxPinLen = json.int(of: "slot[i].token.maxPinLen").intValue
        tokenMinPinLen = json.int(of: "slot[i].token.minPinLen").intValue
        tokenTotalPublicMemory = json.int(of: "slot[i].token.totalPublicMemory").intValue
        tokenFreePublicMemory = json.int(of: "slot[i].token.freePublicMemory").intValue
        tokenTotalPrivateMemory = json.int(of: "slot[i].token.totalPrivateMemory").intValue
        tokenFreePrivateMemory = json.int(of: "slot[i].token.freePrivateMemory").intValue
        tokenHardwareVersionMajor = json.int(of: "slot[i].token.hardwareVersion.major").intValue
        tokenHardwareVersionMinor = json.int(of: "slot[i].token.hardwareVersion.minor").intValue
        tokenFirmwareVersionMajor = json.int(of: "slot[i].token.firmwareVersion.major").intValue
        tokenFirmwareVersionMinor = json.int(of: "slot[i].token.firmwareVersion.minor").intValue
        tokenUtcTime = json.string(of: "slot[i].token.utcTime")
        tokenRsaMinKeySize = json.int(of: "slot[i].token.rsa.minKeySize").intValue
        tokenRsaMaxKeySize = json.int(of: "slot[i].token.rsa.maxKeySize").intValue

        // The following token flag strings are possible:

        // CKF_RNG: has random # generator

        // CKF_WRITE_PROTECTED: token is write-protected

        // CKF_LOGIN_REQUIRED:user must login

        // CKF_USER_PIN_INITIALIZED:normal user's PIN is set

        // CKF_RESTORE_KEY_NOT_NEEDED: Every time the state of cryptographic operations of a session is
        //    successfully saved, all keys needed to continue those operations are stored in the state

        // CKF_CLOCK_ON_TOKEN: The token has some sort of clock.  The time on the clock is returned in the slot[i].token.utcTime

        // CKF_PROTECTED_AUTHENTICATION_PATH: There is some way for the user to login without sending a PIN through the Cryptoki library itself

        // CKF_DUAL_CRYPTO_OPERATIONS: A single session with the token can perform dual simultaneous cryptographic operations
        //    (digest and encrypt; decrypt and digest; sign and encrypt; and decrypt and sign)

        // CKF_TOKEN_INITIALIZED: The token has been initialized.

        // CKF_SECONDARY_AUTHENTICATION: The token supports secondary authentication for private key objects.

        // CKF_USER_PIN_COUNT_LOW: An incorrect user login PIN has been entered at least once since the last successful authentication.

        // CKF_USER_PIN_FINAL_TRY: Supplying an incorrect user PIN will it to become locked.

        // CKF_USER_PIN_LOCKED: The user PIN has been locked. User login to the token is not possible.

        // CKF_USER_PIN_TO_BE_CHANGED: The user PIN value is the default value set by token initialization or manufacturing,
        //    or the PIN has been expired by the card.

        // CKF_SO_PIN_COUNT_LOW: An incorrect SO login PIN has been entered at least once since the last successful authentication.

        // CKF_SO_PIN_FINAL_TRY: Supplying an incorrect SO PIN will it to become locked.

        // CKF_SO_PIN_LOCKED: The SO PIN has been locked. SO login to the token is not possible.

        // CKF_SO_PIN_TO_BE_CHANGED: The SO PIN value is the default value set by token initialization or manufacturing,
        //    or the PIN has been expired by the card.

        // To see if particular flags are present:
        var aFlags: CkoJsonArray? = json.array(of: "slot[i].token.flags")
        if aFlags!.findString(value: "CKF_USER_PIN_LOCKED", caseSensitive: true).intValue >= 0 {
            print("The token is locked.")
        }

        if aFlags!.findString(value: "CKF_RNG", caseSensitive: true).intValue >= 0 {
            print("The token has a random number generator.")
        }

        // ...
        aFlags = nil

        // To iterate over all flags..
        j = 0
        count_j = json.size(ofArray: "slot[i].token.flags").intValue
        while j < count_j {
            json.j = j
            tokenFlag = json.string(of: "slot[i].token.flags[j]")
            j = j + 1
        }

        j = 0
        count_j = json.size(ofArray: "slot[i].token.mechanism").intValue
        while j < count_j {
            json.j = j
            strVal = json.string(of: "slot[i].token.mechanism[j]")
            j = j + 1
        }

        i = i + 1
    }


}