Sample code for 30+ languages & platforms
Unicode C

PKCS11 Get Token Info

See more PKCS11 Examples

Example showing how to discover the readers (slots) and smart cards and tokens available through a vendor's PKCS11 Cryptoki module, and get token information for each.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkPkcs11W.h>
#include <C_CkJsonObjectW.h>
#include <C_CkJsonArrayW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkPkcs11W pkcs11;
    BOOL onlyTokensPresent;
    HCkJsonObjectW json;
    int id;
    const wchar_t *slotDescription;
    BOOL tokenPresent;
    BOOL removableDevice;
    BOOL hardwareSlot;
    int hardwareVersionMajor;
    int hardwareVersionMinor;
    int firmwareVersionMajor;
    int firmwareVersionMinor;
    const wchar_t *tokenLabel;
    const wchar_t *tokenManufacturerID;
    const wchar_t *tokenModel;
    const wchar_t *tokenSerialNumber;
    int tokenMaxSessionCount;
    int tokenSessionCount;
    int tokenMaxRwSessionCount;
    int tokenRwSessionCount;
    int tokenMaxPinLen;
    int tokenMinPinLen;
    int tokenTotalPublicMemory;
    int tokenFreePublicMemory;
    int tokenTotalPrivateMemory;
    int tokenFreePrivateMemory;
    int tokenHardwareVersionMajor;
    int tokenHardwareVersionMinor;
    int tokenFirmwareVersionMajor;
    int tokenFirmwareVersionMinor;
    const wchar_t *tokenUtcTime;
    int tokenRsaMinKeySize;
    int tokenRsaMaxKeySize;
    int j;
    int count_j;
    const wchar_t *strVal;
    const wchar_t *tokenFlag;
    int cryptokiVersionMajor;
    int cryptokiVersionMinor;
    const wchar_t *manufacturerID;
    const wchar_t *libraryDescription;
    int libraryVersionMajor;
    int libraryVersionMinor;
    int i;
    int count_i;
    HCkJsonArrayW aFlags;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

    pkcs11 = CkPkcs11W_Create();

    // Specify the vendor's Cryptoki module DLL / shared lib.
    // The following PKCS11 driver DLL is for the WatchData ProxKey USB token. 
    // You would use your smartcard/token vendor's PKCS11 driver DLL.
    CkPkcs11W_putSharedLibPath(pkcs11,L"SignatureP11.dll");

    success = CkPkcs11W_Initialize(pkcs11);
    if (success == FALSE) {
        wprintf(L"%s\n",CkPkcs11W_lastErrorText(pkcs11));
        CkPkcs11W_Dispose(pkcs11);
        return;
    }

    // Call Discover to discover what's available.
    // Indicate that we only want to return slots (readers) where tokens (or smart cards) are present.
    onlyTokensPresent = TRUE;
    json = CkJsonObjectW_Create();
    success = CkPkcs11W_Discover(pkcs11,onlyTokensPresent,json);
    if (success == FALSE) {
        wprintf(L"%s\n",CkPkcs11W_lastErrorText(pkcs11));
        CkPkcs11W_Dispose(pkcs11);
        CkJsonObjectW_Dispose(json);
        return;
    }

    CkJsonObjectW_putEmitCompact(json,FALSE);
    wprintf(L"%s\n",CkJsonObjectW_emit(json));

    // Sample JSON output.
    // Code for parsing this JSON is shown below..

    // {
    //   "cryptokiVersion": {
    //     "major": 2,
    //     "minor": 10
    //   },
    //   "manufacturerID": "WatchData",
    //   "libraryDescription": "PKCS#11 cryptoki module",
    //   "libraryVersion": {
    //     "major": 3,
    //     "minor": 10
    //   },
    //   "slot": [
    //     {
    //       "id": 16385,
    //       "slotDescription": "Watchdata IC CARD Reader/Writer",
    //       "manufacturerID": "Watchdata",
    //       "tokenPresent": true,
    //       "removableDevice": true,
    //       "hardwareSlot": true,
    //       "hardwareVersion": {
    //         "major": 1,
    //         "minor": 0
    //       },
    //       "firmwareVersion": {
    //         "major": 1,
    //         "minor": 0
    //       },
    //       "token": {
    //         "label": "WD PROXKey",
    //         "manufacturerID": "Watchdata Corp.",
    //         "model": "TimeCos/PK",
    //         "serialNumber": "WD05376504",
    //         "flags": [
    //           "CKF_RNG",
    //           "CKF_LOGIN_REQUIRED",
    //           "CKF_USER_PIN_INITIALIZED",
    //           "CKF_DUAL_CRYPTO_OPERATIONS",
    //           "CKF_TOKEN_INITIALIZED"
    //         ],
    //         "maxSessionCount": 0,
    //         "sessionCount": 0,
    //         "maxRwSessionCount": 0,
    //         "rwSessionCount": 0,
    //         "maxPinLen": 32,
    //         "minPinLen": 6,
    //         "totalPublicMemory": 61440,
    //         "freePublicMemory": 70144,
    //         "totalPrivateMemory": 61440,
    //         "freePrivateMemory": 70144,
    //         "hardwareVersion": {
    //           "major": 2,
    //           "minor": 1
    //         },
    //         "firmwareVersion": {
    //           "major": 0,
    //           "minor": 0
    //         },
    //         "utcTime": "2024011509254600",
    //         "mechanism": [
    //           "CKM_RSA_PKCS_KEY_PAIR_GEN",
    //           "CKM_EC_KEY_PAIR_GEN",
    //           "CKM_DES_KEY_GEN",
    //           "80000001",
    //           "8000000B",
    //           "CKM_AES_KEY_GEN",
    //           "CKM_DES2_KEY_GEN",
    //           "CKM_DES3_KEY_GEN",
    //           "CKM_RSA_PKCS",
    //           "CKM_RSA_X_509",
    //           "CKM_ECDSA",
    //           "CKM_ECDSA_SHA1",
    //           "CKM_MD2_RSA_PKCS",
    //           "CKM_MD5_RSA_PKCS",
    //           "CKM_SHA1_RSA_PKCS",
    //           "CKM_SHA256_RSA_PKCS",
    //           "CKM_DES_ECB",
    //           "CKM_DES_CBC",
    //           "CKM_DES_CBC_PAD",
    //           "80000002",
    //           "CKM_CPK_ECDSA",
    //           "CKM_CPK_ECDSA_SHA1",
    //           "8000000C",
    //           "8000000D",
    //           "8000000E",
    //           "CKM_AES_ECB",
    //           "CKM_AES_CBC",
    //           "CKM_AES_CBC_PAD",
    //           "CKM_DES3_ECB",
    //           "CKM_DES3_CBC",
    //           "CKM_DES3_CBC_PAD",
    //           "CKM_SHA_1",
    //           "CKM_SHA_1_HMAC",
    //           "CKM_SHA_1_HMAC_GENERAL",
    //           "CKM_SHA256",
    //           "CKM_SHA256_HMAC",
    //           "CKM_SHA256_HMAC_GENERAL",
    //           "CKM_MD2",
    //           "CKM_MD2_HMAC",
    //           "CKM_MD2_HMAC_GENERAL",
    //           "CKM_MD5",
    //           "CKM_MD5_HMAC",
    //           "CKM_MD5_HMAC_GENERAL",
    //           "CKM_SSL3_PRE_MASTER_KEY_GEN",
    //           "CKM_SSL3_MASTER_KEY_DERIVE",
    //           "CKM_SSL3_KEY_AND_MAC_DERIVE",
    //           "CKM_SSL3_MD5_MAC",
    //           "CKM_SSL3_SHA1_MAC"
    //         ],
    //         "rsa": {
    //           "minKeySize": 1024,
    //           "maxKeySize": 4096
    //         }
    //       }
    //     }
    //   ]
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    // Chilkat functions returning "const char *" return a pointer to temporary internal memory owned and managed by Chilkat.
    // See this example explaining how this memory should be used: const char * functions.

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    cryptokiVersionMajor = CkJsonObjectW_IntOf(json,L"cryptokiVersion.major");
    cryptokiVersionMinor = CkJsonObjectW_IntOf(json,L"cryptokiVersion.minor");
    manufacturerID = CkJsonObjectW_stringOf(json,L"manufacturerID");
    libraryDescription = CkJsonObjectW_stringOf(json,L"libraryDescription");
    libraryVersionMajor = CkJsonObjectW_IntOf(json,L"libraryVersion.major");
    libraryVersionMinor = CkJsonObjectW_IntOf(json,L"libraryVersion.minor");
    i = 0;
    count_i = CkJsonObjectW_SizeOfArray(json,L"slot");
    while (i < count_i) {
        CkJsonObjectW_putI(json,i);
        id = CkJsonObjectW_IntOf(json,L"slot[i].id");
        slotDescription = CkJsonObjectW_stringOf(json,L"slot[i].slotDescription");
        manufacturerID = CkJsonObjectW_stringOf(json,L"slot[i].manufacturerID");
        tokenPresent = CkJsonObjectW_BoolOf(json,L"slot[i].tokenPresent");
        removableDevice = CkJsonObjectW_BoolOf(json,L"slot[i].removableDevice");
        hardwareSlot = CkJsonObjectW_BoolOf(json,L"slot[i].hardwareSlot");
        hardwareVersionMajor = CkJsonObjectW_IntOf(json,L"slot[i].hardwareVersion.major");
        hardwareVersionMinor = CkJsonObjectW_IntOf(json,L"slot[i].hardwareVersion.minor");
        firmwareVersionMajor = CkJsonObjectW_IntOf(json,L"slot[i].firmwareVersion.major");
        firmwareVersionMinor = CkJsonObjectW_IntOf(json,L"slot[i].firmwareVersion.minor");
        tokenLabel = CkJsonObjectW_stringOf(json,L"slot[i].token.label");
        tokenManufacturerID = CkJsonObjectW_stringOf(json,L"slot[i].token.manufacturerID");
        tokenModel = CkJsonObjectW_stringOf(json,L"slot[i].token.model");
        tokenSerialNumber = CkJsonObjectW_stringOf(json,L"slot[i].token.serialNumber");
        tokenMaxSessionCount = CkJsonObjectW_IntOf(json,L"slot[i].token.maxSessionCount");
        tokenSessionCount = CkJsonObjectW_IntOf(json,L"slot[i].token.sessionCount");
        tokenMaxRwSessionCount = CkJsonObjectW_IntOf(json,L"slot[i].token.maxRwSessionCount");
        tokenRwSessionCount = CkJsonObjectW_IntOf(json,L"slot[i].token.rwSessionCount");
        tokenMaxPinLen = CkJsonObjectW_IntOf(json,L"slot[i].token.maxPinLen");
        tokenMinPinLen = CkJsonObjectW_IntOf(json,L"slot[i].token.minPinLen");
        tokenTotalPublicMemory = CkJsonObjectW_IntOf(json,L"slot[i].token.totalPublicMemory");
        tokenFreePublicMemory = CkJsonObjectW_IntOf(json,L"slot[i].token.freePublicMemory");
        tokenTotalPrivateMemory = CkJsonObjectW_IntOf(json,L"slot[i].token.totalPrivateMemory");
        tokenFreePrivateMemory = CkJsonObjectW_IntOf(json,L"slot[i].token.freePrivateMemory");
        tokenHardwareVersionMajor = CkJsonObjectW_IntOf(json,L"slot[i].token.hardwareVersion.major");
        tokenHardwareVersionMinor = CkJsonObjectW_IntOf(json,L"slot[i].token.hardwareVersion.minor");
        tokenFirmwareVersionMajor = CkJsonObjectW_IntOf(json,L"slot[i].token.firmwareVersion.major");
        tokenFirmwareVersionMinor = CkJsonObjectW_IntOf(json,L"slot[i].token.firmwareVersion.minor");
        tokenUtcTime = CkJsonObjectW_stringOf(json,L"slot[i].token.utcTime");
        tokenRsaMinKeySize = CkJsonObjectW_IntOf(json,L"slot[i].token.rsa.minKeySize");
        tokenRsaMaxKeySize = CkJsonObjectW_IntOf(json,L"slot[i].token.rsa.maxKeySize");

        // The following token flag strings are possible:

        // CKF_RNG: has random # generator

        // CKF_WRITE_PROTECTED: token is write-protected

        // CKF_LOGIN_REQUIRED:user must login

        // CKF_USER_PIN_INITIALIZED:normal user's PIN is set

        // CKF_RESTORE_KEY_NOT_NEEDED: Every time the state of cryptographic operations of a session is
        //    successfully saved, all keys needed to continue those operations are stored in the state

        // CKF_CLOCK_ON_TOKEN: The token has some sort of clock.  The time on the clock is returned in the slot[i].token.utcTime

        // CKF_PROTECTED_AUTHENTICATION_PATH: There is some way for the user to login without sending a PIN through the Cryptoki library itself

        // CKF_DUAL_CRYPTO_OPERATIONS: A single session with the token can perform dual simultaneous cryptographic operations
        //    (digest and encrypt; decrypt and digest; sign and encrypt; and decrypt and sign)

        // CKF_TOKEN_INITIALIZED: The token has been initialized.

        // CKF_SECONDARY_AUTHENTICATION: The token supports secondary authentication for private key objects.

        // CKF_USER_PIN_COUNT_LOW: An incorrect user login PIN has been entered at least once since the last successful authentication.

        // CKF_USER_PIN_FINAL_TRY: Supplying an incorrect user PIN will it to become locked.

        // CKF_USER_PIN_LOCKED: The user PIN has been locked. User login to the token is not possible.

        // CKF_USER_PIN_TO_BE_CHANGED: The user PIN value is the default value set by token initialization or manufacturing,
        //    or the PIN has been expired by the card.

        // CKF_SO_PIN_COUNT_LOW: An incorrect SO login PIN has been entered at least once since the last successful authentication.

        // CKF_SO_PIN_FINAL_TRY: Supplying an incorrect SO PIN will it to become locked.

        // CKF_SO_PIN_LOCKED: The SO PIN has been locked. SO login to the token is not possible.

        // CKF_SO_PIN_TO_BE_CHANGED: The SO PIN value is the default value set by token initialization or manufacturing,
        //    or the PIN has been expired by the card.

        // To see if particular flags are present:
        aFlags = CkJsonObjectW_ArrayOf(json,L"slot[i].token.flags");
        if (CkJsonArrayW_FindString(aFlags,L"CKF_USER_PIN_LOCKED",TRUE) >= 0) {
            wprintf(L"The token is locked.\n");
        }

        if (CkJsonArrayW_FindString(aFlags,L"CKF_RNG",TRUE) >= 0) {
            wprintf(L"The token has a random number generator.\n");
        }

        // ...
        CkJsonArrayW_Dispose(aFlags);

        // To iterate over all flags..
        j = 0;
        count_j = CkJsonObjectW_SizeOfArray(json,L"slot[i].token.flags");
        while (j < count_j) {
            CkJsonObjectW_putJ(json,j);
            tokenFlag = CkJsonObjectW_stringOf(json,L"slot[i].token.flags[j]");
            j = j + 1;
        }

        j = 0;
        count_j = CkJsonObjectW_SizeOfArray(json,L"slot[i].token.mechanism");
        while (j < count_j) {
            CkJsonObjectW_putJ(json,j);
            strVal = CkJsonObjectW_stringOf(json,L"slot[i].token.mechanism[j]");
            j = j + 1;
        }

        i = i + 1;
    }



    CkPkcs11W_Dispose(pkcs11);
    CkJsonObjectW_Dispose(json);

    }