API Reference p11ex v#0.1.1
Modules
This module provides functions to encode and decode elliptic curve parameters.
Handles conversion between PKCS#11 flags (CK_FLAGS) and MapSets of atoms.
This module contains the core functionality for the P11ex
library and provides
the low-level API for interacting with PKCS#11 modules. In general, you should not
use this module directly. Instead, use the higher-level P11ex.Module
and P11ex.Session
modules instead.
Represents a reference to a dynamically loaded PKCS#11 module.
This module defines sets of attributes for PKCS#11 objects.
Represents a PKCS#11 object. This can be a key, a certificate, a secret key, etc. Note
that the object handle may be only valid in the context of the session that created it.
For example, a session key (:cka_token
is false
) is only visible and usable within the
context of the session that generates it. Other handles may be visible and usable over multiple
sessions, such as handles to token objects.
Represents a PKCS#11 session. A session is used to interact with a token.
Represents a PKCS#11 slot. A slot can contain a token (e.g. a smart card) or a token emulator (e.g. a software token).
A module is a GenServer
that manages a PKCS#11 module and its loading state. A PKCS#11 module is a
shared library that implements a PKCS#11 provider. A module should be loaded only once per application
or beam virtual machine. That is, you should only create one instance of P11ex.Module
in your application
and add it to your supervision tree. Operations on the module should be performed through the GenServer
callbacks so that they are serialized.
This module is a GenServer
that manages a PKCS#11 session. A session is used
to interact with a token, e.g. generate keys, encrypt data, decrypt data, etc. Sessions
are created by the P11ex.Module
module using the open_session/3
function. Depending on
the type of token multiple for the same token can be opened in parallel (e.g. if the token is
a network HSM). One session can only be used in a serialised way, i.e. only one operation can be
performed at a time. Additionally, sessions have a state. This state can be non-persistent keys associated
with the session or the state of an encryption or decryption operation.