Operations
ApplyConfig
The following properties are available to control the behavior for configuration manipulation.
Property | Description | Default value | Requirement |
---|---|---|---|
Config:<section>:<entry> |
Updates the local configuration file. The |
||
ConfigLocal:<section>:<entry> |
Updates the local configuration file. The |
||
ConfigGlobal:<section>:<entry> |
Updates the global configuration file. The |
Only servers registered as allowed servers in configuration will be allowed to update the configuration. |
File system access protection, also known as Sandbox, in different web browsers may interfere with all updates. Never try to update unless your server is registered as trusted in the web browser. |
This operation will reload everything including the internal PKCS#11 library. This operation may have undesirable effects for web browsers using both the plugin and the PKCS#11 directly, since eventual open sessions will be closed. Typical problem scenario is when a SSL/TLS session is opened towards the web server manipulating the configuration. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Config:Language:Current’, ‘English’);
iid.Invoke(‘ApplyConfig’);
}
ApplyComponentConfig:<name>
The following property is available to control the behavior for configuration manipulation:
ComponentConfig:<name>:<value>
This operation will call apply configuration for extended component <name>. See documentation for the specific component for more information.
ChangePassword
The following properties are available to control the behavior for change password:
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which should change the password/PIN. |
The default value is the first available slot/token. |
optional |
Password |
Specifies the old password/PIN value. The value is a string value or a hexadecimal string prefixed with |
optional |
|
NewPassword |
Specifies the new password/PIN value. The value is a string value or a hexadecimal string prefixed with |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘0000’);
iid.SetProperty(‘NewPassword’, ‘4711’);
iid.Invoke(‘ChangePassword’);
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘0x30303030’);
iid.SetProperty(‘NewPassword’, ‘4711’);
iid.Invoke(‘ChangePassword’);
}
To change password for SO user, you will need to login with password type set to CKU_SO and then call this operation. |
CreateObject
The following properties are available to control the behavior of the object creation. In the future all types of PKCS#11 objects may be handled, but currently only data objects are handled:
Property | Description | Default value | Requirement |
---|---|---|---|
Base64 |
Specifies whether the string values given are base64 encoded. Values should always be URL encoded even after base64 encoding. |
Default value is |
optional |
CKA_APPLICATION* |
The value is a string value or a hexadecimal string prefixed with |
optional |
|
CKA_CLASS* |
The value is a string value or a hexadecimal string prefixed with |
||
CKA_LABEL* |
The value is a string value or a hexadecimal string prefixed with |
optional |
|
CKA_MODIFIABLE* |
The value is a string value or a hexadecimal string prefixed with |
optional |
|
CKA_OBJECT_ID* |
The value is a string value or a hexadecimal string prefixed with |
optional |
|
CKA_PRIVATE* |
The value is a string value or a hexadecimal string prefixed with |
optional |
|
CKA_TOKEN* |
The value is a string value or a hexadecimal string prefixed with |
optional |
|
CKA_VALUE* |
The value is a string value or a hexadecimal string prefixed with |
optional |
*) All properties starting with CKA_
are attributes specified in the PKCS#11. Check PKCS#11 documentation for details.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘CKA_CLASS’, ‘0x00000000’);
iid.SetProperty(‘CKA_TOKEN’, ‘0x01’);
iid.SetProperty(‘CKA_PRIVATE’, ‘0x00’);
iid.SetProperty(‘CKA_MODIFIABLE’, ‘0x01’);
iid.SetProperty(‘CKA_LABEL’, ‘My+Label’);
iid.SetProperty(‘CKA_VALUE’, ‘My+Value’);
if (iid.Invoke(‘CreateObject’) == 0) {
}
}
CKA_LABEL and CKA_VALUE are given URL encoded, so real string values are ‘My Label’ and ‘My Value’. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Base64’, ‘true’);
iid.SetProperty(‘CKA_CLASS’, ‘0x00000000’);
iid.SetProperty(‘CKA_TOKEN’, ‘0x01’);
iid.SetProperty(‘CKA_PRIVATE’, ‘0x00’);
iid.SetProperty(‘CKA_MODIFIABLE’, ‘0x01’);
iid.SetProperty(‘CKA_LABEL’, ‘TXkgTGFiZWw=’);
iid.SetProperty(‘CKA_VALUE’, ‘TXkgVmFsdWU=’);
if (iid.Invoke(‘CreateObject’) == 0) {
}
}
Values given in hexadecimal form should not be base64 encoded. |
CreateRequest
The following properties are available to control the behavior for certificate requests.
Property | Description | Default value | Requirement | ||
---|---|---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which should generate the certificate request. Use this property when creating a request for an existing token, and use |
||||
Base64 |
Specifies whether the generated request value should be base64 encoded. This property does not affect given values, only the returned request value. |
Default value is |
|||
Extractable |
Specifies whether a generated key pair should be extractable or not. This value only has effect when a new key pair is generated during the creation of the certificate request. |
Default value is |
|||
KeyId |
Specifies the key pair ID. This value is preferably used when generating a request for an existing key pair, but may be used to set a specific ID for your key pair. |
Default value is none; key ID will be generated when key pair is generated. |
|||
KeyLabel |
Specifies the key pair label. This value is used when generating a request for a new key pair. |
Default value is none; key pair will have empty label. |
|||
KeyReuse |
Specifies whether the certificate request should be reusing an old key pair or tries to generate a new key pair. Only |
Default value is |
|||
KeySize |
Specifies the key pair size. This value is used when generating a request for a new key pair. Specify a number in bits. |
Mandatory when generating a new request. |
|||
KeyUsage |
Specifies the key pair usage. This value is used when generating a request for a new key pair. |
Default value is |
|||
OneTimePassword |
Specifies the one time password. This value may be used when generating a CMC certificate request for a new key pair. |
Default value is |
|||
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is |
|||
PubKey |
Specifies the public key exponent. This value is used when generating a request for a new key pair. |
Default value is 65535 (0x010001). |
|||
RequestType |
specifies the types of request. Supported values are |
Default value is |
|||
Subject |
Specifies the subject for the certificate request. Use standard RDN values with object identifier, some short names are supported, but not reliable. |
Default value is |
|||
SubjectAltName |
Specifies the value for subject alternative attribute extension. |
||||
Template |
Specifies the value for Microsoft CA template attribute extension. |
||||
TokenLabel |
Specifies the token label. This value is used when creating a new token during the create certificate request.
|
||||
UrlEncode |
Specifies whether the generated request value should be URL encoded. This property does not affect given values, only the returned request value. If property Base64 is false then this value is always |
Default value is |
The following property is available after a successful create certificate request:
Property | Description | Default value | Requirement |
---|---|---|---|
Request |
Can be used to retrieve the certificate request after a successful operation. This value will be formatted according to properties URLEncode and Base64. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘RequestType’, ‘PKCS10’);
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘4711’);
iid.SetProperty(‘Subject’, ‘2.5.4.3=John+Doe’);
iid.SetProperty(‘KeySize’, ‘1024’);
iid.SetProperty(‘KeyUsage’, ‘0xA0’);
if (iid.Invoke(‘CreateRequest’) == 0) {
request = iid.GetProperty(‘Request’);
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘RequestType’, ‘PKCS10’);
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘4711’);
iid.SetProperty(‘Subject’, ‘2.5.4.3=John+Doe’);
iid.SetProperty(‘KeyId’, ‘0x45’);
iid.SetProperty(‘KeyReuse’, ‘true’);
if (iid.Invoke(‘CreateRequest’) == 0) {
request = iid.GetProperty(‘Request’);
}
}
The CMC certificate request type may specify several key pairs during a single request and therefore all key pair properties include a number:
-
KeyId<number>
-
KeyLabel<number>
-
KeyReuse<number>
-
KeySize<number>
-
KeyUsage<number>
-
PubKey<number>
The <number>
value starts from 1 and it is possible to specify any number of key pairs to generate and/or reuse.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘RequestType’, ‘CMC’);
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘4711’);
iid.SetProperty(‘Subject’, ‘2.5.4.3=John+Doe’);
iid.SetProperty(‘KeySize1’, ‘1024’);
iid.SetProperty(‘KeyUsage1’, ‘0xA0’);
iid.SetProperty(‘KeySize2’, ‘1024’);
iid.SetProperty(‘KeyUsage2’, ‘0x40’);
if (iid.Invoke(‘CreateRequest’) == 0) {
request = iid.GetProperty(‘Request’);
}
}
CreateToken
The following properties are available to control the behavior for soft token creation.
Property | Description | Default value | Requirement |
---|---|---|---|
FileName |
Specifies the file containing the token data. Token data is either retrieved from property |
Default value is |
optional |
ImportPassword |
Specifies the password used to protect the token data. This parameter is mandatory when the |
optional |
|
Password |
Specifies the token password. This value is optional when creating a new soft token or importing an existing soft token using the internal soft token format. This property is mandatory when creating a soft token by importing data protected with PKCS#12. |
optional |
|
PasswordMaxLen |
Specifies the maximum password length. |
Default value is according to configuration. |
optional |
PasswordMinLen |
Specifies the minimum password length. |
Default value is according to configuration. |
optional |
PasswordType |
Specifies the password type. See configuration for details. |
Default value is according to configuration. |
optional |
RenewMode |
Specifies the renew mode when an existing token is found when creating a new token. Available values are
|
Default value is |
optional |
TokenData |
Specifies the token data. Token data is either retrieved from property |
Default value is none. |
optional |
TokenLabel |
Specifies the token label, which will be the name of the soft token. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Password’, ‘4711’);
iid.SetProperty(‘TokenLabel’, ‘Soft+eID’);
if (iid.Invoke(‘CreateToken’) == 0) {
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Password’, ‘4711’);
iid.SetProperty(‘ImportPassword’, ‘secret’);
iid.SetProperty(‘FileName’, ‘d:\soft.pfx’);
iid.SetProperty(‘TokenLabel’, ‘Soft+eID’);
if (iid.Invoke(‘CreateToken’) == 0) {
}
}
Decrypt
The following properties are available to control the behavior for decrypt data.
Property | Description | Default value | Requirement |
---|---|---|---|
Base64 |
Specifies whether the decrypted data value should be base64 encoded. This property does not affect given values, only the returned data value. |
Default value is |
optional |
Data |
Specifies the encrypted data. This value must be both base64 and URL encoded. |
||
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is |
optional |
URLEncode |
Specifies whether the decrypted data value should be URL encoded. If property |
Default value is |
optional |
The following property is available after a successful decrypt operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Data |
Property |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Data’, ‘AA…==’);
if (iid.Invoke(‘Decrypt’) == 0) {
data = iid.GetProperty(‘Data’);
}
}
DeleteCertificate
The following properties are available to control the behavior for certificate deletion.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID for the slot/token which contains the certificate to delete. |
||
Certificate |
Specifies the certificate value which should be deleted from the token. Value should be both base64 and URL encoded. |
||
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is |
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Certificate’, ‘MII…=’);
if (iid.Invoke(‘DeleteCertificate’) == 0) {
}
}
DeleteKey
The following properties are available to control the behavior for key pair deletion.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which contains the key pair to delete. |
||
KeyId |
Specifies the key ID value of the key pair which should be deleted from the token. The value is either a string value or hexadecimal encoded. |
||
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is |
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘KeyId’, ‘0x45’);
if (iid.Invoke(‘DeleteKey’) == 0) {
}
}
DeleteToken
The following parameter is available to control the behavior for token deletion.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be deleted. |
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘100’);
if (iid.Invoke(‘DeleteToken’) == 0) {
}
}
DestroyObject
The following properties are available to control the behavior for destroy object.
Property | Description | Default value | Requirement |
---|---|---|---|
Base64 |
optional |
||
CKA_APPLICATION* |
|||
CKA_CLASS* |
|||
CKA_LABEL* |
|||
CKA_PRIVATE* |
*) See operation CreateObject
for information on the attribute values.
This operation will search for an object with matching properties: CKA_APPLICATION
, CKA_CLASS
, CKA_LABEL
, CKA_PRIVATE
and destroy this object.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Base64’, ‘true’);
iid.SetProperty(‘CKA_CLASS’, ‘0x00000000’);
iid.SetProperty(‘CKA_APPLICATION’, ‘’);
iid.SetProperty(‘CKA_PRIVATE’, ‘0x00’);
iid.SetProperty(‘CKA_LABEL’, ‘TXkgTGFiZWw=’);
if (iid.Invoke(‘DestroyObject’) == 0) {
}
}
Digest
The following properties are available to control the behavior for encrypt data.
Property | Description | Default value | Requirement |
---|---|---|---|
Algorithm |
Specifies the algorithm to use when digesting the data. The value is the object identifier for the algorithm. The list of supported algorithms is dependent upon the token/smart card, and some algorithms will be available in software. |
||
Base64 |
Specifies whether the digested data value should be base64 encoded. |
Default value is |
optional |
Data |
Specifies the original data. This value must be both base64 and URL encoded. |
||
URLEncode |
Specifies whether the decrypted data value should be URL encoded. Default value is |
optional |
The following property is available after a successful encrypt operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Data |
Can be used to retrieve the encrypted data after a successful operation. This value will be formatted according to properties |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Data’, ‘AA…==’);
if (iid.Invoke(‘Digest’) == 0) {
data = iid.GetProperty(‘Data’);
}
}
DisableTrace
There are no properties available. The trace enabled with operation EnableTrace
will be disabled.
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘DisableTrace’) == 0) {
}
}
EnableTrace
There are no properties available. This operation will either enable local trace or server trace. Server trace requires that trace server is available and will require the trace server component.
Is currently only available on Windows. |
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘EnableTrace’) == 0) {
}
}
Encrypt
The following properties are available to control the behavior for encrypt data.
Property | Description | Default value | Requirement |
---|---|---|---|
Algorithm |
Specifies the algorithm to use when encrypting the data. The value is the object identifier for the algorithm. The list of supported algorithms is dependent upon the token/smart card. Verify with the vendor which algorithm is supported. |
||
Base64 |
Specifies whether the encrypted data value should be base64 encoded. |
Default value is |
optional |
Certificate |
Specifies the certificate used to encrypt the data. This value must be both base64 and URL encoded. Either this property or |
optional |
|
Data |
Specifies the original data. This value must be both base64 and URL encoded. |
||
KeyId |
Specifies a list of subject key identifiers used to encrypt the data. This value must be hexadecimal. Encoded subject key identifiers from present certificates are separated with |
optional |
|
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is |
optional |
URLEncode |
Specifies whether the decrypted data value should be URL encoded. If property |
Default value is |
optional |
The following property is available after a successful encrypt operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Data |
Can be used to retrieve the encrypted data after a successful operation. This value will be formatted according to properties |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Data’, ‘AA…==’);
iid.SetProperty(‘Certificate’, ‘MII…==’);
if (iid.Invoke(‘Encrypt’) == 0) {
data = iid.GetProperty(‘Data’);
}
}
Export
The following properties are available to control the behavior for soft token or certificate exporting.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be exported. The property is mandatory when exporting a soft token. |
optional |
|
Certificate |
Specifies the certificate which will be exported. The property is mandatory when exporting a certificate. |
optional |
|
FileName |
Specifies full path to the file which will get the exported value. File name ending with |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘100’);
iid.SetProperty(‘FileName’, ‘d:\soft.tkn’);
if (iid.Invoke(‘Export’) == 0) {
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Certificate’, ‘MII…==’);
iid.SetProperty(‘FileName’, ‘d:\soft.cer’);
if (iid.Invoke(‘Export’) == 0) {
}
}
File system requirement for exporting must be fulfilled, but file system access protection, also known as Sandbox, in different web browsers may also interfere with all exporting. Never try to export unless your server is registered as trusted in the web browser. |
FindObject
The following properties are available to control the behavior for find object.
Property | Description | Default value | Requirement |
---|---|---|---|
Base64 |
optional |
||
CKA_APPLICATION* |
optional |
||
CKA_CLASS* |
optional |
||
CKA_LABEL* |
optional |
||
CKA_PRIVATE* |
optional |
||
CKA_VALUE* |
optional |
*) See operation CreateObject
for information of the attribute values.
This operation will search for an object with matching properties and remember this object until a later call to operation UpdateObject
. The active attribute list will be reset after this call.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Base64’, ‘true’);
iid.SetProperty(‘CKA_CLASS’, ‘0x00000000’);
iid.SetProperty(‘CKA_APPLICATION’, ‘’);
iid.SetProperty(‘CKA_PRIVATE’, ‘0x00’);
iid.SetProperty(‘CKA_LABEL’, ‘TXkgTGFiZWw=’);
if (iid.Invoke(‘FindObject’) == 0) {
}
}
GenerateChallenge
There are no properties available to control the behavior. The generated challenge is dependent upon the token/smart card. Check with the card vendor for more information
The following property is available after a successful operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Challenge |
Can be used to retrieve the challenge after a successful operation. This value will be hexadecimal encoded. The real usage of the |
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘GenerateChallenge’)) {
challenge = iid.GetProperty(‘Challenge’);
}
}
HasCertificate
The following property is available to control the search for certificate:
Property | Description | Default value | Requirement |
---|---|---|---|
Certificate |
Specifies the certificate to find. This value must be both base64 and URL encoded. |
Return value is 0 for certificate not present and 1 for certificate available.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Certificate’, ‘MII…==’);
if (iid.Invoke(‘HasCertificate’)) {
}
}
InitToken
The following properties are available to control the behavior for token initialization.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be initialized. This operation is only available for smart card tokens. |
||
Password |
Specifies the administrator password used to initialize the token. The value is a string or hexadecimal string prefixed with |
||
Profile |
Specifies the smart card profile available in configuration. This profile is depending on smart card and purpose of the card. The available profile values are returned from |
||
UnlockPassword |
Specifies the PUK used to unlock the password/PIN after smart card is initialized. The value is string value, depending on smart card, but usually 8 digits. |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘0x00..00’);
iid.SetProperty(‘UnlockPassword’, ‘47114711’);
iid.SetProperty(‘Profile’, ‘eID+Card’);
if (iid.Invoke(‘InitToken’) == 0) {
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘0x00..00’);
if (iid.Invoke(‘Login’) == 0) {
iid.SetProperty(‘Password’, ‘0x’);
iid.SetProperty(‘Profile’, ‘User+Reset’);
if (iid.Invoke(‘InitToken’) == 0) {
}
}
}
Initialize token using user PIN is only useful when there is a need to update user protected files. The property Password parameter 0x will result in empty password therefore the current logged on user will be used instead of administrator.
|
IsRefreshing
There are no properties available. The operation will only return the current status of internal refreshing.
Return value is 1 when internally refreshing and 0 when not refreshing.
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘IsRefreshing’)) {
}
}
Login
The following properties are available to control the behavior for login:
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be logged on. |
||
Password |
Specifies the password/PIN used when logging on. The value is a string or hexadecimal string prefixed with |
optional |
|
PasswordType |
Specifies the type of logon. Either |
Default value is |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘4711’);
if (iid.Invoke(‘Login’) == 0) {
}
}
Logout
The following properties are available to control the behavior for login:
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be logged off. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
if (iid.Invoke(‘Logout’) == 0) {
}
}
OpenTrace
There are no properties available. This operation will open the current active trace file.
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘OpenTrace’) == 0) {
}
}
Refresh
There are no properties available. The operation will only start an internal refresh. The refresh includes a restart of eventual service and reload of internal components.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘Refresh);
}
This operation will refresh everything including the internal PKCS#11 library. This operation may have undesirable effects for web browsers using both the plugin and the PKCS#11 directly, since eventual open sessions will be closed. Typical problem scenario is when a SSL/TLS session is opened towards the web server initializing the refresh. |
RefreshInternal
Same as operation ‘Refresh’, but will only reload internal components.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘RefreshInternal’);
}
RefreshService
Same as operation Refresh
, but will only restart eventual service component.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘RefreshService’);
}
Reload
There are no properties available. The operation will only start an internal reload of all components. The reload includes release and load of all libraries.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘Reload);
}
This operation will try to reload everything including the internal PKCS#11 library. This operation will not work for web browsers using both the plugin and the PKCS#11 direct, since the PKCS#11 library will not be released by the web browser. |
Reset
There are no properties available. The operation will only reset all internal plugin variables to default values. When reusing the plugin object it is recommended to use this operation to avoid any undesirable effects, since some property names are reused between operations.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘Reset);
}
ResetToken
The following properties are available to control the behavior for token reset.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be reset. This operation is only available for smart card tokens. |
||
Password |
Specifies the user password used to get private access to the token. The value is a string or hexadecimal string prefixed with |
There are also some advanced configuration properties available to control the reset behavior. For more information contact your technical product support contact.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Password’, ‘4711’);
if (iid.Invoke(‘ResetToken’) == 0) {
}
}
ResetUserData
There are no properties available. This operation will only reset all user data for the current user. This will remove the local configuration and all soft tokens for the current user.
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘ResetUserData’) == 0) {
}
}
RestoreComponentConfig:<name>
There are no properties available. This operation will only restore to last unmodified configuration for the component <name>
.
See documentation for the specific component for more information.
Run
The following property is available to control the run operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Command |
The argument list which will be sent to the internal component. See documentation regarding each component for details of the available commands. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Command’, ‘-about’);
if (iid.Invoke(‘Run’) == 0) {
}
}
ShowMessage
Use this operation to show a message box.
The following properties are available to control the behavior for show message:
Property | Description | Default value | Requirement |
---|---|---|---|
Link |
Specifies an URL link showed in |
Default value empty, no link available. |
optional |
Text |
Specifies a string that represents the text that will be shown in the message box. |
||
Title |
Specifies a string that represents the title that will be shown in the message box. |
Default value is standard product title. |
optional |
Type |
Specifies a string with the type of message box. Supported values are: |
The return value is depending on type of message box, but the following is the complete list:
-
OK 1
-
CANCEL 2
-
YES 6
-
NO 7
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Text’, ‘My+Message’);
iid.SetProperty(‘Title’, ‘My+Title’);
iid.SetProperty(‘Type’, ‘information’);
iid.Invoke(‘ShowMessage’);
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Text’, ‘My+Question’);
iid.SetProperty(‘Title’, ‘My+Title’);
iid.SetProperty(‘Type’, ‘question’);
rc = iid.Invoke(‘Question’);
if (rc == 6) {
}
else if (rc == 7) {
}
}
This operation is obsolete and will be removed in the future, since it requires displaying of user interface. |
Sign
This operation is used to create a digital signature. There are two ways to create the signature, by scripting or with direct activation when web page loads. For scripting everything will be the same as all other operations, but for direct activation the object created and the result is posted by the plugin to a server according to the properties below.
The following properties are available to control the signature creation for both scripting and direct activation:
Property | Description | Default value | Requirement |
---|---|---|---|
Algorithm |
Specifies the algorithm to use when creating the signature. The value is the object identifier for the algorithm. The list of supported algorithms depends on the token/smart card. Verify with the vendor which algorithm is supported. Default value is |
optional |
|
Authentication |
Used to decide type of signature. For value |
Default value is |
optional |
Base64 |
Specifies whether the generated signature value should be base64 encoded. This property does not affect given values, only the returned signature value. |
Default value is |
optional |
Certificate |
Specifies the certificate used to create the signature. Value should be both base64 and URL encoded. It will not be the certificate value that will be used to find the certificate for the signature. Instead the issuer and subject field will be taken from the certificate and the |
optional |
|
Data |
Specifies the data that will be signed. Value should be both base64 and URL encoded. Either |
optional |
|
DataToBeSigned |
Specifies the data that will be signed. Value should URL encoded. Either |
optional |
|
Detached |
Specifies whether the created signature should include the data or not, attached or detached PKCS#7 signature blob. Value |
Default value is |
optional |
IncludeCaCert |
Specifies whether the created signature should try to include the CA certificates or not. Value |
Default value is |
optional |
IncludeRootCaCert |
Specifies whether the created signature should try to include the root CA certificate or not. Value |
Default value is |
optional |
Issuers |
Specifies the acceptable issuers when selecting the certificate used for signature. It is possible to separate |
Default value |
optional |
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is |
optional |
Raw |
Specifies the signature format. Value |
optional |
|
Subjects |
Specifies the acceptable subject when selecting the certificate used for signature. It is possible to separate |
Default value |
optional |
UrlEncode |
Specifies whether the signature data value should be URL encoded. If property |
Default value is |
optional |
Version |
Specifies the minimum acceptable product version. Value is eight numbers with two digits for each part: version 1.2.3.45 is formatted |
Default value is none. |
optional |
The following properties are available to control the signature creation for direct activation:
Property | Description | Default value | Requirement |
---|---|---|---|
DataReturnName |
Specifies the name to return the data when posting the signature. |
Default value |
optional |
DirectActivation |
Specifies the type of operation that should be activated. Currently only the value |
||
PostURL |
Specifies the server to post the signature result. |
optional |
|
SignReturnName |
Specifies the name to return the signature when posting the signature. |
Default value |
optional |
VersionReturnName |
Specifies the name to return the data when posting the signature. |
Default value |
optional |
WindowName |
Specifies the window name to post the signature result. |
optional |
The following property is available after a successful create signature operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Signature |
Contains the created signature after a successful operation. The format is depending on |
Other operations usually return PKCS#11 return coded, but this operation returns the following list to be compatible with other signature plugin vendors:
-
OK 0
-
ERROR_OTHER 1
-
ERROR_USER_ABORT 2
-
ERROR_OUT_OF_MEMORY 3
-
ERROR_BAD_VERSION 4
-
ERROR_PARAMETER_MISSING 5
-
ERROR_PARAMETER_INVALID 6
-
ERROR_SECURITY 7
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘DataToBeSigned’, ‘My+Data’);
iid.SetProperty(‘Certificate’, ‘MII…==’);
if (iid.Invoke(‘Sign’) == 0) {
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘DataToBeSigned’, ‘My+Data’);
iid.SetProperty(‘Issuers’, ‘2.5.4.3=SecMaker CA’);
iid.SetProperty(‘Algorithm’, ‘1.2.840.113549.1.1.11’);
if (iid.Invoke(‘Sign’) == 0) {
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘DataToBeSigned’, ‘My+Data’);
iid.SetProperty(‘Certificate’, ‘MII…==’);
iid.SetProperty(‘Raw’, ‘true’);
if (iid.Invoke(‘Sign’) == 0) {
}
}
StartService
There are no properties available; the operation will only start the internal service.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘StartService);
}
StopService
There are no properties available; the operation will only stop the internal service.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.Invoke(‘StopService);
}
UnlockPassword
The following properties are available to control the behavior for unlock password.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token which will be unlocked. |
||
UnlockPassword |
Specifies the password/PUK used to unlock the user password/PIN. The value is a string or hexadecimal string prefixed with |
optional |
|
NewPassword |
Specifies the new user password/PIN. The value is a string or hexadecimal string prefixed with |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘UnlockPassword’, ‘47114711’);
iid.SetProperty(‘NewPassword’, ‘4711’);
if (iid.Invoke(‘UnlockPassword’) == 0)
}
}
UpdateObject
The following properties are available to control the behavior for update object.
Property | Description | Default value | Requirement |
---|---|---|---|
Base64 |
optional |
||
CKA_APPLICATION* |
|||
CKA_CLASS* |
|||
CKA_LABEL* |
|||
CKA_PRIVATE* |
|||
CKA_VALUE* |
*) See operation CreateObject
for information of the attribute values.
This operation will search for an object with matching properties: CKA_APPLICATION
, CKA_CLASS
, CKA_LABEL
, CKA_PRIVATE
, and update the CKA_VALUE
attribute for this object. Used in combination with operation FindObject
will update all specified attributes.
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Base64’, ‘true’);
iid.SetProperty(‘CKA_CLASS’, ‘0x00000000’);
iid.SetProperty(‘CKA_TOKEN’, ‘0x01’);
iid.SetProperty(‘CKA_PRIVATE’, ‘0x00’);
iid.SetProperty(‘CKA_MODIFIABLE’, ‘0x01’);
iid.SetProperty(‘CKA_LABEL’, ‘TXkgTGFiZWw=’);
iid.SetProperty(‘CKA_VALUE’, ‘TXkgVmFsdWU=’);
if (iid.Invoke(‘UpdateObject’) == 0) {
}
}
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘CKA_CLASS’, ‘0x00000000’);
iid.SetProperty(‘CKA_TOKEN’, ‘0x01’);
iid.SetProperty(‘CKA_PRIVATE’, ‘0x00’);
iid.SetProperty(‘CKA_MODIFIABLE’, ‘0x01’);
iid.SetProperty(‘CKA_LABEL’, ‘Old+Label’);
if (iid.Invoke(‘FindObject’) == 0) {
iid.SetProperty(‘CKA_LABEL’, ‘New+Label’);
if (iid.Invoke(‘UpdateObject’) == 0) {
}
}
}
ValidateInstallation
There are no properties available. The operation will only validate the installation. The validation will check that the configuration has not been updated after the installation.
Return value is 0
for success and 1
for failure (configuration is updated after installation).
iid = document.getElementById(‘iid’);
if (iid != null) {
if (iid.Invoke(‘ValidateInstallation’) != 0) {
}
}
ValidatePassword
The following properties are available to control the behavior for validate password:
Property | Description | Default value | Requirement |
---|---|---|---|
Password |
Specifies the password to validate. |
||
PasswordMaxLen |
Specifies the maximum password length. |
Default value is according to configuration. |
optional |
PasswordMinLen |
Specifies the minimum password length. |
Default value is according to configuration. |
optional |
PasswordType |
Specifies the password type. See configuration for details. |
Default value is according to configuration. |
optional |
Return value is 0
for success and 1
for failure (password not valid).
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Password’, ‘4711’);
if (iid.Invoke(‘ValidatePassword’) != 0) {
}
}
Verify
The following properties are available to control the behavior for verify digital signature operation.
Property | Description | Default value | Requirement |
---|---|---|---|
Base64 |
Specifies whether the returned original data value should be base64 encoded. This property only affects the returned data value and not the given value. |
Default value is |
optional |
Data |
Specifies the encrypted data. This value must be both base64 and URL encoded. |
||
URLEncode |
Specifies whether the returned original data value should be URL encoded. If property |
Default value is |
optional |
The following properties are available after a successful verify digital signature operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Certificate |
Returns the original certificate value used when creating the digital signature. The format is depending on |
||
Data |
Contains the original data after a successful operation. The format is depending on |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Data’, ‘AA…==’);
if (iid.Invoke(‘Verify’) == 0) {
data = iid.GetProperty(‘Data’);
cert = iid.GetProperty(‘Certificate’);
}
}
ViewCertificate
This operation will open a dialog box to show the certificate in the local system certificate viewer.
The following property is available to control the behavior for view certificate operation:
Property | Description | Default value | Requirement |
---|---|---|---|
Certificate |
Contains the certificate value which should be shown. The value must be both base64 and URL encoded. |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘Certificate’, ‘MII…==’);
iid.Invoke(‘ViewCertificate’);
}
WriteCertificate
The following properties are available to control the behavior for certificate writing.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token to write the certificate. There may be several reasons why the search for public key fails, so always try to specify the correct slot ID. |
Default value is first available token, but this may change if the public key value is found on another token. |
optional |
Certificate |
Specifies the certificate value. The value must be both base64 and URL encoded. The value must contain a standard certificate value, or a PKCS#7 blob with several certificate values, or a PKCS#12 blob with both private key and certificate value. Either |
optional |
|
Filename |
Specifies the full path to a file containing the same information as |
optional |
|
ImportPassword |
Specifies the password used to protect the PKCS#12 blob. This parameter is mandatory when |
optional |
|
Label |
Specifies the label of the object created by this operation. |
Default label is subject common name from the certificate for certificate objects and none for key pair objects. |
optional |
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is none; will show password dialog if needed. |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Certificate’, ‘MII…==’);
iid.SetProperty(‘Password’, ‘4711’);
if (iid.Invoke(‘WriteCertificate’) == 0) {
}
}
WriteKey
The following properties are available to control the behavior for key writing.
Property | Description | Default value | Requirement |
---|---|---|---|
ActiveSlot |
Specifies the slot ID of the slot/token to write the key. |
Default value is first available token. |
optional |
Data |
Specifies the unprotected private key blob. Data value must be both base64 and URL encoded. To write a private key protected according to PKCS#12, use operation |
optional |
|
Filename |
Specifies the full path to a file containing the same information as |
optional |
|
Label |
Specifies the label of the object created by this operation. |
Default label is |
optional |
Password |
Specifies the password/PIN used to get private access to the token. |
Default value is none; will show password dialog if needed. |
optional |
iid = document.getElementById(‘iid’);
if (iid != null) {
iid.SetProperty(‘ActiveSlot’, ‘1’);
iid.SetProperty(‘Data’, ‘MII…==’);
iid.SetProperty(‘Password’, ‘4711’);
if (iid.Invoke(‘WriteKey’) == 0) {
}
}