How to recognize an EP11 token
You can use the pkcsconf -t command to display a table that shows
all available tokens. You can check the slot and token information, and the PIN status
at any time.
The following information provided by the pkcsconf -t command about the
EP11 token is returned
in the Token Info section, where, for example,
Token #1
Info displays information about the token plugged into slot number
1.$ pkcsconf -t
Token #1 Info:
Label: ep11
Manufacturer: IBM Corp.
Model: IBM EP11Tok
Serial Number: 123
Flags: 0x880445
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED
|SO_PIN_TO_BE_CHANGED)
Sessions: 0/-2
R/W Sessions: -1/-2
PIN Length: 4-8
Public Memory: 0xFFFFFFFF/0xFFFFFFFF
Private Memory: 0xFFFFFFFF/0xFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 15:29:43
The most important information
is as follows:
- The token Label you assigned at the initialization phase
(
ep11, in the example). You can initialize or change a token label by using thepkcsconf -Icommand. - The Model name is unique and designates the token that is in use.
- The Flags provide information about the token initialization
status, the PIN status, and features such as Random Number
Generator (RNG). They also provide information about
requirements, such as Login required, which means that there
is at least one mechanism that requires a session log-in to use that
cryptographic function. For example, the mask for TOKEN_INITIALIZED is
0x00000400 and it is true, if the token has been initialized.
The flag USER_PIN_TO_BE_CHANGED indicates that the user PIN must be changed before the token can be used. The flag SO_PIN_TO_BE_CHANGED indicates that the SO PIN must be changed before the token can be used.
For more information about the flags provided in this output, see the description of the TOKEN_INFO structure and the Token Information Flags in the PKCS #11 Cryptographic Token Interface Standard.
- The PIN length range declared for this token.