CN105653319A - Method and device for automatically loading PKCS#11 modules to application programs - Google Patents
Method and device for automatically loading PKCS#11 modules to application programs Download PDFInfo
- Publication number
- CN105653319A CN105653319A CN201510993663.2A CN201510993663A CN105653319A CN 105653319 A CN105653319 A CN 105653319A CN 201510993663 A CN201510993663 A CN 201510993663A CN 105653319 A CN105653319 A CN 105653319A
- Authority
- CN
- China
- Prior art keywords
- module
- list
- pkcs
- storehouse
- load
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
Abstract
The invention discloses a method and device for automatically loading PKCS#11 modules to application programs, and belongs to the field of information security. The method comprises the following steps: obtaining a cache catalog of an application program; opening a security module database under the cache catalog of the application program; generating a security module database loaded module list; obtaining a pointer of the list; accessing to the list and judging whether the list comprises module names of to-be-loaded PKCS#11 modules; when the list does not comprise the module names of the to-be-loaded PKCS#11 modules, updating the list; writing the module names of the to-be-loaded PKCS#11 modules and an absolute catalog in the list; and storing the updated list. The method and device disclosed in the invention have the beneficial effects of automatically loading PKCS#11 modules to application programs, do not need the users to grasp a complicated manual loading method, saving the trouble of carrying out manual operations by the users, and providing convenience to the users.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of method and the device that load PKCS#11 module from trend application program.
Background technology
In cryptographic system, PKCS#11 is the one's share of expenses for a joint undertaking in PKI encryption standard (PKCS, Public-KeyCryptographyStandards), it defines a set of programdesign interface independent of technology. Owing to PKCS#11 only provides the definition of interface, and do not comprise the realization of interface, therefore the realization of general interface is provided by equipment supplier, such as, the production firm of intelligent code key can provide the realization of the API meeting PKCS#11 interface standard, i.e. PKCS#11 module, before intelligent key key is used, needing by PKCS#11 module loading to respective application, such final user just can access this application by intelligent key key. Prior art exists following defect: some application programs need user's manual loading PKCS#11 module, and the manual loading method of different application program usually exists difference, such asMozillaFirefoxNeed user by the tool option senior encryption safe equipment manual loading PKCS#11 module, and MozillaThunderbird needs user by the tool option higher certificate safety equipment manual loading PKCS#11 module, therefore manual loading PKCS#11 module not only operate length consuming time and also efficiency low.
Summary of the invention
It is an object of the invention to overcome the defect of prior art, it is provided that a kind of method and device loading PKCS#11 module from trend application program.
The present invention is achieved through the following technical solutions:
The present invention provides a kind of method loading PKCS#11 module from trend application program on the one hand, and described PKCS#11 module is the realization of the API meeting PKCS#11 interface standard, and described method comprises:
Step S1, the CACHE DIRECTORY obtaining application program, open the security module number under the CACHE DIRECTORY of described application program according to storehouse, generates security module number according to storehouse load-on module list;
Step S2, obtain described security module number according to the pointer in storehouse load-on module list;
Step S3, access described security module number according to storehouse load-on module list according to described security module number according to the pointer in storehouse load-on module list, judge that described security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list, it is that described PKCS#11 module loads, terminate, otherwise perform step S4;
Step S4, upgrade described security module number according to storehouse load-on module list, to described security module number according to the module name and the absolute directory that write described PKCS#11 module in storehouse load-on module list;
Security module number after step S5, preservation renewal is according to storehouse load-on module list.
Specifically, described step S1 can specifically comprise: opens the security module number of application program according to storehouse according to the CACHE DIRECTORY of described application program and security module number according to the title in storehouse, generates security module number according to storehouse load-on module list.
The CACHE DIRECTORY of described acquisition application program can specifically comprise: the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles, the CACHE DIRECTORY of the program that is applied according to described storage directory and the combination of described path entry.
Described step S3 can specifically comprise: accesses described security module number each node according to storehouse load-on module list according to described security module number successively according to the pointer in storehouse load-on module list, until the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, or the pointer field of the node of current accessed is empty; If the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, then described security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list, and described PKCS#11 module loads, terminates; If the pointer field of the node of current accessed is empty, described security module number, according to the module name not comprising described PKCS#11 module in storehouse load-on module list, performs step S4.
On the other hand, the present invention also provides a kind of device loading PKCS#11 module from trend application program, and described PKCS#11 module is the realization of the API meeting PKCS#11 interface standard, and described device comprises:
Obtain catalogue module, for obtaining the CACHE DIRECTORY of application program;
Generate list block, for the security module number opened under the CACHE DIRECTORY of the application program that described acquisition catalogue module gets according to storehouse, generate security module number according to storehouse load-on module list;
Obtain list pointer module, for obtaining the pointer of security module number according to storehouse load-on module list of described generation list block generation;
Judge module, access security module number that described generation list block generates according to storehouse load-on module list for the security module number that gets according to described acquisition list pointer module according to the pointer in storehouse load-on module list, judge that described security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list;
Load-on module, for when described judgement module judges the module name not comprising described PKCS#11 module during described security module number is according to storehouse load-on module list, upgrade described generation list block generate security module number according to storehouse load-on module list, to described security module number according to the module name and the absolute directory that write described PKCS#11 module in storehouse load-on module list;
Preserve module, for preserve described load-on module upgrade after security module number according to storehouse load-on module list.
Specifically, described generation list block can be specifically for: the CACHE DIRECTORY of the application program got according to title and the described acquisition catalogue module in storehouse according to security module number opens the security module number of application program according to storehouse, generates security module number according to storehouse load-on module list.
Described acquisition catalogue module can be specifically for: the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles, the CACHE DIRECTORY of the program that is applied according to described storage directory and the combination of described path entry.
Described judgement module can be specifically for: the security module number got according to described acquisition list pointer module accesses each node generating security module number that list block generates according to storehouse load-on module list successively according to the pointer in storehouse load-on module list, until the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, or the pointer field of the node of current accessed is empty; If the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, described security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list, if the pointer field of the node of current accessed is empty, described security module number is according to the module name not comprising described PKCS#11 module in storehouse load-on module list.
The useful effect of the present invention is: adopts technical scheme provided by the invention automatically to load PKCS#11 module in application program, is possible not only to the trouble saving user's manual operation, additionally it is possible to improve the loading efficiency of PKCS#11 module.
Accompanying drawing explanation
In order to the more clearly bright embodiment of the present invention or technical scheme of the prior art, it is briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
The schema of a kind of method loading PKCS#11 module from trend application program that Fig. 1 provides for the embodiment of the present invention 1;
The schema of a kind of method loading PKCS#11 module from trend application program that Fig. 2 provides for the embodiment of the present invention 2;
The skeleton diagram of a kind of device loading PKCS#11 module from trend application program that Fig. 3 provides for the embodiment of the present invention 3.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only the present invention's part embodiment, instead of whole embodiments. Based on the embodiment in the present invention, those skilled in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiment 1
The present embodiment provides a kind of method loading PKCS#11 module from trend application program, and described method can be realized by execute file by operation, and as shown in Figure 1, described method comprises:
Step S1, the CACHE DIRECTORY obtaining application program, open the security module number under the CACHE DIRECTORY of application program according to storehouse, generates security module number according to storehouse load-on module list;
Specifically, the CACHE DIRECTORY obtaining application program can specifically comprise: the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles, the CACHE DIRECTORY of the program that is applied according to described storage directory and the combination of described path entry;
Step S1 can specifically comprise: opens the security module number of application program according to storehouse according to the CACHE DIRECTORY of described application program and security module number according to the title in storehouse, generates security module number according to storehouse load-on module list.
Step S2, acquisition security module number are according to the pointer in storehouse load-on module list;
Step S3, according to security module number according to storehouse load-on module list pointer access security module number according to storehouse load-on module list, judge that security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list, it is that described PKCS#11 module loads, terminate, otherwise perform step S4;
Specifically, step S3 can specifically comprise: accesses security module number each node according to storehouse load-on module list according to security module number successively according to the pointer in storehouse load-on module list, until the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, or the pointer field of the node of current accessed is empty; If the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, then security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list, and described PKCS#11 module loads, terminates; If the pointer field of the node of current accessed is empty, security module number, according to the module name not comprising described PKCS#11 module in storehouse load-on module list, performs step S4.
Step S4, upgrade security module number according to storehouse load-on module list, to security module number according to the module name and the absolute directory that write described PKCS#11 module in storehouse load-on module list;
Security module number after step S5, preservation renewal is according to storehouse load-on module list.
Embodiment 2
The present embodiment provides a kind of method loading PKCS#11 module from trend application program, and described method can be realized by execute file by operation, and as shown in Figure 2, described method comprises:
Step 101, the installation catalogue obtaining application program;
Further, step 101 specifically comprises: identify current operation system, obtains the default installation catalogue of application program under current operation system;
Such as, MozillaFirefox default installation catalogue under a linux operating system is /user/lib/firefox, and the default installation catalogue under MacOS operating system is /Applications/; The default installation catalogue of MozillaThunderbird under linux operating system is /usr/lib/thunderbird, and the default installation catalogue under MacOS operating system is /Applications/Thunderbird.app.
Or, step 101 specifically comprises: the installation catalogue obtaining the application program of user's input.
Step 102, open application program the nss3 dynamic base under catalogue is installed, obtain the handle of nss3 dynamic base;
Step 103, the handle judging whether successfully to get nss3 dynamic base, be then perform step 104, otherwise load unsuccessfully, perform step 114;
Further, step 102 specifically comprises to step 103:
Step b1, the absolute directory installing the nss3 dynamic base under catalogue taking application program and default unfolding mode as parameter, calling system function dlopen, the return of value of receiving system function dlopen;
Such as, the installation catalogue of application program is /user/lib/firefox, and the name that application program installs the nss3 dynamic base under catalogue is called libnss3.so, then the absolute directory of nss3 dynamic base is /user/lib/firefox/libnss3.so;
In the present embodiment, default unfolding mode is RTLD_NOW.
Whether step b2, the return of value judging system function dlopen are NULL, it is, the unsuccessful handle getting nss3 dynamic base, load unsuccessfully, perform step 114, otherwise successfully get the handle of nss3 dynamic base, the return of value of system function dlopen is the handle of nss3 dynamic base, performs step 104.
Step 104, handle according to nss3 dynamic base obtain respectively nss3 dynamic base initialize function, obtain load-on module tabulated function, increase new module function and close the function pointer of function;
Specifically, step 104 comprises:
Taking the function symbol of the handle of nss3 dynamic base and initialize function as parameter, calling system function dlsym obtains the function pointer of initialize function; The function symbol of initialize function is specially NSS_Initialize;
Taking the handle of nss3 dynamic base and obtain load-on module tabulated function function symbol as parameter, calling system function dlsym obtains the function pointer of load-on module tabulated function; The function symbol obtaining load-on module tabulated function is specially SECMOD_GetDefaultModuleList;
Taking the handle of nss3 dynamic base and increase new module function function symbol as parameter, calling system function dlsym obtain increase new module function function pointer; The function symbol increasing new module function is specially SECMOD_AddNewModule;
Taking the handle of nss3 dynamic base and close function function symbol as parameter, calling system function dlsym obtain close function function pointer; The function symbol closing function is specially NSS_Shutdown.
Step 105, the CACHE DIRECTORY obtaining application program;
Specifically, step 105 comprises:
Step c1, the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles;
Further, the storage directory obtaining application profiles can specifically comprise: identifies current operation system, obtains the default storage catalogue of application program its configuration file under current operation system;
The CACHE DIRECTORY of step c2, the program that is applied according to described storage directory and the combination of described path entry.
In the present embodiment, application profiles is specially profiles.ini, and the path entry of application profiles is specially the Path item of profiles.ini;
Such as, the profiles.ini file of MozillaFirefox default storage catalogue under a linux operating system is: User Catalog/.Mozilla/firefox, and the default storage catalogue under MacOS operating system is: User Catalog/Library/ApplicationSupport/Firefox; The profiles.ini file of MozillaThunderbird default storage catalogue under a linux operating system is: User Catalog/.thunderbird, and the default storage catalogue under MacOS operating system is: User Catalog/Library/Thunderbird;
If the default storage catalogue of application profiles is: User Catalog/.mozilla/firefox, the path entry of application profiles is stj60m3k.default-1427959545304, then the CACHE DIRECTORY of application program is: User Catalog/.mozilla/firefox/stj60m3k.default-1427959545304.
Step 106, it is called parameter with application cache catalogue and security module number according to the name in storehouse, calls security module number that initialize function opens under the CACHE DIRECTORY of application program according to storehouse, generate security module number according to storehouse load-on module list;
In the present embodiment, security module number is called secmod.db according to the name in storehouse;
Further, parameter when calling initialize function can also comprise: the prefix in certificate data storehouse, the prefix of key database and initialize mode mark; Wherein, the prefix in certificate data storehouse and the prefix of key database are NULL, and initialize mode mark is specially integer 0, represent that initialize mode is comprehensive initialize.
Step 107, return of value according to initialize function judge whether successfully to generate security module number according to storehouse load-on module list, are then perform step 108, otherwise load unsuccessfully, execution step 114;
In the present embodiment, return of value according to initialize function judges whether that successfully generating security module number specifically comprises according to storehouse load-on module list: the return of value judging initialize function, if the return of value of initialize function is TRUE, successfully generating security module number according to storehouse load-on module list, if the return of value of initialize function is FALSE, unsuccessful generation security module number is according to storehouse load-on module list.
Step 108, call and obtain load-on module tabulated function and obtain the pointer of security module number according to storehouse load-on module list;
Step 109, judge whether to get the pointer of security module number according to storehouse load-on module list, it is then perform step 110, otherwise loads unsuccessfully, execution step 114;
In the present embodiment, judge whether to get security module number specifically to comprise according to the pointer in storehouse load-on module list: judge whether the return of value obtaining load-on module tabulated function is NULL, it is do not get the pointer of security module number according to storehouse load-on module list, otherwise getting the pointer of security module number according to storehouse load-on module list, the return of value obtaining load-on module tabulated function is the pointer of security module number according to storehouse load-on module list.
Step 110, according to security module number according to the pointer access security module number in storehouse load-on module list according to the first node in storehouse load-on module list;
Specifically, in the present embodiment, security module number is specially chain table according to storehouse load-on module list, security module number according to the pointed security module number in storehouse load-on module list according to the first node in storehouse load-on module list.
Whether the data element stored in the data field of step 111, the node judging current accessed is the module name of described PKCS#11 module, is that described PKCS#11 module loads, performs step 114, otherwise performs step 112;
Whether the pointer field of step 112, the node judging current accessed is empty, is then perform step 113, otherwise accesses next node according to next the node address in the pointer field of the node of current accessed, returns step 111;
Step 113, taking the module name of described PKCS#11 module and absolute directory as parameter, call and increase new module function renewal security module number according to storehouse load-on module list, the module name of PKCS#11 module and absolute directory are write security module number according to storehouse load-on module list, preserve the security module number after upgrading according to storehouse load-on module list, perform step 114;
Further, call parameter when increasing new module function can also comprise: mark is enabled in encryption algorithm mark and encryption; Wherein, encryption algorithm mark and encryption are enabled mark and are integer 0, represent that encryption algorithm is default encryption algorithm and does not enable encryption respectively.
Step 113 also comprises: the return of value judging to increase new module function, if the return of value increasing new module function is TRUE, module name and the absolute directory of described PKCS#11 module write successfully, if the return of value increasing new module function is FALSE, module name and the absolute directory of described PKCS#11 module write unsuccessfully, the failure of described PKCS#11 module loading.
Step 114, call and close function and close security module number according to storehouse, terminate.
In the present embodiment, specifically function pointer according to initialize function calls initialize function, call according to the function pointer obtaining load-on module tabulated function and obtain load-on module tabulated function, calling according to the function pointer increasing new module function and increase new module function, the function pointer according to closing function calls closedown function.
Embodiment 3
The present embodiment provides a kind of device loading PKCS#11 module from trend application program, as shown in Figure 3, specifically comprises:
Obtain catalogue module 300, for obtaining the CACHE DIRECTORY of application program;
Specifically, in the present embodiment, obtaining catalogue module can be specifically for: the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles, the CACHE DIRECTORY of the program that is applied according to described storage directory and the combination of described path entry.
Generate list block 301, for opening the security module number obtaining under the CACHE DIRECTORY of application program that catalogue module 300 gets according to storehouse, generate security module number according to storehouse load-on module list;
Specifically, in the present embodiment, generating list block 301 can be specifically for: opens the security module number of application program according to storehouse according to security module number according to the title in storehouse and the CACHE DIRECTORY that obtains the application program that catalogue module gets, generates security module number according to storehouse load-on module list;
Obtain list pointer module 302, for obtaining the security module number generating list block 301 generation according to the pointer in storehouse load-on module list;
Judge module 303, for generating security module number that list block 301 generates according to storehouse load-on module list according to obtaining the pointer access of the security module number that gets of list pointer module 302 according to storehouse load-on module list, judge that described security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list;
Specifically, in the present embodiment, judge that module 303 can be specifically for: once access security module number each node according to storehouse load-on module list according to obtaining pointer according to storehouse load-on module list of security module number that list pointer module 302 gets, until the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, or the pointer field of the node of current accessed is empty; Wherein, if the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list, if the pointer field of the node of current accessed is empty, security module number is according to the module name not comprising described PKCS#11 module in storehouse load-on module list.
Load-on module 304, for when judging that module 303 judges the module name not comprising described PKCS#11 module during described security module number is according to storehouse load-on module list, more newly-generated list block 301 generate security module number according to storehouse load-on module list, to described security module number according to the module name and the absolute directory that write described PKCS#11 module in storehouse load-on module list;
Preserve module 305, for preserve load-on module 304 upgrade after security module number according to storehouse load-on module list.
Embodiment 4
The present embodiment provides a kind of method of automatic unloading PKCS#11 module, and described method can be realized by execute file by operation, specifically comprises:
Step 201, the installation catalogue obtaining application program;
Further, step 201 specifically comprises: identify current operation system, obtains the default installation catalogue of application program under current operation system;
Such as, MozillaFirefox default installation catalogue under a linux operating system is /user/lib/firefox, and the default installation catalogue under MacOS operating system is /Applications/; The default installation catalogue of MozillaThunderbird under linux operating system is /usr/lib/thunderbird, and the default installation catalogue under MacOS operating system is /Applications/Thunderbird.app.
Or, step 201 specifically comprises: the installation catalogue obtaining the application program of user's input.
Step 202, open application program the nss3 dynamic base under catalogue is installed, obtain the handle of nss3 dynamic base;
Step 203, the handle judging whether successfully to get nss3 dynamic base then perform step 204, otherwise dismount failure, perform step 210;
Further, step 202 specifically comprises to step 203:
Step b1, the absolute directory installing the nss3 dynamic base under catalogue taking application program and default unfolding mode as parameter, calling system function dlopen, the return of value of receiving system function dlopen;
Such as, the installation catalogue of application program is /user/lib/firefox, and the name that application program installs the nss3 dynamic base under catalogue is called libnss3.so, then the absolute directory of nss3 dynamic base is /user/lib/firefox/libnss3.so;
In the present embodiment, default unfolding mode is RTLD_NOW.
Whether step b2, the return of value judging system function dlopen are NULL, it is, the unsuccessful handle getting nss3 dynamic base, dismount failure, perform step 210, otherwise successfully get the handle of nss3 dynamic base, the return of value of system function dlopen is the handle of nss3 dynamic base, performs step 204.
Step 204, handle according to nss3 dynamic base obtain the initialize function of nss3 dynamic base respectively, search modularity function, removing module function and close the function pointer of function;
Specifically, step 204 comprises:
Taking the function symbol of the handle of nss3 dynamic base and initialize function as parameter, calling system function dlsym obtains the function pointer of initialize function; The function symbol of initialize function is specially NSS_Initialize;
Taking the handle of nss3 dynamic base and search modularity function function symbol as parameter, calling system function dlsym obtains the function pointer searching modularity function; The function symbol searching modularity function is specially SECMOD_FindModule;
Taking the function symbol of the handle of nss3 dynamic base and removing module function as parameter, calling system function dlsym obtains the function pointer of removing module function; The function symbol of removing module function is specially SECMOD_DeleteModule;
Taking the handle of nss3 dynamic base and close function function symbol as parameter, calling system function dlsym obtain close function function pointer; The function symbol closing function is specially NSS_Shutdown.
Step 205, the CACHE DIRECTORY obtaining application program;
Specifically, step 205 comprises:
Step c1, the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles;
Further, the storage directory obtaining application profiles can specifically comprise: identifies current operation system, obtains the default storage catalogue of application program its configuration file under current operation system;
The CACHE DIRECTORY of step c2, the program that is applied according to described storage directory and the combination of described path entry.
In the present embodiment, application profiles is specially profiles.ini, and the path entry of application profiles is specially the Path item of profiles.ini;
Such as, the profiles.ini file of MozillaFirefox default storage catalogue under a linux operating system is: User Catalog/.Mozilla/firefox, and the default storage catalogue under MacOS operating system is: User Catalog/Library/ApplicationSupport/Firefox; The profiles.ini file of MozillaThunderbird default storage catalogue under a linux operating system is: User Catalog/.thunderbird, and the default storage catalogue under MacOS operating system is: User Catalog/Library/Thunderbird;
If the default storage catalogue of application profiles is: User Catalog/.mozilla/firefox, the path entry of application profiles is stj60m3k.default-1427959545304, then application cache catalogue is: User Catalog/.mozilla/firefox/stj60m3k.default-1427959545304.
Step 206, it is called parameter with application cache catalogue and security module number according to the name in storehouse, calls security module number that initialize function opens under the CACHE DIRECTORY of application program according to storehouse, generate security module number according to storehouse load-on module list;
In the present embodiment, security module number is called secmod.db according to the name in storehouse;
Further, parameter when calling initialize function can also comprise: the prefix in certificate data storehouse, the prefix of key database and initialize mode mark; Wherein, the prefix in certificate data storehouse and the prefix of key database are NULL, and initialize mode mark is specially integer 0, represent that initialize mode is comprehensive initialize.
Step 207, return of value according to initialize function judge whether successfully to generate security module number according to storehouse load-on module list, are then perform step 208, otherwise dismount failure, perform step 210;
In the present embodiment, return of value according to initialize function judges whether that successfully generating security module number specifically comprises according to storehouse load-on module list: the return of value judging initialize function, if the return of value of initialize function is TRUE, successfully generating security module number according to storehouse load-on module list, if the return of value of initialize function is FALSE, unsuccessful generation security module number is according to storehouse load-on module list.
Step 208, with the module of PKCS#11 module parameter by name, call and search modularity function and judge that security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list, it is then perform step 209, otherwise described PKCS#11 module is unloaded or not yet loads, dismount failure, performs step 210;
In the present embodiment, judge that security module number specifically comprises according to the module name whether comprising described PKCS#11 module in storehouse load-on module list: judge whether the return of value searching modularity function is NULL, it is that security module number is according to the module name not comprising described PKCS#11 module in storehouse load-on module list, otherwise security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list.
Step 209, with the module of PKCS#11 module parameter by name, call removing module function and the module name of described PKCS#11 module and absolute directory are deleted according to storehouse from security module number, perform step, 210;
Further, parameter when calling removing module function can also comprise encryption and enable mark; In the present embodiment, encryption is enabled mark and is specially integer 0, represents and does not enable encryption.
Step 209 also comprises: the return of value judging removing module function, if the return of value of removing module function is TRUE, module name and the absolute directory of described PKCS#11 module are deleted successfully, unload successfully, if the return of value of removing module function is FALSE, module name and the absolute directory of described PKCS#11 module are deleted unsuccessfully, dismount failure.
Step 210, call and close function and close security module number according to storehouse, terminate.
In the present embodiment, specifically function pointer according to initialize function calls initialize function, calling according to the function pointer searching modularity function and search modularity function, call removing module function according to the function pointer of removing module function, the function pointer according to closing function calls closedown function.
Above-described embodiment is the present invention's more preferably embodiment, and the usual change that the technician of this area carries out within the scope of technical solution of the present invention and replacement all should be included in protection scope of the present invention.
Claims (8)
1. load a method for PKCS#11 module from trend application program, described PKCS#11 module is the realization of the API meeting PKCS#11 interface standard, it is characterised in that, described method comprises:
Step S1, the CACHE DIRECTORY obtaining application program, open the security module number under the CACHE DIRECTORY of described application program according to storehouse, generates security module number according to storehouse load-on module list;
Step S2, obtain described security module number according to the pointer in storehouse load-on module list;
Step S3, access described security module number according to storehouse load-on module list according to described security module number according to the pointer in storehouse load-on module list, judge that described security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list, it is that described PKCS#11 module loads, terminate, otherwise perform step S4;
Step S4, upgrade described security module number according to storehouse load-on module list, to described security module number according to the module name and the absolute directory that write described PKCS#11 module in storehouse load-on module list;
Security module number after step S5, preservation renewal is according to storehouse load-on module list.
2. the method for claim 1, it is characterized in that, described step S1 specifically comprises: opens the security module number of application program according to storehouse according to the CACHE DIRECTORY of described application program and security module number according to the title in storehouse, generates security module number according to storehouse load-on module list.
3. the method for claim 1, it is characterized in that, the CACHE DIRECTORY of described acquisition application program specifically comprises: the storage directory obtaining application profiles, by described storage directory access application application configuration file, read the path entry in described application profiles, the CACHE DIRECTORY of the program that is applied according to described storage directory and the combination of described path entry.
4. the method for claim 1, it is characterized in that, described step S3 specifically comprises: access described security module number each node according to storehouse load-on module list according to described security module number successively according to the pointer in storehouse load-on module list, until the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, or the pointer field of the node of current accessed is empty; If the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, then described security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list, and described PKCS#11 module loads, terminates; If the pointer field of the node of current accessed is empty, described security module number, according to the module name not comprising described PKCS#11 module in storehouse load-on module list, performs step S4.
5. load a device for PKCS#11 module from trend application program, described PKCS#11 module is the realization of the API meeting PKCS#11 interface standard, it is characterised in that, described device comprises:
Obtain catalogue module, for obtaining the CACHE DIRECTORY of application program;
Generate list block, for the security module number opened under the CACHE DIRECTORY of the application program that described acquisition catalogue module gets according to storehouse, generate security module number according to storehouse load-on module list;
Obtain list pointer module, for obtaining the pointer of security module number according to storehouse load-on module list of described generation list block generation;
Judge module, access security module number that described generation list block generates according to storehouse load-on module list for the security module number that gets according to described acquisition list pointer module according to the pointer in storehouse load-on module list, judge that described security module number is according to the module name whether comprising described PKCS#11 module in storehouse load-on module list;
Load-on module, for when described judgement module judges the module name not comprising described PKCS#11 module during described security module number is according to storehouse load-on module list, upgrade described generation list block generate security module number according to storehouse load-on module list, to described security module number according to the module name and the absolute directory that write described PKCS#11 module in storehouse load-on module list;
Preserve module, for preserve described load-on module upgrade after security module number according to storehouse load-on module list.
6. device as claimed in claim 5, it is characterized in that, described generation list block specifically for: the CACHE DIRECTORY of the application program got according to title and the described acquisition catalogue module in storehouse according to security module number opens the security module number of application program according to storehouse, generates security module number according to storehouse load-on module list.
7. device as claimed in claim 5, it is characterized in that, described acquisition catalogue module specifically for: obtain application profiles storage directory, by described storage directory access application application configuration file, read the path entry in described application profiles, the CACHE DIRECTORY of the program that is applied according to described storage directory and the combination of described path entry.
8. device as claimed in claim 5, it is characterized in that, described judgement module accesses each node generating security module number that list block generates according to storehouse load-on module list successively specifically for: the security module number got according to described acquisition list pointer module according to the pointer in storehouse load-on module list, until the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, or the pointer field of the node of current accessed is empty; If the data element in the data field of the node of current accessed is the module name of described PKCS#11 module, described security module number is according to the module name comprising described PKCS#11 module in storehouse load-on module list, if the pointer field of the node of current accessed is empty, described security module number is according to the module name not comprising described PKCS#11 module in storehouse load-on module list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510993663.2A CN105653319B (en) | 2015-12-25 | 2015-12-25 | A kind of method and device from trend application program load PKCS#11 module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510993663.2A CN105653319B (en) | 2015-12-25 | 2015-12-25 | A kind of method and device from trend application program load PKCS#11 module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105653319A true CN105653319A (en) | 2016-06-08 |
| CN105653319B CN105653319B (en) | 2018-11-23 |
Family
ID=56476919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510993663.2A Active CN105653319B (en) | 2015-12-25 | 2015-12-25 | A kind of method and device from trend application program load PKCS#11 module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105653319B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789037A (en) * | 2017-01-24 | 2017-05-31 | 山东渔翁信息技术股份有限公司 | A kind of endorsement method and device of PKCS#11 interface interchanges encryption device |
| CN108234477A (en) * | 2017-12-29 | 2018-06-29 | 成都三零嘉微电子有限公司 | A kind of cipher object management method of PKCS#11 agreements in the application of commercial cipher algorithm |
| CN108780482A (en) * | 2017-06-06 | 2018-11-09 | 华为技术有限公司 | The method and apparatus applied in management safety device |
| WO2018223509A1 (en) * | 2017-06-06 | 2018-12-13 | 华为技术有限公司 | Method of managing application in secure device, and device |
| CN110209339A (en) * | 2018-02-28 | 2019-09-06 | 华为终端有限公司 | A kind of management method of memory space, safety element and terminal |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388771A (en) * | 2007-09-10 | 2009-03-18 | 捷德(中国)信息科技有限公司 | Method and system for downloading digital certificate |
| CN103093136A (en) * | 2012-12-27 | 2013-05-08 | 飞天诚信科技股份有限公司 | Method enabling java application to access to intelligent secret key device |
-
2015
- 2015-12-25 CN CN201510993663.2A patent/CN105653319B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388771A (en) * | 2007-09-10 | 2009-03-18 | 捷德(中国)信息科技有限公司 | Method and system for downloading digital certificate |
| CN103093136A (en) * | 2012-12-27 | 2013-05-08 | 飞天诚信科技股份有限公司 | Method enabling java application to access to intelligent secret key device |
Non-Patent Citations (2)
| Title |
|---|
| HYPATIA、阿_天: ""如何编程实现导入证书?"", 《HTTP://MOZILLA.COM.CN/THREAD-330006-1-1.HTML》 * |
| 落@/KA叶: ""firefox浏览器怎么自动加载PKCS#11呢?需要改哪个配置文件?"", 《HTTP://MOZILLA.COM.CN/FORUM.PHP?MOD=VIEWTHREAD&TID=58687&HIGHLIGHT=CERTUTIL》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789037A (en) * | 2017-01-24 | 2017-05-31 | 山东渔翁信息技术股份有限公司 | A kind of endorsement method and device of PKCS#11 interface interchanges encryption device |
| CN108780482A (en) * | 2017-06-06 | 2018-11-09 | 华为技术有限公司 | The method and apparatus applied in management safety device |
| WO2018223509A1 (en) * | 2017-06-06 | 2018-12-13 | 华为技术有限公司 | Method of managing application in secure device, and device |
| CN108780482B (en) * | 2017-06-06 | 2020-10-27 | 华为技术有限公司 | Method and device for managing applications in a secure device |
| CN108234477A (en) * | 2017-12-29 | 2018-06-29 | 成都三零嘉微电子有限公司 | A kind of cipher object management method of PKCS#11 agreements in the application of commercial cipher algorithm |
| CN108234477B (en) * | 2017-12-29 | 2020-10-09 | 成都三零嘉微电子有限公司 | Cipher object management method of PKCS #11 protocol in commercial cipher algorithm application |
| CN110209339A (en) * | 2018-02-28 | 2019-09-06 | 华为终端有限公司 | A kind of management method of memory space, safety element and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105653319B (en) | 2018-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105653319A (en) | Method and device for automatically loading PKCS#11 modules to application programs | |
| CN107025559B (en) | Service processing method and device | |
| CN106156186B (en) | Data model management device, server and data processing method | |
| CN1933647B (en) | Apparatus and method for controlling access to an external memory | |
| CN104679532A (en) | Method and device for loading kernel module | |
| CN103559065A (en) | Method and system for OTA (Over-the-Air Technology) upgrade | |
| CN108241720B (en) | Data processing method, device and computer readable storage medium | |
| CN107911741A (en) | Free memory method for improving, smart television and computer-readable recording medium | |
| US8473504B2 (en) | Stabilized binary differencing | |
| CN112965882B (en) | Data fault analysis method and device | |
| CN104484211B (en) | The method and device of shared image file | |
| CN108170456B (en) | Firmware upgrading method and device for electronic equipment | |
| CN107368406A (en) | The method, apparatus and equipment of test application program | |
| CN103309696A (en) | Method and device for updating Java card extended library, and Java card | |
| CN107766228B (en) | Multi-language-based automatic testing method and device | |
| CN108415767A (en) | Server thread control method, device, equipment and readable storage medium storing program for executing | |
| CN108595292A (en) | A kind of optimization method of system, mobile terminal and computer storage media | |
| CN114186976A (en) | Workflow transfer method and device, computer equipment and storage medium | |
| CN114443065A (en) | Platform deployment method, platform deployment device, electronic equipment and storage medium | |
| CN112416442A (en) | Equipment process control method, equipment and medium | |
| CN106293897B (en) | Automatic scheduling system of subassembly | |
| CN111104312A (en) | Test case variable storage management method, system, terminal and storage medium | |
| CN113094078A (en) | Safety detection method, device, equipment and medium | |
| CN115455932A (en) | Command help information verification method, device and equipment and readable storage medium | |
| CN104932873A (en) | File processing method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |