Daniel Kahn Gillmor dkg at
Thu Apr 17 10:37:39 PDT 2014

Hi p11-kit folks--

i was looking at the source for truecrypt [0], and it appears to use
pkcs11.h.  Looking at their source code, Common/SecurityToken.cpp
appears to rely on two #defines that seem like they should belong to
PKCS#11, but aren't in pkcs11.h from p11-kit.  In particular, the
following two symbols aren't resolved:


I don't understand the history of PCKS#11 well enough to know what the
background is here.

But i do note that bind9 appears to define them this way:

/* The following return values are new for PKCS #11 v2.20 amendment 3 */
#define CKR_NEW_PIN_MODE                      0x000001B0
#define CKR_NEXT_OTP                          0x000001B1

Should these be added to pkcs11.h for p11-kit?




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the p11-glue mailing list