Cryptoki: a cryptographic Token Interface
Download 360.55 Kb.
|
pkcs11-base-v2.40-cos01
- Navigate this page:
- 9.1.3. Copying objects
9.1.2. Modifying objectsObjects may be modified with the Cryptoki function C_SetAttributeValue (see Section ). The template supplied to C_SetAttributeValue can contain new values for attributes which the object already possesses; values for attributes which the object does not yet possess; or both. Some attributes of an object may be modified after the object has been created, and some may not. In addition, attributes which Cryptoki specifies are modifiable may actually not be modifiable on some tokens. That is, if a Cryptoki attribute is described as being modifiable, that really means only that it is modifiable insofar as the Cryptoki specification is concerned. A particular token might not actually support modification of some such attributes. Furthermore, whether or not a particular attribute of an object on a particular token is modifiable might depend on the values of certain attributes of the object. For example, a secret key object’s CKA_SENSITIVE attribute can be changed from FALSE to TRUE, but not the other way around. All the scenarios in Section —and the error codes they return—apply to modifying objects with C_SetAttributeValue, except for the possibility of a template being incomplete. 9.1.3. Copying objectsObjects may be copied with the Cryptoki function C_CopyObject (see Section ). In the process of copying an object, C_CopyObject also modifies the attributes of the newly-created copy according to an application-supplied template. The Cryptoki attributes which can be modified during the course of a C_CopyObject operation are the same as the Cryptoki attributes which are described as being modifiable, plus the three special attributes CKA_TOKEN, CKA_PRIVATE, and CKA_MODIFIABLE. To be more precise, these attributes are modifiable during the course of a C_CopyObject operation insofar as the Cryptoki specification is concerned. A particular token might not actually support modification of some such attributes during the course of a C_CopyObject operation. Furthermore, whether or not a particular attribute of an object on a particular token is modifiable during the course of a C_CopyObject operation might depend on the values of certain attributes of the object. For example, a secret key object’s CKA_SENSITIVE attribute can be changed from FALSE to TRUE during the course of a C_CopyObject operation, but not the other way around. All the scenarios in Section —and the error codes they return—apply to copying objects with C_CopyObject, except for the possibility of a template being incomplete. Download 360.55 Kb. Share with your friends:
|