Cryptoki: a cryptographic Token Interface

Download 360.55 Kb.

Page	54/196
Date	22.12.2023
Size	360.55 Kb.
	#63026

1 ... 50 51 52 53 54 55 56 57 ... 196

v201-95
pkcs11-base-v2.40-cos01

CKA_SENSITIVE
CKA_EXTRACTABLE

Attribute	Data type
Meaning
CKA_SUBJECT⁸	Byte array	DER-encoding of certificate subject name (default empty)
CKA_SENSITIVE⁸ (see below)	CK_BBOOL	TRUE if key is sensitive⁹
CKA_DECRYPT⁸	CK_BBOOL	TRUE if key supports decryption⁹
CKA_SIGN⁸	CK_BBOOL	TRUE if key supports signatures where the signature is an appendix to the data⁹
CKA_SIGN_RECOVER⁸	CK_BBOOL	TRUE if key supports signatures where the data can be recovered from the signature⁹
CKA_UNWRAP⁸	CK_BBOOL	TRUE if key supports unwrapping (i.e., can be used to unwrap other keys)⁹
CKA_EXTRACTABLE⁸ (see below)	CK_BBOOL	TRUE if key is extractable⁹
CKA_ALWAYS_SENSITIVE^2,4,6	CK_BBOOL	TRUE if key has always had the CKA_SENSITIVE attribute set to TRUE
CKA_NEVER_EXTRACTABLE^2,4,6	CK_BBOOL	TRUE if key has never had the CKA_EXTRACTABLE attribute set to TRUE

After an object is created, the CKA_SENSITIVE attribute may be changed, but only to the value TRUE. Similarly, after an object is created, the CKA_EXTRACTABLE attribute may be changed, but only to the value FALSE. Attempts to make other changes to the values of these attributes should return the error code CKR_ATTRIBUTE_READ_ONLY.

If the CKA_SENSITIVE attribute is TRUE, or if the CKA_EXTRACTABLE attribute is FALSE, then certain attributes of the private key cannot be revealed in plaintext outside the token. Which attributes these are is specified for each type of private key in the attribute table in the section describing that type of key.
If the CKA_EXTRACTABLE attribute is FALSE, then the key cannot be wrapped.
It is intended in the interests of interoperability that the subject name and key identifier for a private key will be the same as those for the corresponding certificate and public key. However, this is not enforced by Cryptoki, and it is not required that the certificate and public key also be stored on the token.

Download 360.55 Kb.

Share with your friends: