PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Table 15, Common footnotes for object attribute tables
| Footnote | Meaning |
| 1 | Must be specified when object is created with C_CreateObject. |
| 2 | Must not be specified when object is created with C_CreateObject. |
| 3 | Must be specified when object is generated with C_GenerateKey or C_GenerateKeyPair. |
| 4 | Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair. |
| 5 | Must be specified when object is unwrapped with C_UnwrapKey. |
| 6 | Must not be specified when object is unwrapped with C_UnwrapKey. |
| 7 | Cannot be revealed if object has its CKA_SENSITIVE attribute set to CK_TRUE or its CKA_EXTRACTABLE attribute set to CK_FALSE. |
| 8 | May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call. |
| 9 | Default value is token-specific, and may depend on the values of other attributes. |
| 10 | Can only be set to CK_TRUE by the SO user. |
| 11 | Attribute cannot be changed once set to CK_TRUE. It becomes a read only attribute. |
| 12 | Attribute cannot be changed once set to CK_FALSE. It becomes a read only attribute. |
Table 16, Common Object Attributes
| Attribute | Data Type | Meaning |
| CKA_CLASS1 | CK_OBJECT_CLASS | Object class (type) |
- Refer to Table 15 for footnotes
The above table defines the attributes common to all objects.