PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
The following table defines the attributes common to all objects:
Table 14, Common Object Attributes
| Attribute | Data Type | Meaning |
| CKA_CLASS1 | CK_OBJECT_CLASS | Object class (type) |
| CKA_TOKEN | CK_BBOOL | TRUE if object is a token object; FALSE if object is a session object (default FALSE) |
| CKA_PRIVATE | CK_BBOOL | TRUE if object is a private object; FALSE if object is a public object. Default value is token-specific, and may depend on the values of other attributes of the object. |
| CKA_MODIFIABLE | CK_BBOOL | TRUE if object can be modified (default TRUE) |
| CKA_LABEL | Local string | Description of the object (default empty) |
1Must be specified when object is created
Only the CKA_LABEL attribute can be modified after the object is created. (The CKA_TOKEN, CKA_PRIVATE, and CKA_MODIFIABLE attributes can be changed in the process of copying an object, however.)
Cryptoki Version 2.01 supports the following values for CKA_CLASS (i.e., the following classes (types) of objects): CKO_DATA, CKO_CERTIFICATE, CKO_PUBLIC_KEY, CKO_PRIVATE_KEY, and CKO_SECRET_KEY.
The CKA_TOKEN attribute identifies whether the object is a token object or a session object.
When the CKA_PRIVATE attribute is TRUE, a user may not access the object until the user has been authenticated to the token.
The value of the CKA_MODIFIABLE attribute determines whether or not an object is read-only. It may or may not be the case that an unmodifiable object can be deleted.
The CKA_LABEL attribute is intended to assist users in browsing.