Key Objects
The following figure illustrates details of key objects:
Figure 1: Key Attribute Detail
Key objects hold encryption or authentication keys, which can be public keys, private keys, or secret keys. The following common footnotes apply to all the tables describing attributes of keys:
The following table defines the attributes common to public key, private key and secret key classes, in addition to the common attributes listed in Common Object Attributes and Common Storage Object Attributes
Attribute |
Data Type |
Meaning |
---|---|---|
|
CK_KEY_TYPE
|
Type of key |
|
Byte array |
Key identifier for key (default empty) |
|
CK_DATE
|
Start date for the key (default empty). If not empty then the attribute holds starting date for the key. |
|
CK_DATE
|
End date for the key (default empty). If not empty then the attribute holds expiry date for the key. |
|
Byte array |
DER encoded certificate of the key administrator. See more details in the discussion on Key Usage Limits. |
|
CK_BBOOL
|
TRUE if key supports key derivation (that is, if other keys can be derived from this one (default FALSE) |
|
|
TRUE only if key was either >generated locally (that is, on the token) with a C_GenerateKey or C_GenerateKeyPaircall >created with a C_CopyObject call as a copy of a key which had its CKA_LOCAL attribute set to TRUE |
|
|
List of allowable mechanisms that can be used. For more information see the entry for this attribute in Additional Attribute Types. |