CT_CopyObject

This function is a SafeNet extension to PKCS #11. It is identical to the C_CopyObject function, except it is capable of copying objects from one token to another token where the two tokens belong to the same adapter.

NOTE   This function can only be used to copy objects whose attribute CKA_EXTRACTABLE=TRUE.

This function copies an object from one session to another session, creating a new object for the copy.

>hSession is the source session’s handle;

>hObject is the destination’s session handle;

>hObject is the object’s handle;

>pTemplate points to the template for the new object;

>ulCount is the number of attributes in the template;

>phNewObject points to the location that receives the handle for the copy of the object.

Synopsis

CT_CopyObject(
        CK_SESSION_HANDLE hDestSession,
        CK_SESSION_HANDLE hSourceSession,
        CK_OBJECT_HANDLE hObject,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phNewObject
);

If the base object has a valid CKA_USAGE_LIMIT attribute, then the base object is deleted after a successful copy.

The template may specify new values for any attributes of the object that can ordinarily be modified (for example: in the course of copying a secret key, a key’s CKA_EXTRACTABLE attribute may be changed from TRUE to FALSE, but not the other way around. If this change is made, the new key’s CKA_NEVER_EXTRACTABLE attribute will have the value FALSE.

Similarly, the template may specify that the new key’s CKA_SENSITIVE attribute be TRUE; the new key will have the same value for its CKA_ALWAYS_SENSITIVE attribute as the original key). It may also specify new values of the CKA_TOKEN and CKA_PRIVATE attributes (e.g., to copy a session object to a token object).

If the template specifies a value of an attribute which is incompatible with other existing attributes of the object, the call fails with the return code CKR_TEMPLATE_INCONSISTENT.

If a call to CT_CopyObject cannot support the precise template supplied to it, it will fail and return without creating any object.

Only session objects can be created during a read-only session. Only public objects can be created unless the normal user is logged in.

NOTE   If the “Increased Security” flag is set as part of the security policy, then C_CopyObject does not allow changing the CKA_MODIFIABLE flag from FALSE to TRUE.


Customer Support Portal

SafeNet ProtectToolkit 5.7 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.