Data Objects

Data objects (object class CKO_DATA) hold information defined by an application.  Other than providing access to it, Cryptoki does not attach any special meaning to a data object.  The following table lists the attributes supported by data objects, in addition to the common attributes listed in Common Object Attributes and Common Storage Object Attributes:

Table 1: Data Object Attributes
Attribute Data Type Meaning
CKA_APPLICATION RFC2279 string Description of the application that manages the object (default empty)
CKA_OBJECT_ID Byte Array DER-encoding of the object identifier indicating the data object type (default empty)
CKA_VALUE Byte array Value of the object (default empty)

Each of these attributes may be modified after the object is created.

The CKA_APPLICATION attribute provides a means for applications to indicate ownership of the data objects they manage. However, Cryptoki does not provide a means of ensuring that only a particular application has access to a data object.

The CKA_OBJECT_ID attribute provides an independent and expandable way for an application to indicate the type of a data object. Cryptoki does not provide a means of ensuring that the data object identifier matches the data object type.


Customer Support Portal

SafeNet ProtectToolkit 5.9 Product Documentation  06 January 2020  Copyright 2009-2020 Thales. All rights reserved.