PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
ECDSA private key objects (object class CKO_PRIVATE_KEY, key type CKK_ECDSA) hold ECDSA private keys. See Section 12.3 for more information about ECDSA. The following table defines the ECDSA private key object attributes, in addition to the common attributes listed in Table 14 , Table 18 , Table 24 , and Table 32 :
Table 36, ECDSA Private Key Object Attributes
| Attribute | Data type | Meaning |
| CKA_ECDSA_PARAMS1,4,6 | Byte array | DER-encoding of an X9.62 ECParameters value |
| CKA_VALUE1,4,6,7 | Big integer | X9.62 private value d |
The CKA_ECDSA_PARAMS attribute value is known as the "ECDSA parameters".
Note that when generating an ECDSA private key, the ECDSA parameters are not specified in the key's template. This is because ECDSA private keys are only generated as part of an ECDSA key pair, and the ECDSA parameters for the pair are specified in the template for the ECDSA public key.
The following is a sample template for creating an ECDSA private key object:
CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; CK_KEY_TYPE keyType = CKK_ECDSA; CK_UTF8CHAR label[] = "An ECDSA private key object"; CK_BYTE subject[] = {...}; CK_BYTE id[] = {123}; CK_BYTE ecdsaParams[] = {...}; CK_BYTE value[] = {...}; CK_BBOOL true = TRUE; CK_ATTRIBUTE template[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_KEY_TYPE, &keyType, sizeof(keyType)}, {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label)-1}, {CKA_SUBJECT, subject, sizeof(subject)}, {CKA_ID, id, sizeof(id)}, {CKA_SENSITIVE, &true, sizeof(true)}, {CKA_DERIVE, &true, sizeof(true)}, {CKA_ECDSA_PARAMS, ecdsaParams, sizeof(ecdsaParams)}, {CKA_VALUE, value, sizeof(value)} };