PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
To generate a private key protected by secondary authentication, the application supplies the CKA_SECONDARY_AUTH attribute with value TRUE in the private key template. If the attribute does not exist in the template or has the value FALSE, then the private key is generated with the normal login protection. See sections 10.9 and 11.14 for more information about private key templates and key generation functions respectively.
If the new private key is protected by secondary authentication, a combination of the Cryptoki implementation and the device will transparently gather the initial PIN value.