![]() | Cryptographic Token Interface Standard |
PKCS#11 |
In Cryptoki, every object (with the possible exception of RSA private keys) always possesses all possible attributes specified by Cryptoki for an object of its type. This means, for example, that a Diffie-Hellman private key object always possesses a CKA_VALUE_BITS attribute, ''even if that attribute wasn't specified when the key was generated'' (in such a case, the proper value for the attribute is computed during the key generation process).
In general, a Cryptoki function which requires a template for an object needs the template to specify"either explicitly or implicitly"any attributes that are not specified elsewhere. If a template specifies a particular attribute more than once, the function can return CKR_TEMPLATE_INVALID or it can choose a particular value of the attribute from among those specified and use that value. In any event, object attributes are always single-valued.