Cryptographic Token Interface Standard

PKCS#11


Data objects

Data objects (object class CKO_DATA) hold information defined by an application. Other than providing access to it, Cryptoki does not attach any special meaning to a data object. The following table lists the attributes supported by data objects, in addition to the common attributes listed in Table 14 :

Table 15, Data Object Attributes
Attribute Data type Meaning
CKA_APPLICATION Local string Description of the application that manages the object (default empty)
CKA_VALUE Byte array Value of the object (default empty)

Both of these attributes may be modified after the object is created.

The CKA_APPLICATION attribute provides a means for applications to indicate ownership of the data objects they manage. Cryptoki does not provide a means of ensuring that only a particular application has access to a data object, however.

The following is a sample template containing attributes for creating a data object:

CK_OBJECT_CLASS class = CKO_DATA;
CK_CHAR label[] = "A data object";
CK_CHAR application[] = "An application";
CK_BYTE data[] = "Sample data";
CK_BBOOL true = TRUE;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_LABEL, label, sizeof(label)},
{CKA_APPLICATION, application, sizeof(application)},
{CKA_VALUE, data, sizeof(data)}
};


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v201