Cryptographic Token Interface Standard

PKCS#11


Public key objects


Sections

RSA public key objects
DSA public key objects
ECDSA public key objects
Diffie-Hellman public key objects
KEA public key objects

Detailed Description

Public key objects (object class CKO_PUBLIC_KEY) hold public keys. This version of Cryptoki recognizes five types of public keys: RSA, DSA, ECDSA, Diffie-Hellman, and KEA. The following table defines the attributes common to all public keys, in addition to the common attributes listed in Table 14 and Table 19 :

Table 20, Common Public Key Attributes
Attribute Data type Meaning
CKA_SUBJECT8 Byte array DER-encoding of the key subject name (default empty)
CKA_ENCRYPT8 CK_BBOOL TRUE if key supports encryption9
CKA_VERIFY8 CK_BBOOL TRUE if key supports verification where the signature is an appendix to the data9
CKA_VERIFY_RECOVER8 CK_BBOOL TRUE if key supports verification where the data is recovered from the signature9
CKA_WRAP8 CK_BBOOL TRUE if key supports wrapping (i.e., can be used to wrap other keys)9

It is intended in the interests of interoperability that the subject name and key identifier for a public key will be the same as those for the corresponding certificate and private key. However, Cryptoki does not enforce this, and it is not required that the certificate and private key also be stored on the token.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v201