Cryptographic Token Interface Standard

PKCS#11


Objects, attributes, and templates

In Cryptoki, every object (with the possible exception of RSA private keys) always possesses all possible attributes specified by Cryptoki for an object of its type. This means, for example, that a Diffie-Hellman private key object always possesses a CKA_VALUE_BITS attribute, ''even if that attribute wasn't specified when the key was generated'' (in such a case, the proper value for the attribute is computed during the key generation process).

In general, a Cryptoki function which requires a template for an object needs the template to specify"either explicitly or implicitly"any attributes that are not specified elsewhere. If a template specifies a particular attribute more than once, the function can return CKR_TEMPLATE_INVALID or it can choose a particular value of the attribute from among those specified and use that value. In any event, object attributes are always single-valued.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v201