![]() | Cryptographic Token Interface Standard |
PKCS#11 |
This section defines the object class CKO_DOMAIN_PARAMETERS for type CK_OBJECT_CLASS as used in the CKA_CLASS attribute of objects.
This object class was created to support the storage of certain algorithm's extended parameters. DSA and DH both use domain parameters in the key-pair generation step. In particular, some libraries support the generation of domain parameters (originally out of scope for PKCS11) so the object class was added.
To use a domain parameter object you must extract the attributes into a template and supply them (still in the template) to the corresponding key-pair generation function.
Domain parameter objects (object class CKO_DOMAIN_PARAMETERS) hold public domain parameters.
The following table defines the attributes common to domain parameter objects in addition to the common attributes defined for this object class:
Table 32, Common Domain Parameter Attributes
Attribute | Data Type | Meaning |
CKA_KEY_TYPE1 | CK_KEY_TYPE | Type of key the domain parameters can be used to generate. |
CKA_LOCAL2,4 | CK_BBOOL | CK_TRUE only if domain parameters were either * generated locally (i.e., on the token) with a C_GenerateKey * created with a C_CopyObject call as a copy of domain parameters which had its CKA_LOCAL attribute set to CK_TRUE |
- Refer to Table 15 for footnotes
The CKA_LOCAL attribute has the value CK_TRUE if and only if the value of the domain parameters were originally generated on the token by a C_GenerateKey call.