Cryptographic Token Interface Standard |
PKCS#11 |
Objects may be copied with the Cryptoki function C_CopyObject (see Section 11.7). In the process of copying an object, C_CopyObject also modifies the attributes of the newly-created copy according to an application-supplied template.
The Cryptoki attributes which can be modified during the course of a C_CopyObject operation are the same as the Cryptoki attributes which are described as being modifiable, plus the three special attributes CKA_TOKEN, CKA_PRIVATE, and CKA_MODIFIABLE. To be more precise, these attributes are modifiable during the course of a C_CopyObject operation insofar as the Cryptoki specification is concerned. A particular token might not actually support modification of some such attributes during the course of a C_CopyObject operation. Furthermore, whether or not a particular attribute of an object on a particular token is modifiable during the course of a C_CopyObject operation might depend on the values of certain attributes of the object. For example, a secret key object's CKA_SENSITIVE attribute can be changed from FALSE to TRUE during the course of a C_CopyObject operation, but not the other way around.
All the scenarios in Section 10.1.1 "and the error codes they return" apply to copying objects with C_CopyObject, except for the possibility of a template being incomplete.