Storage Objects

Table 18, Common Storage Object Attributes
Attribute Data Type Meaning

CKA_TOKEN CK_BBOOL TRUE if object is a token object; FALSE if object is a session object (default FALSE)

CKA_PRIVATE CK_BBOOL TRUE if object is a private object; FALSE if object is a public object. Default value is token-specific, and may depend on the values of other attributes of the object.

CKA_MODIFIABLE CK_BBOOL TRUE if object can be modified (default TRUE)

CKA_LABEL RFC2279 string Description of the object (default empty)

Only the CKA_LABEL attribute can be modified after the object is created. (The CKA_TOKEN, CKA_PRIVATE, and CKA_MODIFIABLE attributes can be changed in the process of copying an object, however.)

The CKA_TOKEN attribute identifies whether the object is a token object or a session object.

When the CKA_PRIVATE attribute is TRUE, a user may not access the object until the user has been authenticated to the token.

The value of the CKA_MODIFIABLE attribute determines whether or not an object is read-only. It may or may not be the case that an unmodifiable object can be deleted.

The CKA_LABEL attribute is intended to assist users in browsing.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v210

Attribute	Data Type	Meaning

CKA_TOKEN	CK_BBOOL	TRUE if object is a token object; FALSE if object is a session object (default FALSE)
CKA_PRIVATE	CK_BBOOL	TRUE if object is a private object; FALSE if object is a public object. Default value is token-specific, and may depend on the values of other attributes of the object.
CKA_MODIFIABLE	CK_BBOOL	TRUE if object can be modified (default TRUE)
CKA_LABEL	RFC2279 string	Description of the object (default empty)