Cryptographic Token Interface Standard

PKCS#11


Common attributes

Table 15, Common footnotes for object attribute tables
Footnote Meaning
1 Must be specified when object is created with C_CreateObject.
2 Must not be specified when object is created with C_CreateObject.
3 Must be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
4 Must not be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.
5 Must be specified when object is unwrapped with C_UnwrapKey.
6 Must not be specified when object is unwrapped with C_UnwrapKey.
7 Cannot be revealed if object has its CKA_SENSITIVE attribute set to CK_TRUE or its CKA_EXTRACTABLE attribute set to CK_FALSE.
8 May be modified after object is created with a C_SetAttributeValue call, or in the process of copying object with a C_CopyObject call. However, it is possible that a particular token may not permit modification of the attribute during the course of a C_CopyObject call.
9 Default value is token-specific, and may depend on the values of other attributes.
10 Can only be set to CK_TRUE by the SO user.
11 Attribute cannot be changed once set to CK_TRUE. It becomes a read only attribute.
12 Attribute cannot be changed once set to CK_FALSE. It becomes a read only attribute.

Table 16, Common Object Attributes
Attribute Data Type Meaning
CKA_CLASS1 CK_OBJECT_CLASS Object class (type)

- Refer to Table 15 for footnotes

The above table defines the attributes common to all objects.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220