[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] pkcs11-global-objects.docx: CKA_GLOBAL
Thanks Michael, please see my questions at bottom of this email.... On 07/ 5/13 09:29 AM, Michael StJohns wrote:
This is where I get confused. I need more explanation here. Q#4 (continue # from previous emails): In pkcs11-cka-global.docx, you wrote: " 1 Global Attribute Values CKA_GLOBAL - CK_GLOBAL_TYPES This attribute is
used to identify objects that generally persist through
reinitializations of individual tokens, but are created though
token
or driver action and not user action." The "thrown away" and "persist through reinitializations" are conflicting each other. If the seal key is being "thrown away", how can we unwrap the "wrapped objects" after reinitialization of token ? If we cannot, how can those "wrapper objects" "persist through reinitializations" ? It is very important if you could draw two (2) state diagrams to explain the seal key life cycle: a) when CKA_GLOBAL != CKV_NOT_GLOBAL when was the seal key get created, where stored, and destroyed ? b) when CKA_GLOBAL == CKV_NOT_GLOBAL when was the seal key get created, where stored, and destroyed ? Q#5: How many seal key can you have per token ? If you can have more than one, how do you know which seal key is used to wrap which object ? Thanks! -- Best, Oscar |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]