[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: CKA_DESTROYABLE
I've started work on the 3.0 "protection attributes" section. As
part of that, I ended up writing a description of the
CKA_DESTROYABLE attribute - and that made me think about some
interesting interactions with CKA_TOKEN. I'm half thinking that we need to update the description of CKA_DESTROYABLE for 2.4 as I don't think we covered this properly. (I've got CKA_DESTROYABLE as a sticky attribute with the sticky value being CK_FALSE and the unset default value being CK_TRUE) Here's what I've written on this: CKA_DESTROYABLEThis attribute controls the use of the C_DestroyObject command on the containing object. The command may only be used on the object if the value of CKA_DESTROYABLE of the object being destroyed is set to CK_TRUE. If this attribute is set to CK_FALSE, then if the CKA_TOKEN attribute is set to CK_TRUE (e.g. the object is a token object), the object is persistent until the token is reinitialized through a call to C_InitToken, or zeroized through non-PKCS11 means. Otherwise, if the object is a session object, setting the attribute to CK_TRUE causes the object to persist until the session is terminated. If a non-destroyable session object is changed to a token object, unless the call to C_SetAttributeValue includes a specific setting for CKA_DESTROYABLE, the call will remove the setting for that attribute on the token object (e.g. the object will take on the default value for CKA_DESTROYABLE). This ensures that an implementation will not inadvertently create non-destroyable token objects. If a non-destroyable object is also a token object, it may NOT be changed into a session object. E.g., if a token object is non-destroyable, its CKA_TOKEN attribute is read-only and has a value of CK_TRUE. Thoughts? Mke |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]