What does the CKA_SENSITIVE attribute mean in PKCS 11?

Question

What does the CKA_SENSITIVE attribute mean in PKCS 11?

I am reading PKCS 11 documentation and I can’t understand what this means, what does the CKA_SENSITIVE key attribute mean.

And more common: where can I read the description of the attributes?

+4

pkcs # 11

Vestild Sep 03 '12 at 10:58

source share

2 answers

I found out that if CKA_SENSITIVE = FALSE , then a clear key value (for secret keys) can be obtained by the C_GetAttributeValue function, while you cannot get the value itself if CKA_SENSITIVE = TRUE .

+5

Vestild Sep 7 '12 at 8:53

source share

Thijs · Accepted Answer · 2013-02-18T09:43:43+0000

Quote from PKCS # 11 spec v2.20 :

If the CKA_SENSITIVEattribute - CK_TRUE or CKA_EXTRACTABLE attribute is CK_FALSE, then certain attributes of the secret key cannot be detected in clear text outside the token. What attributes are specified for each type of security key in the attribute table in the section that describes this type of key

In general, this means that the actual value of the private key is not displayed. It depends on the key that the attributes make up the value. For secret keys, usually CKA_VALUE , for RSA private keys it will be CKA_PRIVATE_EXPONENT and the parameters of the Chinese residual theorem - if they are part of the key.

What does the CKA_SENSITIVE attribute mean in PKCS 11?

More articles: