PKCS#11 –Persistent Object Secure Storage Support

The following APIs can operate on the objects in both token (persistent) and session (ephemeral) mode if the token secure storage is available.

C_CopyObject
C_DestroyObject
C_SetAttributeValue
C_GenerateKey
C_UnwrapKey
C_WrapKey
C_DeriveKey
C_CreateObject

Availability of a token secure storage can be established by calling C_GetTokenInfo and checking that field “ulMaxRwSessionCount” is set to 1. “ulMaxRwSessionCount” set to 1 means secure storage is functional. Vice-versa, the value CK_UNAVAILABLE_INFORMATION in “ulMaxRwSessionCount” indicates secure storage is not functional.

The PKCS#11 Library CK_TOKEN_INFO structure contain the following values:


ulMaxRwSessionCount	PKCS#11 Specification: Maximum number of read/write sessions that can be opened with the token at one time by a single application.	NVIDIA Implementation: When set to 1, it means secure storage is functional; otherwise, it will remain as CK_UNAVAILABLE_INFORMATION.