PKCS#11 –Persistent Object Secure Storage Support
The following APIs can operate on the objects in both token (persistent) and session (ephemeral) mode if the token secure storage is available.
- C_CopyObject
- C_DestroyObject
- C_SetAttributeValue
- C_GenerateKey
- C_UnwrapKey
- C_WrapKey
- C_DeriveKey
- C_CreateObject
Availability of a token secure storage can be established by calling C_GetTokenInfo and checking that field “ulMaxRwSessionCount” is set to 1. “ulMaxRwSessionCount” set to 1 means secure storage is functional. Vice-versa, the value CK_UNAVAILABLE_INFORMATION in “ulMaxRwSessionCount” indicates secure storage is not functional.
The PKCS#11 Library CK_TOKEN_INFO structure contain the following values:
ulMaxRwSessionCount | PKCS#11 Specification: Maximum number of read/write sessions that can be opened with the token at one time by a single application. | NVIDIA Implementation: When set to 1, it means secure storage is functional; otherwise, it will remain as CK_UNAVAILABLE_INFORMATION. |