I am trying to interact with HSM using PKCS#11 functions given by vendor. I use below series of function to generate secret key, encrypt and decrypt data. Below sequence works good.
C_Initialize
C_OpenSession
C_Login
C_GenerateKey //3DES KEY
C_EncryptInit
C_Encrypt
C_DecryptInit
C_Decrypt
C_Logout
C_CloseSession
My Questions:
After using C_Logout & C_CloseSession is there a way to reuse same KEY(generated earlier) again by logging back and opening session again with same login credentials?
When I use C_CreateObject does it create session object and destroy it on using C_CloseSession?
Yes, just set
CKA_TOKEN
toCK_TRUE
and provide a label usingCKA_LABEL
to search for it usingC_FindObjects
.Well, yes, according to the PKCS#11 specifications (v2.20, 10.4, Table 21):
Note that your token may not allow all possible attributes or attribute combinations to be set, and may have memory and other limitations.