I am trying to interact with HSM using PKCS#11 functions given by vendor. I use below series of function to generate secret key, encrypt and decrypt data. Below sequence works good.
C_InitializeC_OpenSessionC_LoginC_GenerateKey //3DES KEYC_EncryptInitC_EncryptC_DecryptInitC_DecryptC_LogoutC_CloseSessionMy Questions:
After using C_Logout & C_CloseSession is there a way to reuse same KEY(generated earlier) again by logging back and opening session again with same login credentials?
When I use C_CreateObject does it create session object and destroy it on using C_CloseSession?
Question: After using C_Logout & C_CloseSession is there a way to reuse same KEY(generated earlier) again by logging back and opening session again with same login credentials?
Yes, just set CKA_TOKEN to CK_TRUE and provide a label using CKA_LABEL to search for it using C_FindObjects.
Question: When I use C_CreateObject does it create session object and destroy it on using C_CloseSession?
Well, yes, according to the PKCS#11 specifications (v2.20, 10.4, Table 21):
CKA_TOKENisCK_TRUEif object is a token object;CK_FALSEif object is a session object. Default isCK_FALSE.
Note that your token may not allow all possible attributes or attribute combinations to be set, and may have memory and other limitations.