Skip to content
Endi S. Dewata edited this page May 16, 2023 · 6 revisions

KeyPairGenerator

JSS_PK11_generateKeyPairWithOpFlags()

PK11AttrFlags attrFlags = 0;

if (temporary) {
    attrFlags |= PK11_ATTR_SESSION;
} else {
    attrFlags |= PK11_ATTR_TOKEN;
}

if (extractable == 1) {
    attrFlags |= PK11_ATTR_EXTRACTABLE;
} else if (extractable == 0) {
    attrFlags |= PK11_ATTR_UNEXTRACTABLE;
}

// The default of sensitive is set this way to be backward compatible.
if (sensitive == -1) {
    sensitive = !temporary;
}

// The PRIVATE/PUBLIC attributes are set this way to be backward
// compatible with the original PK11_GenerateKeyPair call.
if (sensitive) {
    attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
} else {
    attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
}

*privk = PK11_GenerateKeyPairWithOpFlags(
    slot,
    mechanism,
    params,
    pubk,
    attrFlags,
    (CK_FLAGS) op_flags,
    (CK_FLAGS) op_flags_mask /* the ones we don't want*/,
    NULL /* default PW callback */);

See also:

Clone this wiki locally