I am trying to interact with HSM using PKCS#11 functions given by vendor.
I use below series of function to generate secret key, encrypt and decrypt data.
Below sequence works good.
C_GenerateKey //3DES KEY
Question: After using C_Logout & C_CloseSession is there a way to reuse same KEY(generated earlier) again by logging back and opening session again with same login credentials?
Yes, just set
CK_TRUE and provide a label using
CKA_LABEL to search for it using
Question: When I use C_CreateObject does it create session object and destroy it on using C_CloseSession?
Well, yes, according to the PKCS#11 specifications (v2.20, 10.4, Table 21):
CK_TRUEif object is a token object;
CK_FALSEif object is a session object. Default is
Note that your token may not allow all possible attributes or attribute combinations to be set, and may have memory and other limitations.