How to save a temporary value in a security token?

Question

Is it possible to save a value in a security token memory by using PyKCS11 and M2Crypto?

I need to save an integer to token memory, so that the value can be carried out with the token

I know how to create objects, but is it possible to create attributes in a token, so whenever I read that attribute I will know the status of that token.

Answer 1

using PKCS#11, the only way to store 'home made' data, it through the use of a CKO_DATA object type. Like any object, it can be persistent on the token (not lost when the token is powered off) or it can be a memory object (lost when the session to the token is closed).

To create a CKO_DATA object is similar to any other object creation:

• open a r/w session on the slot
• if the object is to be protected by user authentication (CKU_USER) then Login as user
• create the object template with mandatory attributes such as CKA_CLASS etc. (refer to the PKCS#11 specifications for details)
• set the CKA_TOKEN to TRUE if the object is to be persistent, or FALSE if it is a memory object
• set the CKA_PRIVATE to TRUE* if you want this object to be read/writen only upon successfull user authentication or set it to **FALSE if anybody can access it.
• set a CKA_LABEL and CKA_APPLICATION attributes with values you want to help you find the object next time
• set the CKA_VALUE attribute to the value you want (your integer)
• Call C_CreateObject, using this template will create the desired object.

HTH,