Hi, for the key generation in libhsm, i more or less copied the templates in hsm-toolkit. These had CKA_SENSITIVE=false and CKA_EXTRACTABLE=true. However, as Rickard pointed out to me, these should probably be the other way around. I think he's right, but just wanted to conform this with the list. Any objections? Jelte