[Softhsm-develop] The lifespan of a private key identifier

Rick van Rein rick at openfortress.nl
Tue Aug 24 18:20:51 UTC 2021

Hello Full Name,

>      My question is, what is the lifespan of this identifier?

The authoritative source for this information is the PKCS #11
specification.  Read That Functional Manual :-)

You should never, Never, NEVER make assumptions about an
exchangeable API like PKCS #11 based on a mere implementation
such as SoftHSM2.  That only causes Bad Jynx.

Having said that, CKA_ID is only an identifier if it is set to a
unique value.  Also, it "identifies" both public and private keys
(and says/suggests they form a pair).  It is stored as an attribute
along with the others, and remains the same until it is changed.

I suppose this is another way to say that you should read the
PKCS #11 specification, namely to understand what the CKA_ID really
is and what properties you may assign to it.


More information about the Softhsm-develop mailing list