0
  1. I open a session
  2. I create an AES key with a label by using C_CreateObject
  3. I can lookup the created object by label by using C_FindObjects.
  4. I close the session.
  5. I open a new session.
  6. I can no longer lookup the created object by label using C_FindObjects.

What am I doing wrong?

Thanks!

user1804394
  • 41
  • 7

1 Answers1

0

Two possibilities come to my mind:

  1. Per PKCS#11 2.40,

Only session objects can be created during a read-only session

Therefore the session of C_CreateObject needs to have been opened with the flags argument set to CKF_SERIAL_SESSION | CKF_RW_SESSION .

  1. The pTemplate argment to C_CreateObject needs to include the CKA_TOKEN attribute so that the newly created key would be a "token object" rather than a "session object".

In PKCS#11, a token object is persistent across sessions whereas a session object is ephemeral and would get dropped once the session is closed.

Hope this helps.

Hanson Char
  • 230
  • 2
  • 5