# pkcsconf "Flags" field ``` /* The flags parameter is defined as follows: * Bit Flag Mask Meaning */ #define CKF_RNG 0x00000001 /* has random # generator */ #define CKF_WRITE_PROTECTED 0x00000002 /* token is write-protected */ #define CKF_LOGIN_REQUIRED 0x00000004 /* user must login */ #define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's PIN is set */ /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, * that means that *every* time the state of cryptographic * operations of a session is successfully saved, all keys * needed to continue those operations are stored in the state */ #define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means * that the token has some sort of clock. The time on that * clock is returned in the token info structure */ #define CKF_CLOCK_ON_TOKEN 0x00000040 /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is * set, that means that there is some way for the user to login * without sending a PIN through the Cryptoki library itself */ #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, * that means that a single session with the token can perform * dual simultaneous cryptographic operations (digest and encrypt; * decrypt and digest; sign and encrypt; and decrypt and sign) */ #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 /* CKF_TOKEN_INITIALIZED is new for v2.11. If it is true, the * token has been initialized using C_InitializeToken or an * equivalent mechanism outside the scope of this standard. * Calling C_InitializeToken when this flag is set will cause * the token to be reinitialized. */ #define CKF_TOKEN_INITIALIZED 0x00000400 /* CKF_SECONDARY_AUTHENTICATION is new for v2.11. If it is * true, the token supports secondary authentication for private * key objects. According to the 2.11 spec pg. 45, this flag * is deprecated and this flags should never be true. */ #define CKF_SECONDARY_AUTHENTICATION 0x00000800 /* CKF_USER_PIN_COUNT_LOW is new in v2.11. This flag is true * is an incorrect user PIN has been entered at least once * since the last successful authentication. */ #define CKF_USER_PIN_COUNT_LOW 0x00010000 /* CKF_USER_PIN_FINAL_TRY is new in v2.11. This flag is true if * supplying an incorrect user PIN will cause it to become locked. */ #define CKF_USER_PIN_FINAL_TRY 0x00020000 /* CKF_USER_PIN_LOCKED is new in v2.11. This is true if the user * PIN has been locked. User login to the token is not possible. */ #define CKF_USER_PIN_LOCKED 0x00040000 /* CKF_USER_PIN_TO_BE_CHANGED is new in v2.11. This flag is true if * the user PIN value is the default value set by token initialization * of manufacturing, or the PIN has been expired by the card. */ #define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 /* CKF_SO_PIN_COUNT_LOW is new in v2.11. This flag is true if * and incorrect SO login PIN has been entered at least once * since the last successful authentication. */ #define CKF_SO_PIN_COUNT_LOW 0x00100000 /* CKF_SO_PIN_FINAL_TRY is new in v2.11. This flag is true if * supplying an incorrect SO PIN will cause it to become locked. */ #define CKF_SO_PIN_FINAL_TRY 0x00200000 /* CKF_SO_PIN_LOCKED is new in v2.11. This flag is true if the * SO PIN has been locked. User login to the token is not possible. */ #define CKF_SO_PIN_LOCKED 0x00400000 /* CKF_SO_PIN_TO_BE_CHANGED is new in v2.11. This flag is true if the SO PIN * value is the default value set by token initialization of manufacturing, * or the PIN has been expired by the card. */ #define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 /* other IBM extended Token info Flags 05/29/99 */ #define CKF_SO_PIN_DERIVED 0x01000000 // Sec Officer pin on card is derived from card id #define CKF_SO_CARD 0x02000000 // Security Officer Card /* End of IBM extented Token Info Flags */ ```