pkcsconf "Flags" field

    /* The flags parameter is defined as follows:
     *      Bit Flag                        Mask        Meaning
     */
    #define CKF_RNG                       0x00000001  /* has random # generator */
    #define CKF_WRITE_PROTECTED           0x00000002  /* token is write-protected */
    #define CKF_LOGIN_REQUIRED            0x00000004  /* user must login */
    #define CKF_USER_PIN_INITIALIZED      0x00000008  /* normal user's PIN is set */
    
    /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0.  If it is set,
     * that means that *every* time the state of cryptographic
     * operations of a session is successfully saved, all keys
     * needed to continue those operations are stored in the state */
    #define CKF_RESTORE_KEY_NOT_NEEDED    0x00000020
    
    /* CKF_CLOCK_ON_TOKEN is new for v2.0.  If it is set, that means
     * that the token has some sort of clock.  The time on that
     * clock is returned in the token info structure */
    #define CKF_CLOCK_ON_TOKEN            0x00000040
    
    /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0.  If it is
     * set, that means that there is some way for the user to login
     * without sending a PIN through the Cryptoki library itself */
    #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
    
    /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0.  If it is true,
     * that means that a single session with the token can perform
     * dual simultaneous cryptographic operations (digest and encrypt;
     * decrypt and digest; sign and encrypt; and decrypt and sign) */
    #define CKF_DUAL_CRYPTO_OPERATIONS    0x00000200
    
    /* CKF_TOKEN_INITIALIZED is new for v2.11. If it is true, the
     * token has been initialized using C_InitializeToken or an
     * equivalent mechanism outside the scope of this standard.
     * Calling C_InitializeToken when this flag is set will cause
     * the token to be reinitialized. */
    #define CKF_TOKEN_INITIALIZED     0x00000400
    
    /* CKF_SECONDARY_AUTHENTICATION is new for v2.11.  If it is
     * true, the token supports secondary authentication for private
     * key objects. According to the 2.11 spec pg. 45, this flag
     * is deprecated and this flags should never be true. */
    #define CKF_SECONDARY_AUTHENTICATION  0x00000800
    
    /* CKF_USER_PIN_COUNT_LOW is new in v2.11.  This flag is true
     * is an incorrect user PIN has been entered at least once
     * since the last successful authentication. */
    #define CKF_USER_PIN_COUNT_LOW        0x00010000
    
    /* CKF_USER_PIN_FINAL_TRY is new in v2.11.  This flag is true if
     * supplying an incorrect user PIN will cause it to become locked. */
    #define CKF_USER_PIN_FINAL_TRY        0x00020000
    
    /* CKF_USER_PIN_LOCKED is new in v2.11.  This is true if the user
     * PIN has been locked.  User login to the token is not possible. */
    #define CKF_USER_PIN_LOCKED       0x00040000
    
    /* CKF_USER_PIN_TO_BE_CHANGED is new in v2.11.  This flag is true if
     * the user PIN value is the default value set by token initialization
     * of manufacturing, or the PIN has been expired by the card. */
    #define CKF_USER_PIN_TO_BE_CHANGED    0x00080000
    
    /* CKF_SO_PIN_COUNT_LOW is new in v2.11.  This flag is true if
     * and incorrect SO login PIN has been entered at least once
     * since the last successful authentication. */
    #define CKF_SO_PIN_COUNT_LOW      0x00100000
    
    /* CKF_SO_PIN_FINAL_TRY is new in v2.11.  This flag is true if
     * supplying an incorrect SO PIN will cause it to become locked. */
    #define CKF_SO_PIN_FINAL_TRY      0x00200000
    
    /* CKF_SO_PIN_LOCKED is new in v2.11.  This flag is true if the
     * SO PIN has been locked.  User login to the token is not possible. */
    #define CKF_SO_PIN_LOCKED     0x00400000
    
    /* CKF_SO_PIN_TO_BE_CHANGED is new in v2.11. This flag is true if the SO PIN 
     * value is the default value set by token initialization of manufacturing,
     * or the PIN has been expired by the card. */
    #define CKF_SO_PIN_TO_BE_CHANGED  0x00800000
    
    /*  other IBM extended Token info Flags 05/29/99  */
    #define CKF_SO_PIN_DERIVED          0x01000000  // Sec Officer pin on card is derived from card id
    #define CKF_SO_CARD                 0x02000000  // Security Officer Card
    /* End of IBM extented Token Info Flags   */