Cryptographic Hardware Keys

In the hardware cryptography environment there are multiple ways to take advantage of the hardware. PKCS#11 allows you to create keys that are SENSITIVE and that have many other attributes (see the PKCS#11 standard). SENSITIVE keys are keys that have the SENSITIVE attribute turned on. This attribute causes parts of the keys to be hidden. For example, an RSA private key that is sensitive does not have an attribute of PRIVATE_EXPONENT, plus others. However, one that is not sensitive will have this attribute. This attribute basically keeps the sensitive parts of keys secret. However, this behavior also means that the key can never be taken off this device. EXTRACTABLE is another attribute and it keeps the key from being able to be wrapped by another key, if the attribute is set to true. These two attributes are of some importance. Keys that are located outside of the hardware device are called clear keys. These keys have to be converted so that they can be used by a PKCS#11 device. This conversion is done using KeyFactory.