Software to Hardware Key Migration Aids
Often times it might be necessary to migrate a software key on
to a hardware device. However, this migration is a security risk,
compared to keys generated, stored, and secured on a hardware device.
Importing a software key to a hardware device can be done through
setKeyEntry method can accept a software key
as argument and converts the key to a session key object. Session
object is short lived, it only exists during that session. When a
session is closed, the object will be destroyed. If you want to store
the key permanently on the token, you can do so by using the configuration
file. The attributes option allows you to add additional PKCS#11
attributes to the configuration file. You can add attributes for "import"
operation with CKA_TOKEN=true. That means that the keys with the
type and algorithm specified in this set of attributes will be imported
as token object. Token objects stay on the token after the session
is closed. This operation is subject to the hardware device restriction.