Skip to main content

Key Attributes

The HSM enforces that a key can only be used for operations that are allowed by the key's attributes. For example, a key that has only the sign attribute set cannot be used for decryption. This makes key attributes useful to enforce the principle of key separation.

You can set the two types of attributes on a key: access and capability attributes.

Capability

Capability attributes restrict what kind of operations can be done with a key.

AttributeDescription
encryptWhether the key can be used to encrypt data.
decryptWhether the key can be used to decrypt data.
signWhether the key can be used to sign data and create MAC tags.
verifyWhether the key can be used to verify signatures and MAC tags.
wrapWhether the key can be used to wrap (encrypt) other keys for secure transmission or storage. This attribute is only supported for symmetric keys.
unwrapWhether the key can be used to unwrap (decrypt) encrypted keys.
deriveWhether the key can be used to derive other keys.
bip32If true, key derivation is done using BIP32. This option can only be true if the key's algorithm is EC or ED and the derive attribute is true.
slip10If true, key derivation is done using SLIP10. This option can only be true if the key's algorithm is EC or ED and the derive attribute is true.

Internal capabilities

The following capability attributes are used to mark special keys. They are explicitly generated by the user. However, these keys cannot be used by a user to perform operations, only by the HSM itself. They require the root key store to be set up.

AttributeDescription
attestationKey is used to sign attestations. This key has a corresponding certificate chain leading up to the Securosys root certificate.
timestampKey is used to sign timestamps. This key has a corresponding certificate chain leading up to the Securosys root certificate.
integrityKey is used to sign integrity statements. Using this attribute and this type of key is no longer recommended. Use a key with the attestation attribute instead.

Access

Access attributes relate to key management: how the key metadata can be changed, whether the key can be exported, deleted, and so on.

Some of the access attributes are not (easily) reversible. For example, once a key is set to be non-extractable, an application cannot set it back to extractable. See the table below for which transitions are allowed for a given attribute. You can find the same table in section 14.8 of the Primus HSM User Guide.

Generally, applications can only set attributes to become stricter. Applications cannot weaken attributes. This protects against compromised applications. However, attributes can be weakened again by restoring the HSM to a backup that was taken before the attributes were strengthened. This requires Security Officer (SO) intervention, and is thus a conscious choice by the operator.

The table below shows the meaning of the attributes. The "allowed changes" show which transitions applications are allowed to perform.

info

Not all attributes are relevant for and exposed by all API providers.

AttributeMeaning of trueMeaning of falseAllowed changesComments
sensitiveKey can only be exported in encrypted format.Key can be exported in plaintext or encrypted.False → TrueExport still needs to be allowed by extractable.
extractableKey is eligible for export.Key is NOT eligible for export.True → FalseFor SKA keys this must be false.
modifiableKey attributes and key name can be changed.Key attributes and key name can NOT be changed.AnyDoes NOT apply to the SKA policy.
copyableKey can be copied to external storage (via session objects).Key can NOT be copied to external storage.True → False
tokenThe key is stored and synchronized in the cluster.The key is a session object. It is not synchronized in the cluster and available only for the lifetime of the current session.Can only be set during key creation
indestructibleKey can NOT be deleted (and NOT invalidated).Key can be deleted (and invalidated).Can only be set during key creation.Inverse of destroyable.
destroyableKey can be deleted (and invalidated).Key can NOT be deleted (and NOT invalidated).Can only be set during key creation.Inverse of indestructible.
privateKey is accessible only after PKCS#11 private session login.Key is public.Any
publicKey is accessible in a public PKCS#11 session.Key is private.Any
blockedKey can NOT be used for crypto operations. Key can NOT be deleted.Key can be used.False → True
no-public-keyWhen generating a key pair, the public key is not returned (it does not leave the HSM). The public key can be obtained later when creating a signature.The public key is returned by key generation.Flag for key creation.Used in blockchain use cases (to not expose the public key until a signature is made).
never-extractableKey was created inside HSM and was never extractable.Key was imported or marked as extractable at some point.Set by HSM. Not user-modifiable.
always-sensitiveKey was always marked sensitive.Key was marked as sensitive=false at some point.Set by HSM. Not user-modifiable.
localKey was created inside the HSM.Key was imported.Set by HSM. Not user-modifiable.
uniqueKey is unique. It could never be copied (not imported, not copyable, not a session object).There could exist a copy of the key.Set by HSM. Not user-modifiable.
sam-approvedSKA key can be used for SAM approval.SKA key can NOT be used for SAM approval. Or SAM not activated.Set by HSM. Not user-modifiable.Signature Application Module (SAM) for eIDAS use cases.

Using key attributes in your code

With PKCS#11: call C_GetAttributeValue and C_SetAttributeValue.

With JCE: call PrimusKeyAttributes.getKeyAccessFlag, PrimusKeyAttributes.setKeyAccessFlag PrimusKeyAttributes.getKeyCapabilityFlags, and PrimusKeyAttributes.setKeyCapabilityFlag. See this code sample.

Key attestation

Primus HSMs support attestation. An attestation is a signed statement containing, among other things, all attributes of a key. This signed statement allows auditors to verify that a key is securely stored inside a Securosys Primus HSM and what attributes the key has.

The signature is created using a key that has the attestation attribute set. Such a key has a certificate chain that leads back to the Securosys root certificates.

The attestation feature requires a license and requires the Root Key Store to be set up on the HSM. Additionally, the attestation key needs to be explicitly created by the user. See the attestation sample for how to obtain attestations from Java.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Feedback
Need help?