Key Attributes

You can set the following two types of attributes on a key.

Capability

Attribute	Description
encrypt	Whether the key can be used to encrypt data. This attribute is only supported for symmetric keys.
decrypt	Whether the key can be used to decrypt data.
sign	Whether key can be used to sign data.
verify	Whether key can be used to verify signatures.
wrap	Whether the key can be used to wrap (encrypt) other keys for secure transmission or storage. This attribute is only supported for symmetric keys.
unwrap	Whether the key can be used to unwrap (decrypt) encrypted keys.
derive	Whether the key can be used to derive other keys.
bip32	If true, key derivation is done using BIP32. This option can only be true if the key's algorithm is EC or ED and the derive attribute is true.
slip10	If true, key derivation is done using SLIP10. This option can only be true if the key's algorithm is EC or ED and the derive attribute is true.

Access

Attribute	Description
extractable	Whether the key can be extracted from the device. This option can only be true for keys without smart key attributes.
modifiable	Whether the key can be modified once it is generated. Attributes can only get stronger, not weaker (for example, if sensitive was false, it can be set to true, but not vice-versa). This attribute applies only to the key attributes and not to policy.
sensitive	Whether the key is sensitive. To export a key, this must be false.
destroyable	Whether the key can be intentionally destroyed (deleted).
copyable	Whether the key can be copied or duplicated.