Token-Information Flags
CK_TOKEN_INFO Flags Definition:
| Bit Flag | Mask | Supported values | Meaning |
|---|---|---|---|
| CKF_RNG | 0x00000001 | TRUE | True if the token has its own random number generator |
| CKF_WRITE_PROTECTED | 0x00000002 | TRUE | True if the token is write-protected (see below) |
| CKF_LOGIN_REQUIRED | 0x00000004 | TRUE | True if there are some cryptographic functions that a user must be logged in to perform |
| CKF_USER_PIN_INITIALIZED | 0x00000008 | TRUE/ FALSE | True if the normal user’s PIN has been initialized |
| CKF_RESTORE_KEY_NOT_NEEDED | 0x00000020 | FALSE | True if a successful save of a session’s cryptographic operations state always contains all keys needed to restore the state of the session |
| CKF_CLOCK_ON_TOKEN | 0x00000040 | FALSE | True if token has its own hardware clock |
| CKF_PROTECTED_AUTHENTICATION_PATH | 0x00000100 | FALSE | True if token has a “protected authentication path”, whereby a user can log into the token without passing a PIN through the Cryptoki library |
| CKF_DUAL_CRYPTO_OPERATIONS | 0x00000200 | FALSE | True if a single session with the token can perform dual cryptographic operations |
| CKF_TOKEN_INITIALIZED | 0x00000400 | TRUE | True if the token has been initialized using C_InitializeToken or an equivalent mechanism outside the scope of this standard. Calling C_InitializeToken when this flag is set will cause the token to be reinitialized. |
| CKF_USER_PIN_COUNT_LOW | 0x00010000 | TRUE/ FALSE | True if an incorrect user login PIN has been entered at least once since the last successful authentication. |
| CKF_USER_PIN_FINAL_TRY | 0x00020000 | TRUE/ FALSE | True if supplying an incorrect user PIN will it to become locked. |
| CKF_USER_PIN_LOCKED | 0x00040000 | TRUE/ FALSE | True if the user PIN has been locked. User login to the token is not possible. |
| CKF_USER_PIN_TO_BE_CHANGED | 0x00080000 | TRUE/ FALSE | True if the user PIN value is the default value set by token initialization or manufacturing, or the PIN has been expired by the card. |
| CKF_SO_PIN_COUNT_LOW | 0x00100000 | FALSE | True if an incorrect SO login PIN has been entered at least once since the last successful authentication. |
| CKF_SO_PIN_FINAL_TRY | 0x00200000 | FALSE | True if supplying an incorrect SO PIN will it to become locked. |
| CKF_SO_PIN_LOCKED | 0x00400000 | FALSE | True if the SO PIN has been locked. User login to the token is not possible. |
| CKF_SO_PIN_TO_BE_CHANGED | 0x00800000 | FALSE | True if the SO PIN value is the default value set by token initialization or manufacturing, or the PIN has been expired by the card. |
