internal token it's the key database). If you don't specify isPerm, the keys go way forever once you free them (you would use this in cases where you need an ephemeral key for some reason).
isSensitive: the key can not be read out of the token unless wrapped by another key. This is the default for Perm keys in the database token. Internally uses this when generating keys on behalf of a smart card that does not know how to generate keys. A key is generated isPerm= PR_FALSE and isSensitive = PR_FALSE and extracted then stored in the smart card. NSS then promptly forgets the key, so that now the only instance of the key is in the smart card (and usually not extractable at all from there). bob Patrick wrote: > In the PK11 function: > > SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot, > CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk, > PRBool isPerm, PRBool isSensitive, void *wincx) > > what do the isPerm and isSentivive flags signify exactly? > > -- POC > >
