Handles
A handle is a 44-byte identifier for a token or an object. The format of the handle is as follows:
| Name of token or object | Sequence number | ID |
|---|---|---|
| 32 bytes | 8 bytes | 4 bytes |
The token name in the first 32 bytes of the handle is provided by the PKCS #11 application when the token or object is created. The first character of the name must be alphabetic or a national character (#, $, or @). Each of the remaining characters can be alphanumeric, a national character (#, $, or @), or a period( . )
The sequence number is a hexadecimal number stored as the EBCDIC representation of 8 hexadecimal numbers. The sequence number field in a token is EBCDIC blanks. The token record contains a last-used sequence number field, which is incremented each time an object associated with the token is created. This sequence number value is placed in the handle of the newly-created object.
- E
- The handle belongs to a regional cryptographic server secure session object.
- F
- The handle belongs to a regional cryptographic server secure token object.
- G
- The handle belongs to a regional cryptographic server secure state object.
- S
- The handle belongs to a clear session object.
- T
- The handle belongs to a clear token object.
- U
- The handle belongs to a clear state object.
- X
- The handle belongs to an Enterprise PKCS #11 secure session object.
- Y
- The handle belongs to an Enterprise PKCS #11 secure token object.
- Z
- The handle belongs to an Enterprise PKCS #11 secure state object.
If the first character is blank, the handle belongs to a token.
The last three characters must be EBCDIC blanks.