Setting Privilege Level

CT_SetPrivilege allows elevation of privilege level to circumvent built-in security mechanisms on PKCS#11 objects. Elevated privilege level allows override of sensitive attribute and key usage.

Two possible settings are available as follows:



The CT_SetPrivilege command is only available to FMs – it cannot be called from outside the HSM.



void CK_ENTRY CT_SetPrivilegeLevel( int level );


This function is a Luna extension to PKCS#11. It can be used to set the privilege level of the caller to the specified value, if the caller has access to the function.

The function cannot be called from outside the HSM (only from inside an HSM).

Use the CT_SetPrivilegeLevel function to set elevated privilege for a short time during the processing of a message. When the privileged access is complete call the CT_SetPrivilegeLevel function to set the privilege back to normal.

In the environment of a FM, the privilege is automatically returned to normal when the current message is complete. I.e. when the FM dispatch function returns.

The HSM destructive policy HSM_CONFIG_ALLOW_DISABLING_FM_PRIVILEGE_LEVEL may be set to disable the use of the CL_SetPrivilegeLevel().

PRIVILEGE_OVERRIDE mode allows the FM to do the following:

>Read Sensitive attributes

>Perform Cryptographic Initialization calls that contradict the usage attributes. That is, you can call C_EncryptInit with an object that has CKA_ENCRYPT set to FALSE.

>Use C_CreateObject() to create secret keys and private keys (CKO_SECRET_KEY and CKO_PRIVATE_KEY).

>Use C_SetAttributeValue() to change an attribute of an object when CKA_MODIFIABLE=false. Applies only to attributes that could be changed when the CKA_MODIFIABLE is true.

>Create objects as a Crypto Officer while only logged on as a Crypto User role.


level - desired privilege.