Critical There are two classes for handling objects in SoftHSM.
There is one called P11Attribute. It and the sub classes handles all of the attributes in PKCS#11. Each class validates any changes according to the standard. All depending on the type of operation and authorization.
The attributes are then gathered into an object using the P11Objects. The sub classes handles the various objects types. E.g. an RSA private key object is created by creating the P11PrivateKeyObj. The default attributes are created when that class invokes it parent. You thus get some attributes from P11Object, P11KeyObj, and P11PrivateKeyObj.
The C_GenerateKeyPair will generate the key pair and save in the backend by calling saveGeneratedKey on the P11Object.
The question is, how do we encrypt the attributes which are sensitive/restricted?
We should also somehow get a reference to object that we can pass to the user. The phKey in SoftHSM::saveGeneratedRSA.
The SoftHSM::saveGeneratedRSA should also be overloaded with an "RSAPublicKey* rsa" counter part.