1 2 3@c gnutls_pkcs11_obj_flags 4@table @code 5@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN 6Force login in the token for the operation (seek+store). 7@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED 8object marked as trusted (seek+store). 9@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE 10object is explicitly marked as sensitive -unexportable (store). 11@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO 12force login as a security officer in the token for the operation (seek+store). 13@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE 14marked as private -requires PIN to access (store). 15@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE 16marked as not private (store). 17@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY 18When retrieving an object, do not set any requirements (store). 19@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED 20When retrieving an object, only retrieve the marked as trusted (alias to @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ). 21In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given. 22@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-DISTRUSTED 23When writing an object, mark it as distrusted (store). 24@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED 25When retrieving an object, only retrieve the marked as distrusted (seek). 26@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE 27When checking an object's presence, fully compare it before returning any result (seek). 28@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE 29The object must be present in a marked as trusted module (seek). 30@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA 31Mark the object as a CA (seek+store). 32@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP 33Mark the generated key pair as wrapping and unwrapping keys (store). 34@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY 35When checking an object's presence, compare the key before returning any result (seek). 36@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT 37When an issuer is requested, override its extensions with the ones present in the trust module (seek). 38@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-ALWAYS_@-AUTH 39Mark the key pair as requiring authentication (pin entry) before every operation (seek+store). 40@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-EXTRACTABLE 41Mark the key pair as being extractable (store). 42@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NEVER_@-EXTRACTABLE 43If set, the object was never marked as extractable (store). 44@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-CRT 45When searching, restrict to certificates only (seek). 46@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-WITH_@-PRIVKEY 47-- undescribed -- 48@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PUBKEY 49When searching, restrict to public key objects only (seek). 50@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY 51When generating a keypair don't store the public key (store). 52@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRIVKEY 53When searching, restrict to private key objects only (seek). 54@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-SENSITIVE 55object marked as not sensitive -exportable (store). 56@end table 57