This example demonstrate how to perform encryption / decryption with a key stored on a token.
For Thales nShield Connect HSM tokens in strict FIPS mode calls to C_GenerateKey() requires both CKA_SENSTIVE and CKA_PRIVATE to be set to CK_TRUE.