Please Note:

Wrapping AES Key

To wrap AES key

The ExportAESWrappedKey exports key bytes of an AES key in wrapped form. You can also wrap specific version or all versions of a versioned key using AES Key wrapping. WrappedKeyBytes of all the versions are filled in the object ppWrappedKeyBytes variable with the number of versions wrapped in numVersion.

Note

In case of wrapping all versions of a versioned key, mak is the last element of the wrapped key bytes array.

New API "I_C_ExportAESWrappedKey" is added.

Example

I_T_RETURN FUNCEXP I_C_ExportAESWrappedKey(I_O_Session handle, const I_T_CHAR * keyName, I_T_UINT KeyVersion, unsigned int * numVersion, const I_T_BYTE* wrapKey, const I_T_AESKeyWrapFormataesWrapFormat, I_T_BYTE *** ppWrappedKeyBytes, unsigned int ** pWrappedKeyBytesLen)

The table below lists the supported wrap format and key types combination:

Wrap Format	Supported Key Types
I_T_ExportAESKeyWrapFormat_NONE	AES, RSA, EC
I_T_ExportAESKeyWrapFormat_PEM_PKCS1	RSA, EC
I_T_ExportAESKeyWrapFormat_PEM_PKCS8	EC

In the table above, KEK (wrapping key) should be AES and DEK (key to be wrapped) should be AES, RSA, or EC. If DEK is RSA or EC, KEK should be AES of size 256.

Note

ECC default format is sec1, and RSA default format is PKCS#1.

For more details, refer to the CADP for C CAPI API Guide.

Wrapping AES Key

To wrap AES key

Example

On this page

Suggest A Change