Wrapping AES Key
To wrap AES key
The ExportAESWrappedKey exports key bytes of an AES key in wrapped form. You can also wrap specific version or all versions of a versioned key using AES Key wrapping. WrappedKeyBytes of all the versions are filled in the object ppWrappedKeyBytes variable with the number of versions wrapped in numVersion.
Note
In case of wrapping all versions of a versioned key, mak is the last element of the wrapped key bytes array.
New API "I_C_ExportAESWrappedKey" is added.
Example
I_T_RETURN FUNCEXP I_C_ExportAESWrappedKey(I_O_Session handle, const I_T_CHAR * keyName, I_T_UINT KeyVersion, unsigned int * numVersion, const I_T_BYTE* wrapKey, const I_T_AESKeyWrapFormataesWrapFormat, I_T_BYTE *** ppWrappedKeyBytes, unsigned int ** pWrappedKeyBytesLen)
The table below lists the supported wrap format and key types combination:
| Wrap Format | Supported Key Types |
|---|---|
| I_T_ExportAESKeyWrapFormat_NONE | AES, RSA, EC |
| I_T_ExportAESKeyWrapFormat_PEM_PKCS1 | RSA, EC |
| I_T_ExportAESKeyWrapFormat_PEM_PKCS8 | EC |
In the table above, KEK (wrapping key) should be AES and DEK (key to be wrapped) should be AES, RSA, or EC. If DEK is RSA or EC, KEK should be AES of size 256.
Note
ECC default format is sec1, and RSA default format is PKCS#1.
For more details, refer to the CADP for C CAPI API Guide.
