|
Home > |
|---|
|
Encrypt and Decrypt |
No |
|
Sign and Verify |
No |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
No |
|
Wrap and Unwrap |
No |
|
Derive |
Yes |
|
FIPS-approved |
Yes |
| Minimum | 0 |
| FIPS Minimum | 0 |
| Maximum | 0 |
| Parameter | None |
This mechanism is used with the C_DeriveKey function to create a PKCS#10 certification request from a public key. Either an RSA or DSA public key may be used with this function. The PKCS#10 certificate request could then be sent to a Certificate authority for signing.
A certification request consists of a distinguished name, a public key and optionally a set of attributes that are collectively signed by the entity requesting certification. Certification requests are sent to a certification authority, which will transform the request to an X.509 public-key certificate.
•Use CKM_RSA_PKCS_KEY_PAIR_GEN to generate a key.
•Add a CKA_SUBJECT attribute to the public key, containing the subject's distinguished name.
•Initialize the signature mechanism to sign the request. Note that a digest/sign mechanism must be chosen. For example, CKM_SHA1_RSA_PKCS
•Call C_DeriveKey with the CKM_ENCODE_PKCS_10 mechanism to perform the generation.
•On success, an object handle for the certificate request is returned.
•The object's CKA_VALUE attribute contains the PKCS#10 request.
Return to SafeNet ProtectToolkit-C Mechanisms