CKM_DES3_RETAIL_CFB_MAC

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

Yes

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

No

Derive

No

FIPS-approved

Yes

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 24
Parameter 8 bytes (IV)

Description

This is a signature generation and verification mechanism. The produced MAC is 8 bytes in length. It is an extension of the single length key MAC mechanisms.  It takes an 8 byte IV as a parameter, which is encrypted (ECB mode) with the left most key value before the first data block is MAC'ed.

The data, which must be a multiple of 8 bytes, is MAC’ed with the left most key value in the normal manner, but the final cipher block is then decrypted (ECB mode) with the middle key value and encrypted (ECB mode) with the Right most key part.

For double length DES keys, the Right key component is the same as the Left key component.

Return to SafeNet ProtectToolkit-C Mechanisms


Customer Support Portal

SafeNet ProtectToolkit 5.5 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.