CKM_PP_LOAD_SECRET
Supported Operations
|
Encrypt and Decrypt |
No |
|
Sign and Verify |
No |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
Yes |
|
Wrap and Unwrap |
No |
|
Derive |
No |
|
FIPS-approved |
Yes |
Key Size Range (bytes) and Parameters
| Minimum | 1 |
| FIPS Minimum | 1 |
| Maximum | None |
| Parameter | CK_PP_LOAD_SECRET_PARAMS
|
Description
This is a key generate mechanism to provide the capability to load a clear key component from a directly attached pin pad device.
It has a parameter, a CK_PP_LOAD_SECRET_PARAMS, which holds the operational details for the mechanism.
struct CK_PP_LOAD_SECRET_PARAMS
{
/** Entered characters should be masked with '*' or similar to hide the
* value being entered. An error is returned if this is TRUE
* and the device does not support this feature. */
CK_BBOOL bMaskInput;
/** Entered characters should be converted from the ASCII representation
* to binary before being stored, according to the conversion type
* supplied. If the device does not support the specified type of input
* (e.g. hex input on a decimal keyboard), an error is returned.
* The octal and decimal representations will expect 3 digits per byte,
* whereas the hexadecimal representations will expect 2 digits per byte.
* An error is returned if the data contains invalid encoding (such
* as 351 for decimal conversion).
*/
CK_PP_CONVERT_TYPE cConvert;
/** The time to wait for operator response - in seconds. An error is
* returned if the operation does not complete in the specified time.
* This field may be ignored if the device does not support a configurable
* timeout. */
CK_CHAR cTimeout;
/** Reserved for future extensions. Must be set to zero. */
CK_CHAR reserved;
/** The prompt to be displayed on the device. If the prompt cannot fit on
* the device display, the output is clipped. If the device does not
* have any display, the operation will continue without any prompt, or
* error.
*
* The following special characters are recognized on the display:
* - Newline (0x0a): Continue the display on the next line.
*/
CK_CHAR_PTR prompt;
};
The template supplied with the call to the C_GenerateKey function determines the type of object generated by the operation. CKA_CLASS may be CKO_SECRETKEY only, and the only key type supported is CKK_GENERIC_SECRET. (This restriction applies because only key components are to be entered by this mechanism).
The normal rules for template consistencies apply. In particular the CKA_ALWAYS_SENSITIVE must be set FALSE and the CKA_NEVER_EXTRACTABLE must be FALSE.
The expected size of the object value created by this operation is supplied in the CKA_VALUE_LEN parameter in the template.
Return to SafeNet ProtectToolkit-C Mechanisms
