CKM_PP_LOAD_SECRET

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

Yes

Wrap and Unwrap

No

Derive

No

FIPS-approved

Yes

Key Size Range (bytes) and Parameters

Minimum 1
FIPS Minimum 1
Maximum None
Parameter CK_PP_LOAD_SECRET_PARAMS

Description

This is a key generate mechanism to provide the capability to load a clear key component from a directly attached pin pad device.

It has a parameter, a CK_PP_LOAD_SECRET_PARAMS, which holds the operational details for the mechanism.

struct CK_PP_LOAD_SECRET_PARAMS 
{ 
/** Entered characters should be masked with '*' or similar to hide the
* value being entered. An error is returned if this is TRUE * and the device does not support this feature. */
CK_BBOOL bMaskInput;
  /** Entered characters should be converted from the ASCII representation * to binary before being stored, according to the conversion type * supplied. If the device does not support the specified type of input * (e.g. hex input on a decimal keyboard), an error is returned. * The octal and decimal representations will expect 3 digits per byte, * whereas the hexadecimal representations will expect 2 digits per byte. * An error is returned if the data contains invalid encoding (such * as 351 for decimal conversion).   */
CK_PP_CONVERT_TYPE cConvert;
/** The time to wait for operator response - in seconds. An error is * returned if the operation does not complete in the specified time. * This field may be ignored if the device does not support a configurable * timeout. */
CK_CHAR cTimeout;
  /** Reserved for future extensions. Must be set to zero. */ CK_CHAR reserved; /** The prompt to be displayed on the device. If the prompt cannot fit on * the device display, the output is clipped. If the device does not * have any display, the operation will continue without any prompt, or * error.
*
* The following special characters are recognized on the display:
* - Newline (0x0a): Continue the display on the next line.
*/
  CK_CHAR_PTR prompt;
};

The template supplied with the call to the C_GenerateKey function determines the type of object generated by the operation. CKA_CLASS may be CKO_SECRETKEY only, and the only key type supported is CKK_GENERIC_SECRET. (This restriction applies because only key components are to be entered by this mechanism).

The normal rules for template consistencies apply. In particular the CKA_ALWAYS_SENSITIVE must be set FALSE and the CKA_NEVER_EXTRACTABLE must be FALSE.

The expected size of the object value created by this operation is supplied in the CKA_VALUE_LEN parameter in the template.

Return to SafeNet ProtectToolkit-C Mechanisms