CKM_PP_LOAD_SECRET
Supported Operations
Encrypt and Decrypt |
No |
Sign and Verify |
No |
SignRecover and VerifyRecover |
No |
Digest |
No |
Generate Key/Key-Pair |
Yes |
Wrap and Unwrap |
No |
Derive |
No |
FIPS-approved |
Yes |
Key Size Range (bytes) and Parameters
Minimum | 1 |
FIPS Minimum | 1 |
Maximum | None |
Parameter | CK_PP_LOAD_SECRET_PARAMS
|
Description
This is a key generate mechanism to provide the capability to load a clear key component from a directly attached pin pad device.
It has a parameter, a CK_PP_LOAD_SECRET_PARAMS, which holds the operational details for the mechanism.
struct CK_PP_LOAD_SECRET_PARAMS {
/** Entered characters should be masked with '*' or similar to hide the
* value being entered. An error is returned if this is TRUE * and the device does not support this feature. */
CK_BBOOL bMaskInput;
/** Entered characters should be converted from the ASCII representation * to binary before being stored, according to the conversion type * supplied. If the device does not support the specified type of input * (e.g. hex input on a decimal keyboard), an error is returned. * The octal and decimal representations will expect 3 digits per byte, * whereas the hexadecimal representations will expect 2 digits per byte. * An error is returned if the data contains invalid encoding (such * as 351 for decimal conversion). */
CK_PP_CONVERT_TYPE cConvert;
/** The time to wait for operator response - in seconds. An error is * returned if the operation does not complete in the specified time. * This field may be ignored if the device does not support a configurable * timeout. */
CK_CHAR cTimeout;
/** Reserved for future extensions. Must be set to zero. */ CK_CHAR reserved; /** The prompt to be displayed on the device. If the prompt cannot fit on * the device display, the output is clipped. If the device does not * have any display, the operation will continue without any prompt, or * error.
*
* The following special characters are recognized on the display:
* - Newline (0x0a): Continue the display on the next line.
*/
CK_CHAR_PTR prompt;
};
The template supplied with the call to the C_GenerateKey function determines the type of object generated by the operation. CKA_CLASS may be CKO_SECRETKEY only, and the only key type supported is CKK_GENERIC_SECRET. (This restriction applies because only key components are to be entered by this mechanism).
The normal rules for template consistencies apply. In particular the CKA_ALWAYS_SENSITIVE
must be set FALSE
and the CKA_NEVER_EXTRACTABLE
must be FALSE
.
The expected size of the object value created by this operation is supplied in the CKA_VALUE_LEN parameter in the template.
Return to SafeNet ProtectToolkit-C Mechanisms