CKM_SECRET_RECOVER_WITH_ATTRIBUTES

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

No

Derive

Yes

FIPS-approved

Yes

Key Size Range (bytes) and Parameters

Minimum 0
FIPS Minimum 0
Maximum None
Parameter CK_SECRET_SHARE_PARAMS

Description

The Secret Recovery Mechanism denoted CKM_SECRET_RECOVER_WITH_ATTRIBUTES is a derive mechanism to create a new key object by combining two or more shares.

The mechanism has no parameter.

The C_DeriveKey parameter hBaseKey is the handle of one of the share objects. The mechanism will obtain the CKA_LABEL value from hBaseKey and then treat all data objects with the same label as shares.

A template is not required as all the attributes of the object are also recovered from the secret.

Usage Note

To avoid shares getting mixed up between different uses of this mechanism the developer should ensure that data objects with the same label are all from the same secret share batch.

For further information about secure key backup and restoration see the SafeNet ProtectToolkit-C Administration Manual.

Return to SafeNet ProtectToolkit-C Mechanisms