CKM_WRAPKEYBLOB_AES_CBC

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes (unwraps existing data only; cannot wrap new data)

Derive

No

FIPS-approved

Yes

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter None

Description

The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.

http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx

The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:

Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32

Bit Length (32 bit LE)

PubExp (32 bit LE)

Modulus (BitLength/8 bytes long LE)

P (BitLength/8 bytes long LE)

Q (BitLength/8 bytes long LE)

Dp (BitLength/8 bytes long LE)

Dq (BitLength/8 bytes long LE)

Iq (BitLength/8 bytes long LE)

D (BitLength/8 bytes long LE)

Return to SafeNet ProtectToolkit-C Mechanisms


Customer Support Portal

SafeNet ProtectToolkit 5.5 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.