CKM_WRAPKEYBLOB_AES_CBC
Supported Operations
Encrypt and Decrypt |
No |
Sign and Verify |
No |
SignRecover and VerifyRecover |
No |
Digest |
No |
Generate Key/Key-Pair |
No |
Wrap and Unwrap |
Yes (unwraps existing data only; cannot wrap new data) |
Derive |
No |
FIPS-approved |
Yes |
Key Size Range (bytes) and Parameters
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter | None |
Description
The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.
http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx
The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:
Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32 |
Bit Length (32 bit LE) |
PubExp (32 bit LE) |
Modulus (BitLength/8 bytes long LE) |
P (BitLength/8 bytes long LE) |
Q (BitLength/8 bytes long LE) |
Dp (BitLength/8 bytes long LE) |
Dq (BitLength/8 bytes long LE) |
Iq (BitLength/8 bytes long LE) |
D (BitLength/8 bytes long LE) |
Return to SafeNet ProtectToolkit-C Mechanisms