CKM_WRAPKEY_AES_CBC
Supported Operations
|
Encrypt and Decrypt |
No |
|
Sign and Verify |
No |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
No |
|
Wrap and Unwrap |
Yes (unwraps existing data only; cannot wrap new data) |
|
Derive |
No |
|
FIPS-approved |
Yes |
Key Size Range (bytes) and Parameters
| Minimum | 16 |
| FIPS Minimum | 16 |
| Maximum | 32 |
| Parameter | None |
Description
The CKM_WRAPKEY_AES_CBC mechanism is used to wrap a key value plus all of its attributes so that the entire key can be reconstructed without a template at the destination.
This mechanism is the same as the CKM_WRAPKEY_DES3_CBC mechanism described above but uses only NIST approved cryptographic algorithms and key sizes.
The following fields in the encoding are computed differently to those in CKM_WRAPKEY_DES3_CBC mechanism described above.
| mK |
This is a randomly generated 256-bit MAC key using CKM_GENERIC_SECRET_KEY_GEN. This key is used with Mx. |
| E x |
This is encryption using CKM_AES_CBC_PAD with key 'x'. |
| M x |
This is MAC generation using CKM_SHA512_HMAC_GENERAL (16 byte MAC result) with key 'x'. |
Return to SafeNet ProtectToolkit-C Mechanisms
