CKM_WRAPKEY_AES_CBC

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes (unwraps existing data only; cannot wrap new data)

Derive

No

FIPS-approved

Yes

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter None

Description

The CKM_WRAPKEY_AES_CBC mechanism is used to wrap a key value plus all of its attributes so that the entire key can be reconstructed without a template at the destination.

This mechanism is the same as the CKM_WRAPKEY_DES3_CBC mechanism described above but uses only NIST approved cryptographic algorithms and key sizes.

The following fields in the encoding are computed differently to those in CKM_WRAPKEY_DES3_CBC mechanism described above.

mK

This is a randomly generated 256-bit MAC key using CKM_GENERIC_SECRET_KEY_GEN. This key is used with Mx.

E x

This is encryption using CKM_AES_CBC_PAD with key 'x'.

M x

This is MAC generation using CKM_SHA512_HMAC_GENERAL (16 byte MAC result) with key 'x'.

Return to SafeNet ProtectToolkit-C Mechanisms