CKM_WRAPKEY_DES3_CBC

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes (unwraps existing data only; cannot wrap new data)

Derive

No

FIPS-approved

Yes

Key Size Range (bytes) and Parameters

Minimum 0
FIPS Minimum 0
Maximum 0
Parameter None

Description

The CKM_WRAPKEY_DES3_CBC and CKM_WRAPKEY_DES3_ECB mechanisms are used to wrap a key value plus all of its attributes so that the entire key can be reconstructed without a template at the destination. The key value is encoded and encrypted using CKM_DES3_CBC_PAD and then combined with all other object attributes. The result are then MACed.  The wrapping key is supplied as normal to the C_Wrap and C_Unwrap Cryptoki functions.

The C_Unwrap operation will fail with CKR_SIGNATURE_INVALID if any of the key’s attributes have been tampered with while the key was in transit.

Encoding Format

The encoding is a proprietary encoding where fields are identified by their position (no tags). All fields are preceded by an encoding of the length of the content. The length may be zero indicating an empty field but must always be present. Where the length is zero the content is not present (zero bytes). Where the length is non zero the content has the number of bytes equal to the value of the encoded length. The length is encoded as a 32-bit big-endian binary value and can thus take values from 0 to (232 -1) i.e. around 4 gigabytes.

Definitions

wK

This is the wrapping key under which the subject key is to be wrapped. This key must be valid for the operation Ex.

mK

This is a randomly generated MAC key using CKM_DES2_KEY_GEN. This key is used with Mx.

cK

This is clear encoding of the subject key. For single part symmetric keys, this is just the key value. For compound (e.g., RSA) keys, it is a BER encoding as per PKCS#1.

a

This is the encoded non-sensitive subject key attributes. The attributes are encoded with an attribute header, which is the number of attributes (4 byte), followed by a list of sub encodings which contain the attribute type (4 byte), content length (4 byte), a content presence indicator (1 byte), and the content bytes. The presence indicator allows the content length value to be non-zero, but, where presence indicator = 0, no content bytes are included. If the presence indicator is 1 then the content length must be the number of bytes indicated by the content length field. All numeric values are encoded as big-endian. Note that the sensitive attributes are contained in cK.

E x

This is encryption using CKM_DES3_(ECB/CBC)_PAD with key 'x'.

M x

This is MAC generation using CKM_DES3_MAC_GENERAL (8 byte MAC result) with key 'x'.

A wrapped key using CKM_WRAPKEY_DES3_ECB or CKM_WRAPKEY_DES3_CBC is made up of the following fields:

>ecK the encrypted key value, ecK = EwK(cK).

>a the encoded non-sensitive subject key attributes.

>m a MAC of the key value and attributes, m = MmK(cK + a).

>emK the encrypted MAC key value, emK = EwK(mK).

These fields are then encoded as described above.

E.g. Using CKM_WRAPKEY_DES3_CBC on a Single length DES key, with a Triple DES Wrapping key, produces the encoding:

|length | ecK – encrypted key value
00000010 2B847CF929FA2148A0A59BB6D44BBD74 
|length | a – encoded non-sensitive attributes 
00000120 
00000019000000010000000101010000000200000001010000000003000000 
05017465737400000001060000000101008000012800000001010000000107 
00000001010100000162000000010101800001290000000101010000017000 
00000101010000010400000001010100000105000000010101000001080000 
000101010000010A0000000101010000010300000001010000000163000000 
01010100000000000000040100000004000001000000000401000000130000 
01610000000401000000088000010200000010013230303131313031313234 
35303330300000010C00000001010000000102000000000000000110000000 
00000000011100000000000000016500000001010000000164000000010100 
000000000000000000 
|length | m – MAC of key value and attributes
00000008 6256751248BFA515 
|length | emK – encrypted MAC key value
00000018 2B847CF929FA214837ACF80D3AA9D1470082249D71E053DA 

Return to SafeNet ProtectToolkit-C Mechanisms