CKM_AES_GCM
Supported Operations
Encrypt and Decrypt |
Yes |
Sign and Verify |
No |
SignRecover and VerifyRecover |
No |
Digest |
No |
Generate Key/Key-Pair |
No |
Wrap and Unwrap |
No |
Derive |
No |
Available in FIPS Mode |
Yes |
Restrictions in FIPS Mode | None |
Key Size Range (bytes) and Parameters
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter | CK_GCM_PARAMS
|
Description
For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.
AES GCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls may be used in applications:
C_EncryptInit(...)
C_Encrypt(...)
...
C_DecryptInit(...)
C_Decrypt(...)
PTK's implementation of AES GCM assumes the following limitations:
>IV maximum length is 128 octets (max value from NIST test vectors),
>AAD maximum length is 90 octets(max value from NIST test vectors),
>message maximum length is 126K (129024) octets.
Return to SafeNet ProtectToolkit-C Mechanisms