CKM_DES3_DDD_CBC

Supported Operations

Encrypt and Decrypt

Yes

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes

Derive

No

Available in FIPS Mode

No

Key Size Range (bytes) and Parameters

Minimum 16
Maximum 24
Parameter 8 bytes

Description

CKM_DES3_DDD_CBC is a mechanism for single- and multiple-part encryption and decryption, key wrapping and key unwrapping, based on the DES block cipher and cipher-block chaining mode as defined in FIPS PUB 81.

The DES3-DDD cipher encrypts an 8 byte block by D(KL, D(KR, D(KL, data)))and decrypts with E(KL, E(KR, E(KL, cipher))); where Key = KL || KR, and E(KL, data) is a single DES encryption using key KL and D(KL, cipher)is a single DES decryption.

It has a parameter, an initialization vector for cipher block chaining mode.  The initialization vector has the same length as the block size, which is 8 bytes.

Constraints on key types and the length of data are summarized in the following table:

Table 1: DES3-DDD Block Cipher CBC: Key and Data Length

Function

Key Type

Input Length

Output Length

Comments

C_Encrypt CKK_DES2

Any

input length rounded up to multiple of block size

no final part

C_Decrypt CKK_DES2

Multiple of block size

same as input length

no final part

C_WrapKey CKK_DES2

Any

input length rounded up to multiple of block size

 

C_UnwrapKey CKK_DES2

Any

Determined by type of key being unwrapped or CKA_VALUE_LEN

 

For the encrypt and wrap operations, the mechanism performs zero-padding when the input data or wrapped key’s length is not a multiple of 8. That is, the value 0x00 is appended to the last block until its length is 8 (for example, plaintext 0x01 would be padded to become 0x010x000x000x000x000x000x000x00).

With the exception of the algorithm specified in this section, the use of this mechanism is identical to the use of other secret key mechanisms. Therefore, for further details on aspects not covered here (for example, access control, or error codes) refer to the PKCS#11 standard.

Return to SafeNet ProtectToolkit-C Mechanisms