CKM_SECRET_SHARE_WITH_ATTRIBUTES

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

No

Derive

Yes

Available in FIPS Mode

Yes

Restrictions in FIPS Mode None

Key Size Range (bytes) and Parameters

Minimum 0
FIPS Minimum 0
Maximum None
Parameter None

Description

The Secret Share Mechanism denoted CKM_SECRET_SHARE_WITH_ATTRIBUTES is a derive mechanism to create M shares of a key such that N shares are required to recover the secret, where N is less than or equal to M.

The mechanism creates a secret value by combining all the attributes of the base key and then shares that secret into M shares.

The algorithm used is according to A. Shamir - How to Share a Secret, Communications of the ACM vol. 22, no. 11, November 1979, pp. 612-613

It has a parameter, a CK_SECRET_SHARE_PARAMS, which specifies the number of shares M and the recovery threshold N. See below for the definition.

The mechanism will create M data objects and return the object handle of one of them. It is expected that the data objects would be copied to a smart card token for storage.

The template supplied is used to specify the CKA_LABEL attribute of each new data object. If the CKA_LABEL attribute is not provided in the template then a CKR_TEMPLATE_INCOMPLETE error is returned.

The mechanism contributes the CKA_VALUE attribute of each data object. Any attempt to specify a CKA_VALUE attribute in the template will cause the mechanism to return the error: CKR_TEMPLATE_INCONSISTENT.

The default value of the CKA_TOKEN, CKA_PRIVATE attribute of the new objects is false. The new data objects will have a CKA_SENSITIVE attribute. If the CKA_SENSITIVE attribute of the base key is true then the data objects is sensitive. If the base key is not sensitive then the data objects take the value of CKA_SENSITIVE from the template or it is defaulted to false.

Usage Note

To avoid shares getting mixed up between different uses of this mechanism the developer should ensure that there are no data objects with the same label already on the token before attempting to use this mechanism. If objects are found then these objects should be deleted or a different label chosen.

Security Note

The key to be exported with this mechanism requires the CKA_DERIVE attribute to be true. This has the effect of enabling other key derive mechanisms to be performed with the key. If this is not desired then the CKA_MECHANISM_LIST attribute may be used with the key to restrict its derive operations to this mechanism.

For further information about secure key backup and restoration see the SafeNet ProtectToolkit-C Administration Manual.

Secret Share Mechanism Parameter

CK_SECRET_SHARE_PARAMS is used to specify the number of shares M and the recovery threshold N for secret sharing mechanisms. It is defined as follows:

typedef struct CK_SECRET_SHARE_PARAMS {
CK_ULONG n;
CK_ULONG m;} CK_SECRET_SHARE_PARAMS;

The fields of the structure have the following meanings:

>N=Number of shares required to recover the secret. Must be at least 2 and not greater than the number of shares

>M=Total number of shares. Must be at least 2 and not greater than 64.

CK_SECRET_SHARE_PARAMS_PTR is a pointer to a CK_SECRET_SHARE_PARAMS.

Return to SafeNet ProtectToolkit-C Mechanisms