CKM_WRAPKEYBLOB_AES_CBC

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes

Derive

No

Available in FIPS Mode

Yes

Restrictions in FIPS Mode No Wrapping

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter None

Description

The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.

http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx

The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:

Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32

Bit Length (32 bit LE)

PubExp (32 bit LE)

Modulus (BitLength/8 bytes long LE)

P (BitLength/8 bytes long LE)

Q (BitLength/8 bytes long LE)

Dp (BitLength/8 bytes long LE)

Dq (BitLength/8 bytes long LE)

Iq (BitLength/8 bytes long LE)

D (BitLength/8 bytes long LE)

Return to SafeNet ProtectToolkit-C Mechanisms