CKM_WRAPKEY_AES_CBC

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes

Derive

No

Available in FIPS Mode

Yes

Restrictions in FIPS Mode No Wrapping

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter None

Description

The CKM_WRAPKEY_AES_CBC mechanism is used to wrap a key value plus all of its attributes so that the entire key can be reconstructed without a template at the destination.

This mechanism is the same as the CKM_WRAPKEY_DES3_CBC mechanism described above but uses only NIST approved cryptographic algorithms and key sizes.

The following fields in the encoding are computed differently to those in CKM_WRAPKEY_DES3_CBC mechanism described above.

mK

This is a randomly generated 256-bit MAC key using CKM_GENERIC_SECRET_KEY_GEN. This key is used with Mx.

E x

This is encryption using CKM_AES_CBC_PAD with key 'x'.

M x

This is MAC generation using CKM_SHA512_HMAC_GENERAL (16 byte MAC result) with key 'x'.

Return to SafeNet ProtectToolkit-C Mechanisms