CKM_DES3_RETAIL_CFB_MAC
Supported Operations
Encrypt and Decrypt | No |
Sign and Verify | Yes |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
Available in FIPS Mode | Yes |
Restrictions in FIPS Mode | No MAC generation |
Key Size Range (bytes) and Parameters
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 24 |
Parameter | 8 bytes (IV) |
Description
This is a signature generation and verification mechanism. The produced MAC is 8 bytes in length. It is an extension of the single length key MAC mechanisms. It takes an 8 byte IV as a parameter, which is encrypted (ECB mode) with the left most key value before the first data block is MAC'ed.
The data, which must be a multiple of 8 bytes, is MAC’ed with the left most key value in the normal manner, but the final cipher block is then decrypted (ECB mode) with the middle key value and encrypted (ECB mode) with the Right most key part.
For double length DES keys, the Right key component is the same as the Left key component.
Return to ProtectToolkit-C Mechanisms