CKM_SECRET_RECOVER_WITH_ATTRIBUTES

Supported Operations

Encrypt and Decrypt No
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap No
Derive Yes
Available in FIPS Mode Yes
Restrictions in FIPS Mode None

Key Size Range and Parameters

Minimum 0
FIPS Minimum None
Maximum None
Parameter CK_SECRET_SHARE_PARAMS

Description

The Secret Recovery Mechanism denoted CKM_SECRET_RECOVER_WITH_ATTRIBUTES is a derive mechanism to create a new key object by combining two or more shares.

The mechanism has no parameter.

The C_DeriveKey parameter hBaseKey is the handle of one of the share objects. The mechanism will obtain the CKA_LABEL value from hBaseKey and then treat all data objects with the same label as shares.

A template is not required as all the attributes of the object are also recovered from the secret.

Usage Note

To avoid shares getting mixed up between different uses of this mechanism the developer should ensure that data objects with the same label are all from the same secret share batch.

For further information about secure key backup and restoration see Secure Key Backup and Restoration.

Return to ProtectToolkit-C Mechanisms