CKM_SECRET_RECOVER_WITH_ATTRIBUTES
Supported Operations
Encrypt and Decrypt | No |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | Yes |
Available in FIPS Mode | Yes |
Restrictions in FIPS Mode | None |
Key Size Range and Parameters
Minimum | 0 |
FIPS Minimum | None |
Maximum | None |
Parameter | CK_SECRET_SHARE_PARAMS
|
Description
The Secret Recovery Mechanism denoted CKM_SECRET_RECOVER_WITH_ATTRIBUTES
is a derive mechanism to create a new key object by combining two or more shares.
The mechanism has no parameter.
The C_DeriveKey parameter hBaseKey is the handle of one of the share objects. The mechanism will obtain the CKA_LABEL value from hBaseKey and then treat all data objects with the same label as shares.
A template is not required as all the attributes of the object are also recovered from the secret.
Usage Note
To avoid shares getting mixed up between different uses of this mechanism the developer should ensure that data objects with the same label are all from the same secret share batch.
For further information about secure key backup and restoration see Secure Key Backup and Restoration.
Return to ProtectToolkit-C Mechanisms