CKM_WRAPKEYBLOB_DES3_CBC

Supported Operations

Encrypt and Decrypt No
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap Yes
Derive No
Available in FIPS Mode Yes
Restrictions in FIPS Mode No Wrapping

Key Size Range and Parameters

Minimum 0
FIPS Minimum 0
Maximum None
Parameter None

Description

The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.

http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx

The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:

Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32
Bit Length (32 bit LE)
PubExp (32 bit LE)
Modulus (BitLength/8 bytes long LE)
P (BitLength/8 bytes long LE)
Q (BitLength/8 bytes long LE)
Dp (BitLength/8 bytes long LE)
Dq (BitLength/8 bytes long LE)
Iq (BitLength/8 bytes long LE)
D (BitLength/8 bytes long LE)

Return to ProtectToolkit-C Mechanisms