CKM_WRAPKEY_AES_CBC

Supported Operations

Encrypt and Decrypt No
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap Yes
Derive No
Available in FIPS Mode Yes
Restrictions in FIPS Mode No Wrapping

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter None

Description

The CKM_WRAPKEY_AES_CBC mechanism is used to wrap a key value plus all of its attributes so that the entire key can be reconstructed without a template at the destination.

This mechanism is the same as the CKM_WRAPKEY_DES3_CBC mechanism but uses only NIST approved cryptographic algorithms and key sizes.

The following fields in the encoding are computed differently to those in CKM_WRAPKEY_DES3_CBC mechanism.

mK This is a randomly generated 256-bit MAC key using CKM_GENERIC_SECRET_KEY_GEN. This key is used with Mx.
E x This is encryption using CKM_AES_CBC_PAD with key 'x'.
M x This is MAC generation using CKM_SHA512_HMAC_GENERAL (16 byte MAC result) with key 'x'.

Return to ProtectToolkit-C Mechanisms