CKM_DES3_DDD_CBC
Supported Operations
Encrypt and Decrypt | Yes |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | Yes |
Derive | No |
Available in FIPS Mode | No |
Key Size Range (bytes) and Parameters
Minimum | 16 |
Maximum | 24 |
Parameter | 8 bytes |
Description
CKM_DES3_DDD_CBC
is a mechanism for single- and multiple-part encryption and decryption, key wrapping and key unwrapping, based on the DES block cipher and cipher-block chaining mode as defined in FIPS PUB 81.
The DES3-DDD cipher encrypts an 8 byte block by D(KL, D(KR, D(KL, data)))
and decrypts with E(KL, E(KR, E(KL, cipher)))
; where Key = KL || KR
, and E(KL, data)
is a single DES encryption using key KL
and D(KL, cipher)
is a single DES decryption.
It has a parameter, an initialization vector for cipher block chaining mode. The initialization vector has the same length as the block size, which is 8 bytes.
Constraints on key types and the length of data are summarized in the following table:
Function | Key Type | Input Length | Output Length | Comments |
---|---|---|---|---|
C_Encrypt | CKK_DES2
|
Any | input length rounded up to multiple of block size | no final part |
C_Decrypt | CKK_DES2
|
Multiple of block size | same as input length | no final part |
C_WrapKey | CKK_DES2
|
Any | input length rounded up to multiple of block size | |
C_UnwrapKey | CKK_DES2
|
Any | Determined by type of key being unwrapped or CKA_VALUE_LEN |
For the encrypt and wrap operations, the mechanism performs zero-padding when the input data or wrapped key’s length is not a multiple of 8. That is, the value 0x00
is appended to the last block until its length is 8 (for example, plaintext 0x01
would be padded to become 0x010x000x000x000x000x000x000x00
).
With the exception of the algorithm specified in this section, the use of this mechanism is identical to the use of other secret key mechanisms. Therefore, for further details on aspects not covered here (for example, access control, or error codes) refer to the PKCS#11 standard.
Return to SafeNet ProtectToolkit-C Mechanisms