CKM_WRAPKEYBLOB_AES_CBC
Supported Operations
Encrypt and Decrypt | No |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | Yes |
Derive | No |
Available in FIPS Mode | Yes |
Restrictions in FIPS Mode | No Wrapping |
Key Size Range (bytes) and Parameters
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter | None |
Description
The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.
http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx
The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:
Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32 |
Bit Length (32 bit LE) |
PubExp (32 bit LE) |
Modulus (BitLength/8 bytes long LE) |
P (BitLength/8 bytes long LE) |
Q (BitLength/8 bytes long LE) |
Dp (BitLength/8 bytes long LE) |
Dq (BitLength/8 bytes long LE) |
Iq (BitLength/8 bytes long LE) |
D (BitLength/8 bytes long LE) |
Return to SafeNet ProtectToolkit-C Mechanisms