CKM_WRAPKEYBLOB_AES_CBC

Supported Operations

Encrypt and Decrypt No
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap Yes
Derive No
Available in FIPS Mode Yes
Restrictions in FIPS Mode No Wrapping

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter None

Description

The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.

http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx

The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:

Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32
Bit Length (32 bit LE)
PubExp (32 bit LE)
Modulus (BitLength/8 bytes long LE)
P (BitLength/8 bytes long LE)
Q (BitLength/8 bytes long LE)
Dp (BitLength/8 bytes long LE)
Dq (BitLength/8 bytes long LE)
Iq (BitLength/8 bytes long LE)
D (BitLength/8 bytes long LE)

Return to SafeNet ProtectToolkit-C Mechanisms