CKM_ZKA_MDC_2_KEY_DERIVATION
Supported Operations
| Encrypt and Decrypt | No |
| Sign and Verify | No |
| SignRecover and VerifyRecover | No |
| Digest | No |
| Generate Key/Key-Pair | No |
| Wrap and Unwrap | No |
| Derive | Yes |
| Available in FIPS Mode | No |
Key Size Range and Parameters
| Minimum | 0 |
| Maximum | None |
| Parameter | Arbitrary byte length |
Description
This is the ZKA MDC-2 and DES based key derivation mechanism. The algorithm implemented by this mechanism is defined in the ZKA technical appendix, “Technischer Anhang zum Vertrag über die Zulassung als Netzbetreiber im electronic-cash-System der deutschen Kreditwirtschaft” V5.2, section 1.9.2.3, “Generierung kartenindividueller Schlüssel”.
It has a parameter, the derivation data, which is an arbitrary-length byte array.
This mechanism only operates with the C_DeriveKey( )function.
The derivation data is digested using the CKM_DES_MDC_2_PAD1 mechanism, and the result is ECB decrypted with the base key. The result is used to make the value of a derived secret key. Only keys of type CKK_DES, CKK_DES2 and CKK_DES3 can be used as the base key for this mechanism. The derived key can have any key type with key length less than or equal to 16 bytes.
>If Nokey type and Nolength is provided in the template, then the key produced by this mechanism is a generic secret key. Its length is 16 bytes (the output size of MDC2).
>If Nokey type is provided in the template, but a length is provided, then the key produced by this mechanism is a generic secret key of the specified length – created by discarding one or more bytes from the right hand side of the decryption result.
>If a key type is provided in the template, but Nolength is provided, then that key type must have a well-defined length. If it does, then the key produced by this mechanism is of the type specified in the template. If it doesn’t, an error is returned.
>If both a key type and a length are provided in the template, the length must be compatible with that key type. The key produced by this mechanism is of the specified type and length. If the length isn’t compatible with the key type, an error is returned.
>If the derived key type is CKK_DES, or CKK_DES2, the parity bits of the key are set properly.
>If the derived key value length requested is more than 16 bytes, an error is returned.
The following key sensitivity and extractability rules apply for this mechanism:
>The CKA_SENSITIVE, CKA_EXTRACTABLE and CKA_EXPORTABLE attributes in the template for the new key can be specified to be either TRUE or FALSE. If omitted, these attributes each take on the value of the corresponding attribute of the base key. The default value for the CKA_EXTRACTABLE and CKA_EXPORTABLE attributes is TRUE. The default value of the CKA_SENSITIVE attribute depends on the security flags. If the No clear Pins security flag is set, the default value is TRUE; otherwise, it is false.
>If the base key has its CKA_ALWAYS_SENSITIVE attribute set to FALSE, then the derived key will as well. If the base key has its CKA_ALWAYS_SENSITIVE attribute set to TRUE, then the derived key has its CKA_ALWAYS_SENSITIVE attribute set to the same value as its CKA_SENSITIVE attribute.
>If the base key has its CKA_NEVER_EXTRACTABLE attribute set to FALSE, then the derived key will too. If the base key has its CKA_NEVER_EXTRACTABLE attribute set to TRUE, then the derived key has its CKA_NEVER_EXTRACTABLE attribute set to TRUE only if both CKA_EXTRACTABLE and CKA_EXPORTABLE attributes are FALSE. Otherwise, it is set to FALSE.
Return to SafeNet ProtectToolkit-C Mechanisms
