CKM_PP_LOAD_SECRET
This section provides a summary of CKM_PP_LOAD_SECRET.
Note
This mechanism has been deprecated and will be removed in a future release. It is replaced by CKM_PP_LOAD_SECRET_2.
Supported operations
Operation | Supported |
---|---|
Encrypt and Decrypt | No |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | Yes |
Wrap and Unwrap | No |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
Yes | None |
Key size range (bytes) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 1 |
FIPS Minimum | 1 |
Maximum | None |
Parameter
CK_PP_LOAD_SECRET_PARAMS
Mechanism description
This is a key generate mechanism to provide the capability to load a clear key component from a directly-attached PIN pad device.
It has a parameter, a CK_PP_LOAD_SECRET_PARAMS, which holds the operational details for the mechanism.
struct CK_PP_LOAD_SECRET_PARAMS
{
/** Entered characters should be masked with '*' or similar to hide the
* value being entered. An error is returned if this is TRUE
* and the device does not support this feature. */
CK_BBOOL bMaskInput;
/** Entered characters should be converted from the ASCII representation
* to binary before being stored, according to the conversion type
* supplied. If the device does not support the specified type of input
* (e.g. hex input on a decimal keyboard), an error is returned.
* The octal and decimal representations will expect 3 digits per byte,
* whereas the hexadecimal representations will expect 2 digits per byte.
* An error is returned if the data contains invalid encoding (such
* as 351 for decimal conversion).
*/
CK_PP_CONVERT_TYPE cConvert;
/** The time to wait for operator response - in seconds. An error is
* returned if the operation does not complete in the specified time.
* This field may be ignored if the device does not support a configurable
* timeout. */
CK_CHAR cTimeout;
/** Reserved for future extensions. Must be set to zero. */
CK_CHAR reserved;
/** The prompt to be displayed on the device. If the prompt cannot fit on
* the device display, the output is clipped. If the device does not
* have any display, the operation will continue without any prompt, or
* error.
*
* The following special characters are recognized on the display:
* - Newline (0x0a): Continue the display on the next line.
*/
CK_CHAR_PTR prompt;
};
The template supplied with the call to the C_GenerateKey function determines the type of object generated by the operation. CKA_CLASS may be CKO_SECRETKEY only, and the only key type supported is CKK_GENERIC_SECRET. (This restriction applies because only key components are to be entered by this mechanism).
The normal rules for template consistencies apply. In particular the CKA_ALWAYS_SENSITIVE
must be set FALSE
and the CKA_NEVER_EXTRACTABLE
must be FALSE
.
The expected size of the object value created by this operation is supplied in the CKA_VALUE_LEN parameter in the template.
Return to ProtectToolkit-C mechanisms.