CKM_SEED_ECB_PAD
This section provides a summary of CKM_SEED_ECB_PAD.
Supported operations
Operation | Supported |
---|---|
Encrypt and Decrypt | Yes |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | Yes |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
No | Not applicable |
Key size range (bytes) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 16 |
Maximum | 16 |
Parameter
None
Mechanism description
SEED-ECB with PKCS padding, denoted CKM_SEED_ECB_PAD
, is a mechanism for single- and multiple-part encryption and decryption, key wrapping and key unwrapping, based on the KISA (Korean Information Security Agency) SEED specification, electronic code book mode and the block cipher padding method detailed in PKCS #7. It does not have a parameter.
The PKCS padding in this mechanism allows the length of the plaintext value to be recovered from the ciphertext value. Therefore, when unwrapping keys with this mechanism, no value should be specified for the CKA_VALUE_LEN
attribute.
In addition to being able to wrap and unwrap secret keys, this mechanism can wrap and unwrap RSA, Diffie-Hellman, X9.42 Diffie-Hellman, and DSA private keys. The entries in SEED-ECB with PKCS Padding: Key and Data Length for data length constraints when wrapping and unwrapping keys do not apply to wrapping and unwrapping private keys. Constraints on key types and the length of data are summarized in the following table.
SEED-ECB with PKCS Padding: Key and Data Length
Function | Key type | Input length | Output length |
---|---|---|---|
C_Encrypt | CKK_SEED | Any | This is the input length plus one, rounded up to a multiple of the block size. |
C_Decrypt | CKK_SEED | Multiple of block size | Between 1 and block size bytes shorter than input length. |
C_WrapKey | CKK_SEED | Any | This is the input length plus one, rounded up to a multiple of the block size. |
C_UnwrapKey | CKK_SEED | Multiple of block size | Between 1 and block length bytes shorter than input length. |
Return to ProtectToolkit-C mechanisms.