CKM_WRAPKEY_AES_CBC
This section provides a summary of CKM_WRAPKEY_AES_CBC.
Supported operations
Operation | Supported |
---|---|
Encrypt and Decrypt | No |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | Yes |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
Yes | No wrapping |
Key size range (bytes) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter
None
Mechanism description
The CKM_WRAPKEY_AES_CBC mechanism is used to wrap a key value plus all of its attributes so that the entire key can be reconstructed without a template at the destination.
This mechanism is the same as the CKM_WRAPKEY_DES3_CBC mechanism but uses only NIST approved cryptographic algorithms and key sizes.
The following fields in the encoding are computed differently to those in CKM_WRAPKEY_DES3_CBC mechanism.
Field | Definition |
---|---|
mK | This is a randomly generated 256-bit MAC key using CKM_GENERIC_SECRET_KEY_GEN. This key is used with Mx. |
E x | This is encryption using CKM_AES_CBC_PAD with key 'x'. |
M x | This is MAC generation using CKM_SHA512_HMAC_GENERAL (16 byte MAC result) with key 'x'. |
Return to ProtectToolkit-C mechanisms.