CKM_WRAPKEYBLOB_AES_CBC
This section provides a summary of CKM_WRAPKEYBLOB_AES_CBC.
Supported operations
Operation | Supported |
---|---|
Encrypt and Decrypt | No |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | Yes |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
Yes | No wrapping |
Key size range (bytes) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter
None
Mechanism description
The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.
http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx
The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:
Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32
Bit Length (32 bit LE)
PubExp (32 bit LE)
Modulus (BitLength/8 bytes long LE)
P (BitLength/8 bytes long LE)
Q (BitLength/8 bytes long LE)
Dp (BitLength/8 bytes long LE)
Dq (BitLength/8 bytes long LE)
Iq (BitLength/8 bytes long LE)
D (BitLength/8 bytes long LE)
Return to ProtectToolkit-C mechanisms.