CKM_AES_KW
NIST Special Publication 800-38F describes cryptographic methods that are approved for “key wrapping,” that is, the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, that publication specifies two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the AES Key Wrap (KW) mode and the AES Key Wrap With Padding (KWP) mode. Luna Network HSM 7 implements the AES Key Wrap (KW) mode at this time, which SP800-38F recommends as more secure than CKM_AES_CBC. This mechanism meets the requirements specified in RFC 3394 for key wrapping.
Data size
The maximum allowed data size for this mechanism is 64KB (64 * 1024).
NOTE NIST Special Publication 800-38F recommends this method as more secure than CKM_AES_CBC. This mechanism meets the requirements specified in RFC 3394 for key wrapping.
Summary
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 8 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | KEYWRAP |
| Flags | Extractable | Accumulating |
