CKM_WRAPKEYBLOB_AES_CBC
Supported Operations
| Encrypt and Decrypt | No |
| Sign and Verify | No |
| SignRecover and VerifyRecover | No |
| Digest | No |
| Generate Key/Key-Pair | No |
| Wrap and Unwrap | Yes |
| Derive | No |
| Available in FIPS Mode | Yes |
| Restrictions in FIPS Mode | No Wrapping |
Key Size Range (bytes) and Parameters
| Minimum | 16 |
| FIPS Minimum | 16 |
| Maximum | 32 |
| Parameter | None |
Description
The CKM_WRAPKEYBLOB_AES_CBC and CKM_WRAPKEYBLOB_DES3_CBC mechanism is used to wrap a private key value using the Microsoft PRIVATEKEYBLOB format.
http://msdn.microsoft.com/en-us/library/cc250013(PROT.13).aspx
The RSA private key is formatted as shown below and then the result is encrypted by CKM_AES_CBC_PAD or CKM_DES3_CBC_PAD:
| Header 12 bytes long = 07 02 00 00 00 A4 00 00 52 53 41 32 |
| Bit Length (32 bit LE) |
| PubExp (32 bit LE) |
| Modulus (BitLength/8 bytes long LE) |
| P (BitLength/8 bytes long LE) |
| Q (BitLength/8 bytes long LE) |
| Dp (BitLength/8 bytes long LE) |
| Dq (BitLength/8 bytes long LE) |
| Iq (BitLength/8 bytes long LE) |
| D (BitLength/8 bytes long LE) |
Return to ProtectToolkit-C Mechanisms
