Function
|
Key type
|
Data length
|
Signature length
|
C_Sign
|
|
any
|
blocksize/2
|
C_Verify
|
|
any
|
blocksize/2
|
11.19.1. Double-length DES key generation
The double-length DES key generation mechanism, denoted CKM_DES2_KEY_GEN, is a key generation mechanism for double-length DES keys. The DES keys making up a double-length DES key both have their parity bits set properly, as specified in FIPS PUB 46-2.
It does not have a parameter.
The mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key. Other attributes supported by the double-length DES key type (specifically, the flags indicating which functions the key supports) may be specified in the template for the key, or else are assigned default initial values.
Double-length DES keys can be used with all the same mechanisms as triple-DES keys: CKM_DES_ECB, CKM_DES_CBC, CKM_DES_CBC_PAD, CKM_DES_MAC_GENERAL, and CKM_DES_MAC (these mechanisms are described in templatized form in Section ). Triple-DES encryption with a double-length DES key consists of three steps: encryption with the first DES key; decryption with the second DES key; and encryption with the first DES key.
When double-length DES keys are generated, it is token-dependent whether or not it is possible for either of the component DES keys to be “weak” or “semi-weak” keys.
|
