Pkcs #11: Cryptographic Token Interface Standard rsa laboratories
Download 1.99 Mb.
|
- Navigate this page:
- 11.22.2. BATON-ECB128
- 11.22.3. BATON-ECB96
- 11.22.4. BATON-CBC128
- 11.22.5. BATON-COUNTER
- 11.22.6. BATON-SHUFFLE
- 11.22.7. BATON WRAP
11.22. BATON mechanisms11.22.1. BATON key generationThe BATON key generation mechanism, denoted CKM_BATON_KEY_GEN, is a key generation mechanism for BATON. The output of this mechanism is called a Message Encryption Key (MEK). It does not have a parameter. This mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token—in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting. Constraints on key types and the length of data are summarized in the following table: Table , BATON-ECB128: Data and Length
11.22.3. BATON-ECB96BATON-ECB96, denoted CKM_BATON_ECB96, is a mechanism for single- and multiple-part encryption and decryption with BATON in 96-bit electronic codebook mode. It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token—in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting. Constraints on key types and the length of data are summarized in the following table: Table , BATON-ECB96: Data and Length
11.22.4. BATON-CBC128BATON-CBC128, denoted CKM_BATON_CBC128, is a mechanism for single- and multiple-part encryption and decryption with BATON in 128-bit cipher-block chaining mode. It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token—in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting. Constraints on key types and the length of data are summarized in the following table: Table , BATON-CBC128: Data and Length
11.22.5. BATON-COUNTERBATON-COUNTER, denoted CKM_BATON_COUNTER, is a mechanism for single- and multiple-part encryption and decryption with BATON in counter mode. It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token—in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting. Constraints on key types and the length of data are summarized in the following table: Table , BATON-COUNTER: Data and Length
11.22.6. BATON-SHUFFLEBATON-SHUFFLE, denoted CKM_BATON_SHUFFLE, is a mechanism for single- and multiple-part encryption and decryption with BATON in shuffle mode. It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token—in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting. Constraints on key types and the length of data are summarized in the following table: Table , BATON-SHUFFLE: Data and Length
11.22.7. BATON WRAPThe BATON wrap and unwrap mechanism, denoted CKM_BATON_WRAP, is a function used to wrap and unwrap a secret key (MEK). It can wrap and unwrap SKIPJACK, BATON, and JUNIPER keys. It has no parameters. When used to unwrap a key, this mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to it.
Download 1.99 Mb. Share with your friends:
|