![]() | Cryptographic Token Interface Standard |
PKCS#11 |
GOST R 34.10-2001 keys as a KEK (key encryption keys) for encryption GOST 28147 keys, denoted by CKM_GOSTR3410_KEY_WRAP, is a mechanism for key wrapping; and key unwrapping, based on GOST R 34.10-2001. Its purpose is to encrypt and decrypt keys have been generated by key generation mechanism for GOST 28147-89. An encryption algorithm from [RFC 4490] ( section 5.2) must be used. Encrypted key is a DER-encoded structure of ASN.1 GostR3410-KeyTransport type [RFC 4490] section 4.2.
It has a parameter, a CK_GOSTR3410_KEY_WRAP_PARAMS structure defined in section 6.41.5.
For unwrapping (C_UnwrapKey), the mechanism decrypts the wrapped key, and contributes the result as the CKA_VALUE attribute of the new key.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.
Common key derivation, denoted CKM_GOSTR3410_DERIVE, is a mechanism for key derivation with assistance of GOST R 34.10-2001 private and public keys. The key of the mechanism must be of object class CKO_DOMAIN_PARAMETERS and key type CKK_GOSTR3410. An algorithm for key derivation from [RFC 4357] ( section 5.2) must be used.
The mechanism contributes the result as the CKA_VALUE attribute of the new private key. All other attributes must be specified in a template for creating private key object.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.