Cryptographic Token Interface Standard

PKCS#11


GOST R 34.10-2001 domain parameter objects

GOST R 34.10-2001 domain parameter objects (object class CKO_DOMAIN_PARAMETERS, key type CKK_GOSTR3410) hold GOST R 34.10-2001 domain parameters.

The following table defines the GOST R 34.10-2001 domain parameter object attributes, in addition to the common attributes defined for this object class:

Table 213, GOST R 34.10-2001 Domain Parameter Object Attributes
Attribute Data Type Meaning
CKA_VALUE1
Byte array
DER-encoding of the domain parameters as it was introduced in [4] section 8.4 (type GostR3410-2001-ParamSetParameters )
CKA_OBJECT_ID1
Byte array
DER-encoding of the object identifier indicating the domain parameters

Refer to Table 15 for footnotes

For any particular token, there is no guarantee that a token supports domain parameters loading up and/or fetching out. Furthermore, applications, that make direct use of domain parameters objects, should take in account that CKA_VALUE attribute may be inaccessible.

The following is a sample template for creating a GOST R 34.10-2001 domain parameter object:

CK_OBJECT_CLASS class = CKO_DOMAIN_PARAMETERS;
CK_KEY_TYPE keyType = CKK_GOSTR3410;
CK_UTF8CHAR label[] = "A GOST R34.10-2001 cryptographic parameters object";
CK_BYTE oid[] = {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00};
CK_BYTE value[] = {
0x30,0x81,0x90,
0x02,0x01,0x07,
0x02,0x20,
0x5f,0xbf,0xf4,0x98,0xaa,0x93,0x8c,0xe7,0x39,0xb8,0xe0,0x22,0xfb,0xaf,0xef,0x40,
0x56,0x3f,0x6e,0x6a,0x34,0x72,0xfc,0x2a,0x51,0x4c,0x0c,0xe9,0xda,0xe2,0x3b,0x7e,
0x02,0x21,0x00,
0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,0x31,
0x02,0x21,0x00,
0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
0x50,0xfe,0x8a,0x18,0x92,0x97,0x61,0x54,0xc5,0x9c,0xfc,0x19,0x3a,0xcc,0xf5,0xb3,
0x02,0x01,0x02,
0x02,0x20,
0x08,0xe2,0xa8,0xa0,0xe6,0x51,0x47,0xd4,0xbd,0x63,0x16,0x03,0x0e,0x16,0xd1,0x9c,

0x85,0xc9,0x7f,0x0a,0x9c,0xa2,0x67,0x12,0x2b,0x96,0xab,0xbc,0xea,0x7e,0x8f, 0xc8

};
CK_BBOOL true = CK_TRUE;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_LABEL, label, sizeof(label)-1},
{CKA_OBJECT_ID, oid, sizeof(oid)},
{CKA_VALUE, value, sizeof(value)}
};


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230