Cryptographic Token Interface Standard

PKCS#11


GOST 28147-89 keys wrapping/unwrapping with GOST R 34.10-2001

GOST R 34.10-2001 keys as a KEK (key encryption keys) for encryption GOST 28147 keys, denoted by CKM_GOSTR3410_KEY_WRAP, is a mechanism for key wrapping; and key unwrapping, based on GOST R 34.10-2001. Its purpose is to encrypt and decrypt keys have been generated by key generation mechanism for GOST 28147-89. An encryption algorithm from [RFC 4490] ( section 5.2) must be used. Encrypted key is a DER-encoded structure of ASN.1 GostR3410-KeyTransport type [RFC 4490] section 4.2.

It has a parameter, a CK_GOSTR3410_KEY_WRAP_PARAMS structure defined in section 6.41.5.

For unwrapping (C_UnwrapKey), the mechanism decrypts the wrapped key, and contributes the result as the CKA_VALUE attribute of the new key.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.

Common key derivation, denoted CKM_GOSTR3410_DERIVE, is a mechanism for key derivation with assistance of GOST R 34.10-2001 private and public keys. The key of the mechanism must be of object class CKO_DOMAIN_PARAMETERS and key type CKK_GOSTR3410. An algorithm for key derivation from [RFC 4357] ( section 5.2) must be used.

The mechanism contributes the result as the CKA_VALUE attribute of the new private key. All other attributes must be specified in a template for creating private key object.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230mechanism1