![]() | Cryptographic Token Interface Standard |
PKCS#11 |
Generic secret key objects (object class CKO_SECRET_KEY, key type CKK_GENERIC_SECRET) hold generic secret keys. These keys do not support encryption or decryption; however, other keys can be derived from them and they can be used in HMAC operations. The following table defines the generic secret key object attributes, in addition to the common attributes defined for this object class:
These key types are used in several of the mechanisms described in this section.
Table 235, Generic Secret Key Object Attributes
Attribute | Data type | Meaning |
CKA_VALUE1,4,6,7 | Byte array | Key value (arbitrary length) |
CKA_VALUE_LEN2,3 | CK_ULONG | Length in bytes of key value |
- Refer to Table 15 for footnotes
The following is a sample template for creating a generic secret key object:
CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; CK_UTF8CHAR label[] = "A generic secret key object"; CK_BYTE value[] = {...}; CK_BBOOL true = CK_TRUE; CK_ATTRIBUTE template[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_KEY_TYPE, &keyType, sizeof(keyType)}, {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label)-1}, {CKA_DERIVE, &true, sizeof(true)}, {CKA_VALUE, value, sizeof(value)} };
CKA_CHECK_VALUE: The value of this attribute is derived from the key object by taking the first three bytes of the SHA-1 hash of the generic secret key object's CKA_VALUE attribute.