![]() | Cryptographic Token Interface Standard |
PKCS#11 |
Sections | |
SEED secret key objects | |
SEED key generation | |
SEED-ECB | |
SEED-CBC | |
SEED-CBC with PKCS padding | |
General-length SEED-MAC | |
SEED-MAC |
SEED is a symmetric block cipher developed by the South Korean Information Security Agency (KISA). It has a 128-bit key size and a 128-bit block size.
Its specification has been published as Internet [RFC 4269].
RFCs have been published defining the use of SEED in
TLS ftp://ftp.rfc-editor.org/in-notes/rfc4162.txt
IPsec ftp://ftp.rfc-editor.org/in-notes/rfc4196.txt
CMS ftp://ftp.rfc-editor.org/in-notes/rfc4010.txt
TLS cipher suites that use SEED include:
CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x96}; CipherSuite TLS_DH_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x97}; CipherSuite TLS_DH_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x98}; CipherSuite TLS_DHE_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x99}; CipherSuite TLS_DHE_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x9A}; CipherSuite TLS_DH_anon_WITH_SEED_CBC_SHA = { 0x00, 0x9B};
As with any block cipher, it can be used in the ECB, CBC, OFB and CFB modes of operation, as well as in a MAC algorithm such as HMAC.
OIDs have been published for all these uses. A list may be seen at http://www.alvestrand.no/objectid/1.2.410.200004.1.html
| |||||||
Mechanism | |||||||
CKM_SEED_KEY_GEN | |||||||
CKM_SEED_ECB | |||||||
CKM_SEED_CBC | |||||||
CKM_SEED_CBC_PAD | |||||||
CKM_SEED_MAC_GENERAL | |||||||
CKM_SEED_MAC | |||||||
CKM_SEED_ECB_ENCRYPT_DATA | |||||||
CKM_SEED_CBC_ENCRYPT_DATA |
This section defines the key type "CKK_SEED" for type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.
Mechanisms:
CKM_SEED_KEY_GEN CKM_SEED_ECB CKM_SEED_CBC CKM_SEED_MAC CKM_SEED_MAC_GENERAL CKM_SEED_CBC_PAD
For all of these mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO are always 16.