PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
JUNIPER secret key objects (object class CKO_SECRET_KEY, key type CKK_JUNIPER) hold single-length JUNIPER keys. The following table defines the JUNIPER secret key object attributes, in addition to the common attributes listed in Table 15 , Table 19 , Table 25 , Table 42 :
Table 58, JUNIPER Secret Key Object
| Attribute | Data type | Meaning |
| CKA_VALUE1,4,6,7 | Byte array | Key value (always 40 bytes long) |
JUNIPER keys have 160 checksum bits, and these bits must be properly set. Attempting to create or unwrap a JUNIPER key with incorrect checksum bits will return an error.
It is not clear that any tokens exist (or will ever exist) which permit an application to create a JUNIPER key with a specified value. Nonetheless, we provide templates for doing so.
The following is a sample template for creating a JUNIPER MEK secret key object:
CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE keyType = CKK_JUNIPER; CK_UTF8CHAR label[] = "A JUNIPER MEK secret key object"; CK_BYTE value[40] = {...}; CK_BBOOL true = TRUE; CK_ATTRIBUTE template[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_KEY_TYPE, &keyType, sizeof(keyType)}, {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label)-1}, {CKA_ENCRYPT, &true, sizeof(true)}, {CKA_VALUE, value, sizeof(value)} };
The following is a sample template for creating a JUNIPER TEK secret key object:
CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE keyType = CKK_JUNIPER; CK_UTF8CHAR label[] = "A JUNIPER TEK secret key object"; CK_BYTE value[40] = {...}; CK_BBOOL true = TRUE; CK_ATTRIBUTE template[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_KEY_TYPE, &keyType, sizeof(keyType)}, {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label)-1}, {CKA_ENCRYPT, &true, sizeof(true)}, {CKA_WRAP, &true, sizeof(true)}, {CKA_VALUE, value, sizeof(value)} };