Cryptographic Token Interface Standard

PKCS#11

AES-CBC with PKCS padding

AES-CBC with PKCS padding, denoted CKM_AES_CBC_PAD, is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping, based on NIST's Advanced Encryption Standard; cipher-block chaining mode; and the block cipher padding method detailed in PKCS #7.

It has a parameter, a 16-byte initialization vector.

The PKCS padding in this mechanism allows the length of the plaintext value to be recovered from the ciphertext value. Therefore, when unwrapping keys with this mechanism, no value should be specified for the CKA_VALUE_LEN attribute.

In addition to being able to wrap and unwrap secret keys, this mechanism can wrap and unwrap RSA, Diffie-Hellman, X9.42 Diffie-Hellman, EC (also related to ECDSA) and DSA private keys (see Section Error: Reference source not found for details). The entries in Table 94 for data length constraints when wrapping and unwrapping keys do not apply to wrapping and unwrapping private keys.

Constraints on key types and the length of data are summarized in the following table: 




 Table 94, AES-CBC with PKCS Padding: Key And Data Length   
Function Key type 

Input length

 

Output length

   


C_Encrypt AES 

any

 

input length rounded up to multiple of the block size

    


C_Decrypt AES 

multiple of block size

 

between 1 and block size bytes shorter than input length

   


C_WrapKey AES 

any

 

input length rounded up to multiple of the block size

    


C_UnwrapKey AES 

multiple of block size

 

between 1 and block length bytes shorter than input length

  

 



For this mechanism, the ulMinKeySize and ulMaxKeySize  fields of the CK_MECHANISM_INFO structure specify the supported range of AES key sizes, in bytes.


 
 



RSA Security Inc. Public-Key Cryptography Standards - 
PKCS#11 - v211