| Cryptographic Token Interface Standard |
PKCS#11
|
XORing of a key and data
XORing key derivation, denoted CKM_XOR_BASE_AND_DATA, is a mechanism which provides the capability of deriving a secret key by performing a bit XORing of a key pointed to by a base key handle and some data.
This mechanism takes a parameter, a CK_KEY_DERIVATION_STRING_DATA structure, which specifies the data with which to XOR the original key's value.
For example, if the value of the base key is 0x01234567, and the value of the data is 0x89ABCDEF, then the value of the derived key will be taken from a buffer containing the string 0x88888888.
- If no length or key type is provided in the template, then the key produced by this mechanism will be a generic secret key. Its length will be equal to the minimum of the lengths of the data and the value of the original key.
- If no key type is provided in the template, but a length is, then the key produced by this mechanism will be a generic secret key of the specified length.
- If no length is provided in the template, but a key type is, then that key type must have a well-defined length. If it does, then the key produced by this mechanism will be of the type specified in the template. If it doesn't, an error will be returned.
- If both a key type and a length are provided in the template, the length must be compatible with that key type. The key produced by this mechanism will be of the specified type and length. If a DES, DES2, DES3, or CDMF key is derived with this mechanism, the parity bits of the key will be set properly.
If the requested type of key requires more bytes than are available by taking the shorter of the data and the original key's value, an error is generated.
This mechanism has the following rules about key sensitivity and extractability:
- If the base key has its CKA_SENSITIVE attribute set to TRUE, so does the derived key. If not, then the derived key's CKA_SENSITIVE attribute is set either from the supplied template or from a default value.
- Similarly, if the base key has its CKA_EXTRACTABLE attribute set to FALSE, so does the derived key. If not, then the derived key's CKA_EXTRACTABLE attribute is set either from the supplied template or from a default value.
- The derived key's CKA_ALWAYS_SENSITIVE attribute is set to TRUE if and only if the base key has its CKA_ALWAYS_SENSITIVE attribute set to TRUE.
- Similarly, the derived key's CKA_NEVER_EXTRACTABLE attribute is set to TRUE if and only if the base key has its CKA_NEVER_EXTRACTABLE attribute set to TRUE.
RSA Security Inc. Public-Key Cryptography Standards -
PKCS#11 - v211