Cryptographic Token Interface Standard

PKCS#11


SHA-1 key derivation

SHA-1 key derivation, denoted CKM_SHA1_KEY_DERIVATION, is a mechanism which provides the capability of deriving a secret key by digesting the value of another secret key with SHA-1.

The value of the base key is digested once, and the result is used to make the value of derived secret key.

If the requested type of key requires more than 20 bytes, such as DES3, an error is generated.

This mechanism has the following rules about key sensitivity and extractability:


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230