[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] RSA Key Import proposal
On 4/3/2013 5:24 AM, Darren J Moffat wrote:
I would still like to see CKM_AES_CCM and CKM_AES_GCM made available for wrapping as part of the standard. We already use them for key wrapping in ZFS on Solaris (but we do the wrap/unwrap with our in kernel API not PKCS#11).
Three different items I think then:1) An CKM_RSA_AES_KEYWRAP mechanism to deal with the RSA limitations. (See also NIST SP800-38F).
2) The addition of CMK_EC_KEYWRAP for elliptic curve to mirror the above (uses the AES key wrap mode rather than the mac specified in X9.63 - uses an ECDH key agreement approach to get the AES key. (Or maybe just use ECIES - which also needs be defined at some point).
3) For CCM and GCM - they're in the 2.30 document as additional mechanisms and specified without the wrap/unwrap flag. That suggests you're going to need two new mechanisms specifically for key wrap. I seem to recall (but couldn't find) guidance which suggests that using either of these for key wrapping was not considered a good idea. I'm going to drop Russ Housley and Dave McGrew a note and ask.
Mike
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]