pkcs11 message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Groups - Key wrap with attributes v3 uploaded
- From: Graham Steel<graham@cryptosense.com>
- To: pkcs11@lists.oasis-open.org
- Date: Wed, 20 Jul 2016 02:37:58 -0700 (PDT)
Submitter's message
I finally revised the « key wrap with attributes » proposal. Changes are:
- tags moved into available KMIP range (4200D4-4200DA) rather than vendor-defined range
- remove prescription about what attributes can be encoded. You can encode anything you like. Up to the implementor to decide what to allow.
- specify that if using CCM/GCM, the IV must be token-generated
The proposal describes the encoding to use for attributes. To make it usable with C_WrapKey and C_UnwrapKey we need to decide a couple more things
Mechanism names - perhaps CKM_AES_GCM_WRAP and CKM_AES_CCM_WRAP ?
How to tell a device what attributes to encode when wrapping. Maybe in a CKM_AES_GCM_PARAMS structure?
Perhaps we can discuss this tonight and if we reach a conclusion I can quickly finish the proposal.
-- Graham Steel
Document Name: Key wrap with attributes v3
Description
Revisions in v3:
- tags moved into available KMIP range (4200D4-4200DA) rather than
vendor-defined range
- remove prescription about what attributes can be encoded. You can encode
anything you like. Up to the implementor to decide what to allow.
- specify that if using CCM/GCM, the IV must be token-generated
Download Latest Revision
Public Download Link
Submitter: Graham Steel
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2016-07-20 02:37:39
Revision: 1
|
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]