Cryptographic Token Interface Standard

PKCS#11


AES-CBC with PKCS padding

AES-CBC with PKCS padding, denoted CKM_AES_CBC_PAD, is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping, based on NIST's Advanced Encryption Standard; cipher-block chaining mode; and the block cipher padding method detailed in PKCS #7.

It has a parameter, a 16-byte initialization vector.

The PKCS padding in this mechanism allows the length of the plaintext value to be recovered from the ciphertext value. Therefore, when unwrapping keys with this mechanism, no value should be specified for the CKA_VALUE_LEN attribute.

In addition to being able to wrap and unwrap secret keys, this mechanism can wrap and unwrap RSA, Diffie-Hellman, X9.42 Diffie-Hellman, EC (also related to ECDSA) and DSA private keys (see Section Error: Reference source not found for details). The entries in Table 94 for data length constraints when wrapping and unwrapping keys do not apply to wrapping and unwrapping private keys.

Constraints on key types and the length of data are summarized in the following table:

Table 94, AES-CBC with PKCS Padding: Key And Data Length
Function Key type
Input length
Output length
C_Encrypt AES
any
input length rounded up to multiple of the block size
C_Decrypt AES
multiple of block size
between 1 and block size bytes shorter than input length
C_WrapKey AES
any
input length rounded up to multiple of the block size
C_UnwrapKey AES
multiple of block size
between 1 and block length bytes shorter than input length

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of AES key sizes, in bytes.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211