PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
The mechanisms will function by performing the encryption over the data provided using the base key. The resulting cipher text shall be used to create the key value of the resulting key. If not all the cipher text is used then the part discarded will be from the trailing end (least significant bytes) of the cipher text data. The derived key shall be defined by the attribute template supplied but constrained by the length of cipher text available for the key value and other normal PKCS11 derivation constraints.
Attribute template handling, attribute defaulting and key value preparation will operate as per the SHA-1 Key Derivation mechanism in section 12.21.5.
If the data is too short to make the requested key then the mechanism returns CKR_DATA_LENGTH_INVALID.