PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
PKCS #5 PBKDF2 key generation, denoted CKM_PKCS5_PBKD2, is a mechanism used for generating a secret key from a password and a salt value. This functionality is defined in PKCS#5 as PBKDF2.
It has a parameter, a CK_PKCS5_PBKD2_PARAMS structure. The parameter specifies the salt value source, pseudo-random function, and iteration count used to generate the new key.
Since this mechanism can be used to generate any type of secret key, new key templates must contain the CKA_KEY_TYPE and CKA_VALUE_LEN attributes. If the key type has a fixed length the CKA_VALUE_LEN attribute may be omitted.