Cryptographic Token Interface Standard

PKCS#11


Concatenation of a base key and data

This mechanism, denoted CKM_CONCATENATE_BASE_AND_DATA, derives a secret key by concatenating data onto the end of a specified secret key.

This mechanism takes a parameter, a CK_KEY_DERIVATION_STRING_DATA structure, which specifies the length and value of the data which will be appended to the base key to derive another key.

For example, if the value of the base key is 0x01234567, and the value of the data is 0x89ABCDEF, then the value of the derived key will be taken from a buffer containing the string 0x0123456789ABCDEF.

If the requested type of key requires more bytes than are available by concatenating the original key's value and the data, an error is generated.

This mechanism has the following rules about key sensitivity and extractability:


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220