PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
The CT-KIP key derivation mechanism, denoted CKM_KIP_DERIVE, is a key derivation mechanism that is capable of generating secret keys of potentially any type, subject to token limitations.
It takes a parameter of type CK_KIP_PARAMS which allows for the passing of the desired underlying cryptographic mechanism as well as some other data. In particular, when the hKey parameter is a handle to an existing key, that key will be used in the key derivation in addition to the hBaseKey of C_DeriveKey. The pSeed parameter may be used to seed the key derivation operation.
The mechanism derives a secret key with a particular set of attributes as specified in the attributes of the template for the key.
The mechanism contributes the CKA_CLASS and CKA_VALUE attributes to the new key. Other attributes supported by the key type may be specified in the template for the key, or else will be assigned default initial values. Since the mechanism is generic, the CKA_KEY_TYPE attribute should be set in the template, if the key is to be used with a particular mechanism.