Proposals

Proposals • BF, TF, DES OFB and CFB • Mechanism, Token, Session Objects etc. • Derive key by encryption of data • KCVs • PKCS #11 module management • Auth objects & ACLs • C_ReEncrypt • Attribute template inheritance

Clarifications • resolve CKA_KEY_TYPE contradiction • Delphi header files • non-MS developer tools • key generation for HMAC • Domain parameters relevance to key-pair gen • C_CopyObject – CKM_MODIFIABLE change constraints

Other Issues • Document Re-org

Auth Objects & ACLs K CKA_CLASS=CKO_SECRET_KEY CKA_KEY_TYPE=CKK_DES2 CKA_UNWRAP=1 CKA_ACL= enc,U1 dec,0 sign,U2 modify=SO U1 CKA_CLASS=CKO_AUTHENTICATION CKA_AUTH_TYPE=CKAT_PIN CKA_VALUE=***** CKA_AUTHENTICATED=0 CKA_ACL= modify=so U2 CKA_CLASS=CKO_AUTHENTICATION CKA_AUTH_TYPE=CKAT_PIN CKA_VALUE=***** CKA_AUTHENTICATED=0 CKA_COUNT=1 CKA_ACL= modify=so SO CKA_CLASS=CKO_AUTHENTICATION CKA_AUTH_TYPE=CKAT_PIN CKA_VALUE=***** CKA_AUTHENTICATED=0 CKA_ACL= modify=so AclSet ::= Sequence { Acl ::= Sequence { AccessType ::= INTEGER AclValue ::= ObjectHandle } }

Attribute Template Inheritence MK CKA_CLASS=CKO_SECRET_KEY CKA_KEY_TYPE=CKK_DES2 CKA_UNWRAP=1 CKK_ATTR_MASK= CKA_KEY_TYPE=CKK_DES CKA_SENSITIVE=1 CKA_ENCRYPT=1 CKA_UNWRAP=0 C_UnWrapKey(MK,…) User attribute template CKA_SIGN=1 or CKA_ UNWRAP =1 X K CKA_CLASS=CKO_SECRET_KEY CKA_KEY_TYPE=CKK_DES CKA_SENSITIVE=1 CKA_ENCRYPT=1 CKA_UNWRAP=0 + CKA_SIGN=1 AttrSet ::= Sequence { AttrSet ::= Sequence { AttrType ::= INTEGER AttrValue ::= OCTET STRING } }

Proposals

Proposals

Presentation Transcript