Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
61626364656667686970
64 Chapter 6: Changes Between Releases 4.1.2 and 4.1.4
RSA BSAFE Crypto-C Micro Edition 3.x to 4.1.4 Migration Guide
Key Wrapping
Key wrapping is a method of encrypting key data for protection on untrusted storage
devices or during transmission over insecure channels.
In previous versions of Crypto-C ME, wrapping of key data was provided using
specific key wrap algorithms, using AES symmetric key encryption, or applications
could use asymmetric key encryption and wrap key data using a recipient’s public key.
From December 2017, FIPS 140-2-compliance for applications wrapping key data
using a recipient’s public key, requires use of a certified key wrapping
implementation.
Crypto-C ME 4.1.4 extends the key wrapping functionality to now include FIPS 140-2
compliant wrapping of symmetric or asymmetric key data with either symmetric or
asymmetric keys. The changes you need to make to your application include the:
Asymmetric key wrapping algorithm identifier you must specify when creating
the cryptographic object for the key wrap operation (if wrapping key data using a
recipient’s public key).
Algorithm subtypes you must also specify when creating the cryptographic object.
Functions you can use to initialize the cryptographic object.
Functions you can use to perform the key wrap operation.
Create a Cryptographic Object
You create a cryptographic object, R_CR, for key wrapping by calling R_CR_new()
or
R_CR_new_ef(). For Crypto-C ME 4.1.4, you must specify, amongst other
things:
An identifier for the algorithm you are using to wrap the key with.
Algorithm subtypes for the type of key you are wrapping with and the type of key
you are wrapping.
The symmetric key wrap algorithm identifiers are unchanged.
The following table lists the asymmetric key wrap algorithm identifiers you can
choose from when creating a cryptographic object for key wrapping in Crypto-C ME
4.1.4.
Table 18 Asymmetric Key Wrapping Algorithm Identifiers
Crypto-C ME 3.1 through 4.1.3 Crypto-C ME 4.1.4
NA. Only symmetric key algorithms
identifiers where available.
R_CR_ID_KW_KEM_KES
R_CR_ID_KW_RSA_OAEP
R_CR_ID_KW_RSA_OAEP_SHA1
R_CR_ID_KW_RSA_OAEP_SHA256