Submitter's message I finally revised the « key wrap with attributes » proposal. Changes are:
- tags moved into available KMIP range (4200D4-4200DA) rather than vendor-defined range
- remove prescription about what attributes can be encoded. You can encode anything you like. Up to the implementor to decide what to allow.
- specify that if using CCM/GCM, the IV must be token-generated
The proposal describes the encoding to use for attributes. To make it usable with C_WrapKey and C_UnwrapKey we need to decide a couple more things
Mechanism names - perhaps CKM_AES_GCM_WRAP and CKM_AES_CCM_WRAP ?
How to tell a device what attributes to encode when wrapping. Maybe in a CKM_AES_GCM_PARAMS structure?
Perhaps we can discuss this tonight and if we reach a conclusion I can quickly finish the proposal. -- Graham Steel Document Name : Key wrap with attributes v3 Description Revisions in v3:
- tags moved into available KMIP range (4200D4-4200DA) rather than vendor-defined range
- remove prescription about what attributes can be encoded. You can encode anything you like. Up to the implementor to decide what to allow.
- specify that if using CCM/GCM, the IV must be token-generated Download Latest Revision Public Download Link Submitter : Graham Steel Group : OASIS PKCS 11 TC Folder : Working Drafts Date submitted : 2016-07-20 02:37:39 Revision : 1