Key-encrypting keys protect a key that is sent to another system, received from another system, or stored with data in a file. A variation of transport keys are also used to rewrap a key from one key-encrypting key to another key-encrypting key.
DES OKEYXLAT keys must be used when rewrapping a key under a transport key. The AES EXPORTER must have the TRANSLAT key usage enabled when rewrapping a key.
DES IKEYXLAT keys must be used when rewrapping a key under a transport key. The AES IMPORTER must have the TRANSLAT key usage enabled when rewrapping a key.
DES keys | Callable services |
---|---|
Key-encrypting key class:
|
|
EXPORTER | Control Vector Translate, Data Key Export, ECC Diffie-Hellman, Key Export, Key Generate, Key Test2, Key Test Extended, Key Translate, Key Translate2, PKA Key Generate, PKA Key Translate, Prohibit Export Extended, Remote Key Export, Secure Messaging for Keys, Symmetric Key Generate, TR-31 Export, TR-31 Import, Unique Key Derive |
IMPORTER | Control Vector Translate, Data Key Import, ECC Diffie-Hellman, Key Generate, Key Import, Key Test2, Key Test Extended, Key Translate, Key Translate2, Multiple Secure Key Import, PKA Key Generate, PKA Key Import, PKA Key Translate, Prohibit Export Extended, Remote Key Export, Restrict Key Attribute, Secure Key Import, Secure Messaging for Keys, Symmetric Key Generate, TR-31 Export, TR-31 Import |
IMP-PKA | PKA Key Import, Remote Key Export, Trusted Block Create |
IKEYXLAT, OKEYXLAT | Control Vector Translate, Key Translate, Key Translate2, TR-31 Export,TR-31 Import |
AES keys | Callable services |
---|---|
Key-encrypting key class:
|
|
EXPORTER | ECC Diffie-Hellman, Key Generate2, Key Test2, Key Translate2, PKA Key Generate, PKA Key Translate, Symmetric Key Export |
IMPORTER | ECC Diffie-Hellman, Key Generate2, Key Test2, Key Translate2, PKA Key Generate, PKA Key Import, PKA Key Translate, Restrict Key Attribute, Secure Key Import2, Symmetric Key Import2 |