Supported CCA key types
The CCA token can generate PKCS #11 AES or AES-XTS key objects being backed by either CCA AES DATA or CCA AES CIPHER secure keys, and thus inheriting the related characteristics. AES CIPHER keys are considered to be a bit more secure compared to AES DATA keys, because they can be export-restricted, but DATA keys cannot. The characteristics of these key types are important for your decision about which type to use.
Export restriction means that one is unable to export the key value by wrapping the key with a key encryption key. If attackers are able to perform the key wrapping with a key encryption key they know, they can then subsequently unwrap the key (as a clear key operation) and thus get the original key value in clear.
CCA AES CIPHER keys can be export-restricted, so that the CCA card firmware does not allow any key wrapping of that key.
You can use option AES_KEY_MODE in the CCA token configuration file to set the default CCA AES key mode that is globally used for creating AES secure keys by all applications that use the respective CCA token. This option accepts two values to either specify CCA AES DATA or AES CIPHER secure keys to be created. For more information, read the description of option AES_KEY_MODE in Defining a CCA token configuration file.
You can also set the AES key mode individually for a key creation operation using the CKA_IBM_CCA_AES_ KEY_MODE attribute to overwrite the global key mode specified in the CCA token configuration file. This attribute is a CK_ULONG type attribute. Use values CK_IBM_CCA_AES_DATA_KEY (0) or CK_IBM_CCA_AES_CIPHER_KEY (1) in the template of the to-be-created AES key.
Setting the CKA_IBM_CCA_AES_ KEY_MODE attribute has priority over the global setting in the CCA token configuration file. If neither the global configuration setting nor the attribute is specified, then the default is to create CCA AES DATA keys. Every newly created AES key object will have attribute CKA_IBM_CCA_AES_KEY_MODE containing the CCA AES key mode as derived from the hierarchy of specification (1. value specified with attribute CKA_IBM_CCA_AES_KEY_MODE contained in the template at key creation, 2. setting in the CCA token configuration file, or 3. the default CCA AES DATA).
You can convert existing keys backed by a CCA AES DATA key into a CCA AES CIPHER key by changing the CKA_IBM_CCA_AES_KEY_MODE attribute from CK_IBM_CCA_AES_DATA_KEY (0) to CK_IBM_CCA_AES_CIPHER_KEY (1) via the C_SetAttribueValues() function. The other way round is not possible.
PKCS #11 also defines an attribute to allow or restrict the export of keys: CKA_EXTRACTABLE. Furthermore, you can use the IBM®-specific attribute CKA_IBM_PROTKEY_EXTRACTABLE to allow or restrict the export of a key as CPACF-protected key. These attributes are primarily checked and applied by openCryptoki’s code to decide if an export or wrap operation is allowed or not. However, if one retrieves the secure key blob of a key using C_GetAttribueValues() with attribute CKA_IBM_OPAQUE, and uses this key blob externally with the CCA host library, then the PKCS #11 attributes do not count anymore. For this it is important that the secure key blob is export-restricted by itself, to protect it from unwanted export operations. This is only possible with CCA AES CIPHER secure keys, but not with CCA AES DATA secure keys.
In general, the use of keys backed by CCA AES CIPHER versus CCA AES DATA keys is transparent for a PKCS #11 application. Keys backed by CCA AES DATA keys can be wrapped using mechanisms CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP with an RSA wrapping key. Keys backed by CCA AES CIPHER keys can only be wrapped by the CKM_RSA_AES_KEY_WRAP mechanism (unless export-restricted), but not by any of the other mechanisms that can wrap CCA AES DATA keys. That is, CIPHER keys behave differently in regards of key wrapping than DATA keys.