Symmetric Key Export (CSNDSYX)

Use the Symmetric Key Export verb to export an operational AES, DES, or HMAC key in a CCA key token from encryption under a master key to encryption under an RSA public key or AES EXPORTER key. The usage attributes of the EXPORTER key must allow EXPORT.

For an RSA-enciphered output key, the key is returned as an opaque data buffer or in an external variable-length symmetric key-token. If the key is returned as an opaque data buffer, the Symmetric Key Import service can be used along with the associated RSA private-key to import the key back into an operational symmetric key-token. If the key is returned in an external variable-length symmetric key-token, the Symmetric Key Import2 service can be used along with the associated RSA private-key to import the key.

For an AES-enciphered output key, the key is returned in an external variable-length symmetric key token. The Symmetric Key Import2 service can be used along with its associated AES IMPORTER key-encrypting key to import the key. The usage attributes of the IMPORTER key must allow IMPORT.

The key being exported can also be encrypted, formatted and returned as a PKCS #11 output. For a PKCS #11 output key object, use the CKM-RAKW keyword. CKM-RAKW generates an ephemeral AES key, format and wrap the exported AES key with an ephemeral AES key, format and wrap the ephemeral AES key with the source transport RSA public key, and return the resulting structure in the target_key_token parameter. The output structure corresponds to the output from PKCS #11 mechanism CKM_RSA_AES_KEY_WRAP. For CKM-RAKW the source key must be an AES internal variable-length symmetric key-token of key type CIPHER.

The source key (other than CKM-RAKW) must be a complete symmetric key contained in a fixed-length or variable-length symmetric key-token, encrypted under an AES or DES master key. Fixed length DES keys have no key type limitations. Variable length keys have no key type limitations.

Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.
Table 1. CSNDSYX source key tokens (other than CKM-RAKW)

CSNDSYX source key tokens (other than CKM-RAKW)

Algorithm Internal fixed-length symmetric key-token key type Internal variable-length symmetric key-token key type
AES DATA


CIPHER, EXPORTER, or IMPORTER
DKYGENKY, MAC, PINCALC, PINPROT, or PINPRW.

DES DATA Not supported
No key type limitations when AESKWCV format specified Not supported
HMAC Not supported MAC

Different methods are supported for formatting the output key. Not all of these methods are available for each supported source key-token. The AESKW key-formatting method uses an AES EXPORTER key-encrypting key to wrap the output key before returning it in an external variable-length symmetric key-token. The other key formatting methods each use a different scheme to format the key before it is enciphered using an asymmetric RSA public-key. The formatted and enciphered key is returned as an opaque data buffer, and is not in a key token.

Table 2 and Table 3 show which formatting methods can be used for each type of key token and a description of the enciphered key returned.
Table 2. CSNDSYX key formatting for fixed length AES and DES key tokens

CSNDSYX key formatting for fixed length AES and DES key tokens

Operational source key token Key-formatting method keyword
AESKWCV PKCS-1.2 PKCSOAEP ZERO-PAD
AES DATA Not supported The output key is returned as an opaque data buffer after being formatted using the RSAES-PKCS1-v1_5 encryption or decryption scheme of the RSA PKCS #1 v2.0 standard and enciphered using the RSA public key provided as a transport key. The output key is returned as an opaque data buffer after being formatted using the RSAESOAEP encryption or decryption scheme of the RSA PKCS #1 v2.0 standard and enciphered using the RSA public-key provided as a transport key. The output key is returned as an opaque data buffer after the key is right-aligned, padded on the left to the necessary block length with bits valued to zero, and enciphered using the RSA public-key provided as a transport key.
DES DATA The output key is returned in an external variable-length DES key token with control vector after being enciphered using the AES EXPORTER key provided as the transport key. same as for AES DATA same as for AES DATA same as for AES DATA
DES key types other than DATA The output key is returned in an external variable-length DES key token with control vector after being enciphered using the AES EXPORTER key provided as the transport key. Not supported. Not supported. Not supported.
Table 3. CSNDSYX key formatting for variable length AES and HMAC key tokens

CSNDSYX key formatting for variable length AES and HMAC key tokens

Operational source key token Key-formatting method keyword
AESKW PKOAEP2 CKM-RAKW
AES The output key is returned in an external variable-length AES key-token after being enciphered using he AES EXPORTER key provided as the transport key. The output key is returned in an external variable length AES key token after being formatted using the RSAES-OAEP encryption / decryption scheme of the RSA PKCS #1 v2.1 standard and enciphered using the RSA public key provided as a transport key. The output key is returned as output structure corresponding to the output from the PKCS#11 mechanism CKM_RSA_AES_KEY_WRA P and enciphered using the RSA public key provided as a transport key.
HMAC Same as the variable-length AES source key token, except that the output key is returned in an external variable-length HMAC key-token. Same as the variable-length AES source key token, except that the output key is returned in an external variable-length HMAC key-token. Not supported.

Notes:

  1. For keywords PKCS-1.2, PKCSOAEP, and PKOAEP2, see Formatting hashes and keys in public-key cryptography.
  2. The RSA PKCS #1 v2.0 standard for the RSAES-PKCS1-v1_5 encryption/decryption scheme is formerly known as block-type 02 format.
  3. PKCSOAEP and PKOAEP2 are the only key formatting methods that use a hash method. PKCSOAEP and PKOAEP2 can specify either SHA-1 or SHA-256. PKOAEP2 can also specify SHA-384 or SHA-512.