Algorithm (One keyword, optional) |
AES | The key being exported is an AES
key. If source_key_identifier is a variable-length symmetric
key token or label, only the PKOAEP2 and AESKW key formatting methods
are supported. |
DES | The key being exported is a DES key.
This is the default. |
HMAC | The key being exported is an HMAC key. Only
the PKOAEP2 and AESKW key formatting methods are supported. |
Key Formatting method (One required) |
AESKW | Specifies that the key is to be formatted using
AESKW and placed in an external variable length CCA token. The transport_key_identifier must
be an AES EXPORTER. This rule is not valid with the DES Algorithm
keyword or with AES DATA (version X'04') keys. |
PKCSOAEP | Specifies to format the key according
to the method in RSA DSI PKCS #1V2 OAEP. The default
hash method is SHA-1. Use the SHA-256 keyword for the SHA-256 hash
method. |
PKCS–1.2 | Specifies to format the key according
the method found in RSA DSI PKCS #1 block type 02 to recover the symmetric
key. |
PKOAEP2 | Specifies to format the key according to the
method found in RSA DSI PKCS #1 v2.1 RSAES-OAEP documentation. Not valid with DES algorithm or with AES DATA (version X'04') keys.
A hash method is required. |
ZERO-PAD | The clear key is right-justified
in the field provided, and the field is padded to the left with zeros
up to the size of the RSA encryption block (which is the modulus length). |
Hash
Method (One, optional for PKCSOAEP, required for PKOAEP2. Not valid
with any other Key Formatting method) |
SHA-1 | Specifies to use the SHA-1 hash method to calculate
the OAEP message hash. This is the default for PKCSOAEP. |
SHA-256 | Specifies to use the SHA-256 hash method to
calculate the OAEP message hash. |
SHA-384 | Specifies to use the SHA-384 hash method to
calculate the OAEP message hash. Not valid with PKCSOAEP. |
SHA-512 | Specifies to use the SHA-512 hash method to
calculate the OAEP message hash. Not valid with PKCSOAEP. |