Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Getting raw key data requires wrapping with NULL algorithm only?

--On May 22, 2006 12:12:34 AM +1000 email@hidden wrote:

Actually, it looks like the problem is my old code was expecting the
wrapped key to have the format CSSM_KEYBLOB_RAW, whereas after wrapping
it has [logically] CSSM_KEYBLOB_WRAPPED.  It seems I can still access
the raw key data for the latter, anyway, so I guess my code is just wrong
or out of date.


Since you also cannot wrap a wrapped key on Tiger, I guess
CSSM_KEYBLOB_WRAPPED must be equivalent to CSSM_KEYBLOB_RAW, in terms of
not containing just a handle to the key data.

Well, *technically* it goes like this: RAW and WRAPPED keys are entirely distinct animals. A raw key contains the (raw) key bits in some format (specified by the KEYBLOB_FORMAT, of course). A wrapped key is a key wrapped up by some method into a distinct data format (the WRAPPED_FORMAT), the only requirement of which is that when unwrapped appropriately it will get you back your key, somehow.

In the special case of a NULL wrap, you still get a distinctly wrapped key, and the "wrapping algorithm" is defined such that the key DATA is the raw key. The semantics of null wraps as exports (and null unwraps as imports) are supposed to be a fairly regular outcome of the NULL algorithm meaning "don't do anything to the data", rather than an explicit special case.

Cheers
 -- perry
---------------------------------------------------------------------------
Perry The Cynic                                             email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden
References: 
 >Getting raw key data requires wrapping with NULL algorithm only? (From: email@hidden)
 >Re: Getting raw key data requires wrapping with NULL algorithm only? (From: email@hidden)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.