EXPORT WRAPPED Command

Get an Object in encrypted form.

Description

Retrieves an Object under wrap from the device. The Object is encrypted using AES-CCM with a 16 bytes MAC and a 13 bytes nonce.

Shell Example

Fetch the Asymmetric Key 0x997e encrypted with Wrap Key 0xcf94 and store the result in the file key.enc:

yubihsm> get wrapped 0 0xcf94 asymmetric 0x997e key.enc

Protocol Details

Command

Tc = 0x4a
Lc = 2 + 1 + 2
Vc = Iw || T || Io

Parameters:

Iw := Object ID of Wrap Key to use (2 bytes)

T := Type of Object to wrap (1 byte)

Io := Object ID of Object to wrap (2 bytes)

Response

Tr = 0xca
Lr = 13 + LR
Vr = N || R

Parameters:

N := Nonce used for this wrap (13 bytes)

R := Wrapped data (Length dependent on object)