GENERATE WRAP KEY Command

Generate a Wrap Key.

Description

Generate a Wrap Key that can be used for export, import, wrap data and unwrap data.

Shell Example

Generate a new Wrap Key that can be used for wrap and unwrap:

yubihsm> generate wrapkey 0 0 wrapkey 1 wrap-data:unwrap-data none
  aes256-ccm-wrap
Generated Wrap key 0x5b3a

Protocol Details

Command

Tc = 0x5b

Lc = 2 + 40 + 2 + 8 + 1 + 8

Vc = I || L || D || C || A || DC

Parameters:

I := Object ID of the Wrap Key (2 bytes)

L := Label (40 bytes)

D := Domains (2 bytes)

C := Capabilities (8 bytes)

A := Algorithm (1 byte)

DC := Delegated Capabilities (8 bytes)

Response

Tr = 0xdb

Lr = 2

Vr = I

Parameters:

I := Object ID of created Wrap Key (2 bytes)