PUT WRAP KEY Command

Import a Wrap Key.

Description

Import a key for wrapping into the device.

Shell Example

Import an AES-128 Wrap Key able to export and import, with some Delegated Capabilities set:

yubihsm> put wrapkey 0 0 wrapkey 1 export-wrapped,import-wrapped
   exportable-under-wrap,sign-pkcs,sign-pss 000102030405060708090a0b0c0d0e0f
Stored Wrap key 0xaff7

Protocol Details

Command

Tc = 0x4c
Lc = 2 + 40 + 2 + 8 + 1 + 8 + LW
Vc = I || L || D || C || A || DC || W

Parameters:

I := Object ID (2 bytes)

L := Label (40 bytes)

D := Domains (2 bytes)

C := Capabilities (8 bytes)

A := Algorithm (1 byte)

DC := Delegated Capabilities (8 bytes)

W := Wrap Key (16, 24 or 32 bytes)

For AES128_CCM_WRAP: 16 bytes

For AES192_CCM_WRAP: 24 bytes

For AES256_CCM_WRAP: 32 bytes

Response

Tc = 0xcc
Lc = 2
Vc = I

Parameters:

I := ID of created Wrap Key (2 bytes)