CryptoSys PKI Pro Manual

kdfForCms

Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object.

Syntax

[VBA]
Public Function kdfForCms ( _
    lpZZ() As Byte, _
    lpUkm() As Byte, _
    Optional nOptions As Long = 0 _
) As Byte()

Parameters

lpZZ
Input key material/shared secret.
lpUkm
User key material (optional, but a properly dimensioned variable must be passed, even if empty).
nOptions
Algorithm to be used. Select one from: 
PKI_KDF_X963 (default)
PKI_KDF_HKDF
and select one hash algorithm to use with the key derivation function: 
PKI_HASH_SHA1 (default)
PKI_HASH_SHA224
PKI_HASH_SHA256
PKI_HASH_SHA384
PKI_HASH_SHA512
and select one key wrap algorithm (required, no default): 
PKI_KWRAP_3DES
PKI_KWRAP_AES128
PKI_KWRAP_AES192
PKI_KWRAP_AES256

Return Value

Byte(): Output key material (KEK) in a byte array.

Remarks

This is a specialist function using the key definition algorithms described in [RFC5753] and [RFC8418] when used for key agreement with ECDH in a CMS EnvelopedData object using the ECC-CMS-SharedInfo structure.

Example

Dim lpKEK() As Byte
Dim lpZZ() As Byte
Dim lpUkm() As Byte
lpZZ = cnvFromHex("160E3F5588C6FB4E9CEE8BC3C1C5000AB86396468C3D1CAEC0CB6E21536B5513")
lpKEK = kdfForCms(lpZZ, lpUkm, PKI_KWRAP_AES128 Or PKI_KDF_X963 Or PKI_HASH_SHA1)
Debug.Print "KEK = " & cnvToHex(lpKEK)
Debug.Print "OK  = 04D616C654CDF62BB186A5A088B60FB5"
[PREV: kdfBytes...]   [Contents]   [Index]   
   [NEXT: ocspMakeRequest...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.