Key Object | RSA Security 5 guide

The Key Object

In the above code example, B_EncryptInit uses a key object called desKey. A key object holds a key’s value, such as the DES key, and supplies this value to a function, such as B_EncryptInit, that needs a key. A key object also receives the output of key generation such as B_GenerateKeypair.

Before Crypto-C can use a key object, you must create and set it with B_CreateKeyObject and B_SetKeyInfo. Every key object created by B_CreateKeyObject must be destroyed by B_DestroyKeyObject. For security reasons, when Crypto-C destroys a key object, it zeroizes (sets to zero) and freezes any sensitive memory that the object allocated. Once you call B_SetKeyInfo for a particular key object, do not call it again for the same object until it has been destroyed and recreated.

As shown in Chapter 4, page 331, B_SetKeyInfo has two input arguments, infoType and info. infoType is one of the KI key info types listed in Chapter 3. The key info type specifies the format of the actual key information supplied by info.

As shown in Chapter 3, the format of info supplied to B_SetKeyInfo for

KI_DES8Strong is a pointer to an unsigned char array that holds the 8-byte DES key. In the code example on page 5, this is the keyValue input argument to EncryptData.

C h a p t e r 1 I n t r o d u c t i o n

RSA Security 5 manual Key Object

Models: 5

The Key Object