Chapter 1 Introduction 9
The Key Object
The Key ObjectIn the above code example, B_EncryptInit uses a key object called
desKey
. A key object
holds a key’s value, such as the DES key, and supplies this value to a function, such as
B_EncryptInit, that needs a key. A key object also receives the output of key
generation such as B_GenerateKeypair.
Before Crypto-C can use a key object, you must create and set it with
B_CreateKeyObject and B_SetKeyInfo. Every key object created by
B_CreateKeyObject must be destroyed by B_DestroyKeyObject. For security reasons,
when Crypto-C destroys a key object, it zeroizes (sets to zero) and freezes any
sensitive memory that the object allocated. Once you call B_SetKeyInfo for a
particular key object, do not call it again for the same object until it has been destroyed
and recreated.
As shown in Chapter 4, page331, B_SetKeyInfo has two input arguments,
infoType
and
info
.
infoType
is one of the KI key info types listed in Chapter 3. The key info type
specifies the format of the actual key information supplied by
info
.
As shown in Chapter 3, the format of
info
supplied to B_SetKeyInfo for
KI_DES8Strong is a pointer to an unsigned char array that holds the 8-byte DES key.
In the code example on page5, this is the
keyValue
input argument to
EncryptData
.