rust-cryptoki icon indicating copy to clipboard operation
rust-cryptoki copied to clipboard

Published 20 hours ago verified publisher icon parallaxsecond

Define CKD_SHA256_KDF transformation

Open freedge opened this issue 6 months ago • 2 comments

Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.

Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though.

Unfortunately this is not implemented on softHSM (https://github.com/opendnssec/SoftHSMv2/pull/599) so I provide no test. This was tested fine against Thales DPOD.

freedge avatar Aug 09 '24 18:08 freedge