What is cbc_param when we use pkcs11.C_EncryptInit

Question

Moving from PTK to Luna and now in code, I need to pass cbc_param, before the inside object was the only mechanism.

Can somebody explain what is this about? How PTK manage cbc_param? What is the difference with and without cbc_param?

var cbc_param = pkcs11.C_GenerateRandom(new Buffer(16));

pkcs11.C_EncryptInit(
    session,
    {
        mechanism: pkcs11js.CKM_AES_CBC,
        parameter: cbc_param
    },
    secretKey
);

score 0 · Answer 1 · answered Jul 26 '20 at 00:37

According to the PKCS11 documentation CBC mode has a 16-byte initialization vector (IV) parameter. This parameter is mandatory, basically it is 16 random bytes that you need use to encrypt/decrypt in CBC mode. It's ok to save it with cipher text, IV don't have to be a secret, but it must be random.

What is cbc_param when we use pkcs11.C_EncryptInit

1 Answers1