CSSM_CC_HANDLE CSSMAPI CSSM_KR_GenerateRecoveryFields (CSSM_CC_HANDLE KeyRecoveryContext, CSSM_CC_HANDLE CryptoContext, CSSM_DATA_PTR KRSPOptions, uint32 KRFlags, CSSM_DATA_PTR KRFields)
This function generates the key recovery fields for a cryptographic association given the key recovery context, the session specific key recovery attributes, and the handle to the cryptographic context containing the key that is to be made recoverable. The session attributes and the flags are not interpreted at the KRMM layer. A non-NULL cryptographic context handle is returned if the key recovery field generation was successful. This returned handle can be used for the encrypt APIs of the CSSM. The generated key recovery fields are returned as an output parameter. The KRFlags parameter may be used to fine tune the contents of the KRFields produced by this operation.
- KeyRecoveryContext (input)
The handle to the key recovery context for the cryptographic association.
- CryptoContext (input)
The cryptographic context handle that points to the session key.
- KRSPOptions (input)
The key recovery service provider specific options. These options are not interpreted by the KRMM, but passed on to the KRSP.
- KRFlags (input)
Flag values for key recovery fields generation. Defined values are:
- KR_INDIV-signifies that only the individual key recovery fields are to be generated
- KR_ENT-signifies that only the enterprise key recovery fields are to be generated
- KR_LE-signifies that only the law enforcement key recovery fields are to be generated
- KR_OPTIMIZE-signifies that performance optimization options are to be adopted by a KRSP while implementing this operation
- KR_DROP_WORKFACTOR-signifies that the key recovery fields should be generated without using the key size work factor.
- KRFields (output)
The key recovery fields in the form of an uninterpreted data blob.
A cryptographic context handle is returned. This handle is NULL if the generation of the key recovery fields was not successful.
Invalid crypto context handle.
Invalid key recovery context handle.
Invalid recovery options.