Encrypt data.
Encrypt (wrap) data using a Wrap Key.
Using Wrap Key 0x5b3a
encrypt the string "Hello world!":
yubihsm> encrypt aesccm 0 0x5b3a "Hello world!" MRkj6B0AAAAAAAAAAoO4dkIeAYoPvwTV/M/JX1dwKnLqnERO1hSW4wPS
Tc = 0x68 |
Lc = 2 + LD |
Vc = I || D |
I := Object ID of the Wrap Key (2 bytes)
D := Data to be wrapped
Tr = 0xe8 |
Lr = 13 + 1 + LD + 16 |
Vr = N || W || M |
N := Nonce (13 bytes)
W := Wrapped data (L~W~ = 1 + L~D~
bytes)
The wrapped data includes a leading encrypted nul byte that is added
automatically by the YubiHSM2. This byte is checked by UNWRAP DATA
and therefore must be added if manually generating an encrypted
message offline.
M := Mac (16 bytes)