Moving from PTK to Luna and now in code, I need to pass cbc_param, before the inside object was the only mechanism.
Can somebody explain what is this about?
How PTK manage cbc_param?
What is the difference with and without cbc_param?
var cbc_param = pkcs11.C_GenerateRandom(new Buffer(16));
pkcs11.C_EncryptInit(
session,
{
mechanism: pkcs11js.CKM_AES_CBC,
parameter: cbc_param
},
secretKey
);
According to the PKCS11 documentation CBC mode has a 16-byte initialization vector (IV) parameter. This parameter is mandatory, basically it is 16 random bytes that you need use to encrypt/decrypt in CBC mode. It's ok to save it with cipher text, IV don't have to be a secret, but it must be random.