2.2.3 Unwrapped Secret (ClientWrap Subprotocol Only)
When returning an unwrapped secret to a client using the ClientWrap subprotocol (section 3.1.1.2), the server MUST embed the secret in the following structure.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
0x00 |
0x00 |
0x00 |
0x00 |
||||||||||||||||||||||||||||
|
Secret (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Secret (variable): The unwrapped secret. This field MUST be a copy of the Secret value originally placed in the EncryptedSecret (section 2.2.2.2) field during the wrapping operation.