Go to content

Creation

Main menu option: 1 - Create. . .

The creation of keys and objects is subdivided into three submenus:

  1. Symmetric keys: DES, 3DES, DESX, AES and ARC4
  2. Asymmetric keys: RSA and ECC/ECX
  3. Objects: MAP

For details on the types of keys and other objects available in HSM, see the topic Keys and Objects.

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create

Symmetric keys Asymmetric keys Objects

 1 - DES 17 - RSA 33 - MAP
 2 - 3DES 18 - ECC
 3 - DESX 19 - ECX
 4 - AES
 5 - ARC4
 6 - HMAC










 0 - Main Menu

Option:

Each type of key will have a number of different attributes that must be entered depending on the type of key, but some are common to all types:

  1. Name: uniquely identifies the object within the partition; can be up to 32 characters long and can use alphanumeric characters plus the underline (_). In HSM, object names are case-sensitive, i.e. there is a differentiation between uppercase and lowercase letters. As long as the authenticated user is allowed to create objects in other partition(s), the operation can be performed by indicating the name of the partition and the name of the object with the formation rule: partition/object
  2. Exportable: property that allows the object to be exported outside of HSM for use in other applications. This property cannot be changed once the object has been created. The console's default option is to create the key as non-exportable.
  3. Size: number of bits in the key, varies according to the type of key. For DES, DESX and ARC4 keys, the size is fixed.

Below are some screens for creating keys and objects. The data entered by users is in bold. For more details on the specific characteristics of each type of object, see the Partition topic.

DES

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - DES

Key Name (HSM) : myDES
Size (bits) : (56)
Exportable (y/[n]):

Key created successfully.

Key myDES : des, 64 bits, not exportable, encrypted


Press ENTER key to continue...

3DES

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - 3DES

Key Name (HSM) : my3DES
Size (bits) :
 1 - 112
 2 - 168
Option : 2

Exportable (y/[n]):

Key created successfully.

Key my3DES : 3des168, 192 bits, not exportable, encrypted


Press ENTER key to continue...

AES

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - AES

Key Name (HSM) : myAES
Size (bits) :
 1 - 128
 2 - 192
 3 - 256
Option : 3

Exportable (y/[n]):

Key created successfully.

Key myAES : aes256, 256 bits, not exportable, encrypted


Press ENTER key to continue...

RSA

RSA keys in HSM are created with public exponent value 65537 (\(2^{16} + 1\)) or in hexadecimal, 0x10001.

Danger

It is possible to set the public exponent to the value 03 (hexadecimal 0x03) but this should only be used in scenarios where there is a need for compatibility with older systems (usually PoS's or ATMs) that do not support the 65537 exponent. There are security implications.

Consult your supplier's support if you need to set the public exponent to the value 03.

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - RSA

Key Name (HSM) : myRSA
RSA key size (bits) :
 1 - 512
 2 - 1024
 3 - 1152
 4 - 1408
 5 - 1536
 6 - 1976
 7 - 1984
 8 - 2048
 9 - 4096
10 - 8192
11 - 2304
12 - 2560
13 - 2816
14 - 3072
Option : 8

Exportable (y/[n]):

Key created successfully.

Key myRSA : rsa2048, 2048 bits, not exportable, encrypted


Press ENTER key to continue...

ECC

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - ECC

Key Name (HSM) : myECC
Curve :
 1 - SecG Random 2 - SecG Koblitz 3 - NIST Random
 4 - ISO X9.62 5 - Brainpool
Option : 1

Size (bits) :
 1 - 112 2 - 128 3 - 160
 4 - 192 5 - 224 6 - 256
 7 - 384 8 - 521
Option : 6

Exportable (y/[n]):

Key created successfully.

Key myECC : prime256v1, 256 bits, not exportable, encrypted


Press ENTER key to continue...

ECX

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - ECX

Key Name (HSM) : myECX
Curve :
 1 - EdDSA25519
 2 - EdDSA448
 3 - X25519
 4 - X448
Option : 2

Exportable (y/[n]):

Key created successfully.

Key myECX : Ed448, 448 bits, not exportable, encrypted


Press ENTER key to continue...

MAP

Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks

HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Keys/Objects - Create - MAP

MAP Name (HSM) : mymap
Slot 1: myDES
Slot 2: my string

Map created successfully.


Press ENTER key to continue...