Generation
Main menu option: Generate. .
The generation of keys and objects is subdivided into three submenus:
- Symmetric keys: DES, 3DES, DESX, AES and ARC4
- Asymmetric keys: RSA and ECC/ECX
- Objects: MAP
For details on the types of keys and other objects available in HSM, see the topic Keys and Objects.
Types of keys for generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate
Symmetric keys Asymmetric keys Objects
1 - DES 17 - RSA 33 - MAP
2 - 3DES 18 - ECC
3 - DESX 19 - ECX
4 - AES
5 - ARC4
6 - HMAC
0 - Main Menu
Option:
Each type of key will have a number of different attributes that must be entered depending on the type of key, but some are common to all types:
- Name: uniquely identifies the object within the partition; can be up to 32 characters long and can use alphanumeric characters plus the underline (_). In HSM, object names are case-sensitive, i.e. there is a differentiation between uppercase and lowercase letters. As long as the authenticated user has permission to generate objects in other partition(s), the operation can be performed by indicating the name of the partition and the name of the object with the formation rule: partition/object
- Exportable: property that allows the object to be exported outside the HSM for use in other applications. This property cannot be changed once the object has been generated. The console's default option is to generate the key as non-exportable.
- Size: number of bits in the key, varies according to the type of key. For DES, DESX and ARC4 keys, the size is fixed.
Below are some screens for generating keys and objects. The data entered by users is in bold. For more details on the specific characteristics of each type of object, see the Partition topic.
DES
DES key generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - DES
Key Name (HSM) : myDES
Size (bits) : (56)
Exportable (y/[n]):
Key generated successfully.
Key myDES : des, 64 bits, not exportable, encrypted
Press ENTER key to continue...
3DES
3DES key generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - 3DES
Key Name (HSM) : my3DES
Size (bits) :
1 - 112
2 - 168
Option : 2
Exportable (y/[n]):
Key generated successfully.
Key my3DES : 3des168, 192 bits, not exportable, encrypted
Press ENTER key to continue...
AES
AES key generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - AES
Key Name (HSM) : myAES
Size (bits) :
1 - 128
2 - 192
3 - 256
Option : 3
Exportable (y/[n]):
Key generated successfully.
Key myAES : aes256, 256 bits, not exportable, encrypted
Press ENTER key to continue...
RSA
The RSA keys in the HSM are generated with exponential public value 65537 (216 + 1) or in hexadecimal, 0x10001.
Danger
It is possible to set the public exponent to the value 03 (hexadecimal 0x03) but this should only be used in scenarios where there is a need for compatibility with older systems (usually PoS's or ATMs) that do not support the 65537 exponent. There are security implications.
Consult your supplier's support if you need to set the public exponent to the value 03.
RSA key generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - RSA
Key Name (HSM) : myRSA
RSA key size (bits) :
1 - 512
2 - 1024
3 - 1152
4 - 1408
5 - 1536
6 - 1976
7 - 1984
8 - 2048
9 - 4096
10 - 8192
11 - 2304
12 - 2560
13 - 2816
14 - 3072
Option : 8
Exportable (y/[n]):
Key generated successfully.
Key myRSA : rsa2048, 2048 bits, not exportable, encrypted
Press ENTER key to continue...
ECC
ECC key generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - ECC
Key Name (HSM) : myECC
Curve :
1 - SecG Random 2 - SecG Koblitz 3 - NIST Random
4 - ISO X9.62 5 - Brainpool
Option : 1
Size (bits) :
1 - 112 2 - 128 3 - 160
4 - 192 5 - 224 6 - 256
7 - 384 8 - 521
Option : 6
Exportable (y/[n]):
Key generated successfully.
Key myECC : prime256v1, 256 bits, not exportable, encrypted
Press ENTER key to continue...
ECX
ECX key generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - ECX
Key Name (HSM) : myECX
Curve :
1 - EdDSA25519
2 - EdDSA448
3 - X25519
4 - X448
Option : 2
Exportable (y/[n]):
Key generated successfully.
Key myECX : Ed448, 448 bits, not exportable, encrypted
Press ENTER key to continue...
MAP
PRT generation
Dinamo - Remote Management Console v. 4.7.12.3 2018 (c) Dinamo Networks
HSM 127.0.0.1 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master
Keys/Objects - Generate - MAP
MAP Name (HSM) : mymap
Slot 1: myDES
Slot 2: my string
Map generated successfully.
Press ENTER key to continue...