|
API C/C++
HSM Dinamo
|
|
|
API C/C++
HSM Dinamo
|
Data tokenization and anonymization operations.
See the HSM technical documentation.
Functions | |
| int AAP_API | DSVaultGenToken(HSESSIONCTX hSession, DWORD dwOp, BYTE *pbInData, BYTE *pbTokenBlob, DWORD *pdwTokenBlobLen, char *szToken, DWORD dwReserved) |
| int AAP_API | DSVaultGetData(HSESSIONCTX hSession, DWORD dwOp, const char *szMK, const char *szMask, BYTE *pbTokenBlob, DWORD dwTokenBlobLen, char *szData, DWORD *pdwDataLen, DWORD dwReserved) |
| int AAP_API DSVaultGenToken | ( | HSESSIONCTX | hSession, |
| DWORD | dwOp, | ||
| BYTE * | pbInData, | ||
| BYTE * | pbTokenBlob, | ||
| DWORD * | pdwTokenBlobLen, | ||
| char * | szToken, | ||
| DWORD | dwReserved ) |
#include <dinamo.h>
It tokenizes a piece of data, generating a token blob and its respective token.
| [in] | hSession | Context acquired through the DOpenSession() function. . |
| [in] | dwOp | Type of operation. Must be 0. |
| [in] | pbInData | Input data for token generation. The SVAULT_GEN_TOKEN structure must be used. |
| [out] | pbTokenBlob | Buffer that will contain the token blob. Passing a buffer size D_SVAULT_TOKEN_BLOB_LEN at the entrance. pdwTokenBlobLen will contain the size of the output buffer. O token blob protects the secret and its metadata. This buffer must be saved and used when calling DSVaultGetData() for later recovery of the secret or token. |
| [in,out] | pdwTokenBlobLen | Size of pbTokenBlob. The entry contains the total size of the buffer pbTokenBlob and the output will contain the size of the copied data in pbTokenBlob. |
| [out] | szToken | String of length D_SVAULT_MAX_TL + 1 that will contain the generated token. NULL can be passed to not retrieve the generated token. The token can be retrieved again using the DSVaultGetData() API. |
| [in] | dwReserved | Reserved for future use (must be 0). |
| int AAP_API DSVaultGetData | ( | HSESSIONCTX | hSession, |
| DWORD | dwOp, | ||
| const char * | szMK, | ||
| const char * | szMask, | ||
| BYTE * | pbTokenBlob, | ||
| DWORD | dwTokenBlobLen, | ||
| char * | szData, | ||
| DWORD * | pdwDataLen, | ||
| DWORD | dwReserved ) |
#include <dinamo.h>
Retrieves the secret or token of tokenized data using a token blob. This API also allows the recovery of masked secret or token.
| [in] | hSession | Context acquired through the DOpenSession() function. . | ||||||
| [in] | dwOp | Type of operation. This can be one of the options below.
| ||||||
| [in] | szMK | Name of the key used for data protection. | ||||||
| [in] | szMask | Mask pattern that will be applied to the secret or token, according to the one defined when generating the token blob in DSVaultGenToken(). Buffer with a minimum size of D_SVAULT_MIN_TL and a maximum of D_SVAULT_MAX_TL containing the mask. It can be NULL so as not to use masking. The mask is a UTF-8 string containing the characters that will be applied to the data to mask it. Pass '\0' in the positions where you want the data to be displayed. See the notes for examples. | ||||||
| [in] | pbTokenBlob | Buffer of size D_SVAULT_TOKEN_BLOB_LEN, generated by the DSVaultGenToken() API, containing the token blob. | ||||||
| [in] | dwTokenBlobLen | Maximum size buffer of D_SVAULT_TOKEN_BLOB_LEN, generated by the DSVaultGenToken() API, containing the token blob. | ||||||
| [out] | szData | String that will contain the token or secret as specified in dwOp. You can use a size of D_SVAULT_MAX_TL + 1 to cover all current data. | ||||||
| [in,out] | pdwDataLen | String size szData. It should contain the size of szData and the return from the API will contain the total size of the copied data. | ||||||
| [in] | dwReserved | Reserved for future use (must be 0). |
Using the "***" mask will give us the following result.
Applying the "9999" mask will give us the following result.
Applying the "***\0\0\0***" mask will give the following result.