Detailed description

Managing the life cycle of cryptographic keys in HSM.

Functions
byte[]	getUserKey (String strKeyName, int nFlags) throws TacException
	Retrieves the context of a key, as long as the current User has access, stored within the HSM.

byte[]	getUserKey (String strKeyName) throws TacException
	Retrieves the context of a key, as long as the current User has access, stored within the HSM.

byte[]	getUserKeyOffline (String strKeyName, int algId, boolean isTemporary, boolean isExportable) throws TacException
	Retrieves the context of a key, without verifying the information passed, as long as the current User has access, stored within the HSM.

void	deleteKey (String keyId) throws TacException
	Turn off the key.

void	deleteKeyIfExists (String keyId) throws TacException
	Delete the key if it exists.

byte[]	createKeyMaterial (int keyAlg) throws TacException
	It creates a new cryptographic key and returns its content without persisting it in the HSM.

void	createKey (String keyId, int keyAlg, boolean exportable) throws TacException
	It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

void	createKey (String keyId, int keyAlg) throws TacException
	It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

void	createKey (String keyId, int keyAlg, int dwFlags) throws TacException
	It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

byte[]	exportKey (String szKey, int dwBlobType) throws TacException
	Exports an HSM key to the local machine.

byte[]	exportKey (String szKey, byte[] hKEKey, int dwBlobType) throws TacException
	Exports an HSM key to the local machine.

byte[]	exportKey (byte[] hKey, byte[] hKEKey, int dwBlobType) throws TacException
	Exports an HSM key to the local machine.

void	importKey (String szKey, int dwBlobType, int nAlgId, byte[] pbInData, boolean isExportable) throws TacException
	Import a key from the local machine to the HSM.

void	importKey (String szKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData, int dwInDataLen) throws TacException
	Import a key from the local machine to the HSM.

void	importKey (String szKey, byte[] hKEKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData, byte[] hKey) throws TacException
	Import a key from the local machine to the HSM.

byte[]	importKey (String szKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData) throws TacException
	Import a key from the local machine to the HSM.

void	importKey (String szKey, byte[] hKEKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData, int dwInDataLen, byte[] hKey) throws TacException
	Import a key from the local machine to the HSM.

void	PKCS12Import (String szPathFile, String szPassword, String szKey, String szCert, boolean isExportable) throws TacException
	Imports a key/certificate from a file in PKCS#12 format into the HSM.

void	importPKCS12 (String szPathFile, String szPassword, String szKey, String szCert, boolean isExportable) throws TacException
	Imports a key/certificate from a file in PKCS#12 format into the HSM.

void	importPKCS12 (byte[] pbPkcs12, String szPassword, String szKey, String szCert, boolean isExportable) throws TacException
	Imports a key/certificate from a buffer in PKCS#12 format into the HSM.

void	importPKCS12 (byte[] pbPkcs12, String szPassword, String szKey, int nKeyAttr, String szCert, String szPubKey, int nReserved) throws TacException
	Imports a key/certificate from a buffer in PKCS#12 format into the HSM.

byte[]	exportPKCS12 (String password, String key, String cert, String strReserved, int dwFlags) throws TacException
	Exports an HSM key and certificate in PKCS#12 format.

byte[]	exportPKCS12 (String password, String key, String cert) throws TacException
	Exports an HSM key and certificate in PKCS#12 format.

byte[]	PKCS8ExportKey (String szKeyId, String szSecret) throws TacException
	Exports an asymmetric key in a file in PKCS#8 format to the HSM.

void	PKCS8ImportKey (String szKeyId, String szSecret, int dwKeyAlg, byte[] bKeyEnvelope, boolean isExportable) throws TacException
	Imports an asymmetric key from a file in PKCS#8 format into the HSM.

int	getAlgId (byte[] ctxKey) throws TacException
	Retrieves the key's algorithm.

int	getAlgId (String keyId) throws TacException
	Retrieves the key's algorithm.

byte[]	readObject (String szObject) throws TacException
	Exports an HSM object to the local machine.

void	writeObject (String szObject, byte[] jbObjectData) throws TacException
	Import an object from the local machine to the HSM.

byte[]	getKeyHandle (String keyId) throws TacException
	Retrieves a key handle.

void	releaseKeyHandle (byte[] keyHandle) throws TacException
	Releases a key handle.

boolean	isKeyExportable (byte[] keyHandle) throws TacException
	Check that the key is exportable.

boolean	isKeyExportable (String keyId) throws TacException
	Check that the key is exportable.

void	setObjLabel (String objId, String label) throws TacException
	Defines the label attribute of the object's metadata.

void	createMap (String mapId, String objId1, int objId1Alg, String objId2, int objId2Alg) throws TacException
	Creates a mapping object (MAP) within the HSM.

String[]	listObjects () throws TacException
	Lists the HSM objects.

Functions

◆ getUserKey() [1/2]

byte[] getUserKey	(	String	strKeyName,
		int	nFlags ) throws TacException

Retrieves the context of a key, as long as the current User has access, stored within the HSM.

This function does not create a new key.

Parameters

strKeyName	Key identifier in the HSM.
nFlags

Return: Byte array representing a handle to the key and not its contents.

Exceptions

TacException Exception for errors in retrieving the key context.

Obsolete

◆ getUserKey() [2/2]

byte[] getUserKey ( String strKeyName ) throws TacException

Retrieves the context of a key, as long as the current User has access, stored within the HSM.

This function does not create a new key.

Parameters

strKeyName Key identifier in the HSM.

Return: Byte array representing a handle to the key and not its contents.

Exceptions

TacException Exception for errors in retrieving the key context.

◆ getUserKeyOffline()

byte[] getUserKeyOffline	(	String	strKeyName,
		int	algId,
		boolean	isTemporary,
		boolean	isExportable ) throws TacException

Retrieves the context of a key, without verifying the information passed, as long as the current User has access, stored within the HSM.

This function does not create a new key.

Parameters

strKeyName	Key identifier in the HSM.
algId	Key algorithm.
isTemporary	Tells you if the key is temporary.
isExportable	Informs whether the key is exportable.

Return: Byte array representing a handle to the key and not its contents.

Exceptions

TacException Exception for errors in retrieving the key context.

◆ deleteKey()

void deleteKey ( String keyId ) throws TacException

Turn off the key.

Parameters

keyId Key identifier

Exceptions

TacException

◆ deleteKeyIfExists()

void deleteKeyIfExists ( String keyId ) throws TacException

Delete the key if it exists.

It does not return an error if it does not exist.

Parameters

keyId Key identifier

Exceptions

TacException

◆ createKeyMaterial()

byte[] createKeyMaterial ( int keyAlg ) throws TacException

It creates a new cryptographic key and returns its content without persisting it in the HSM.

Parameters

keyAlg

Algorithm to be used:
Symmetric Keys

Value	Meaning
TacNDJavaLib.ALG_DES	56-bit DES with odd parity.
TacNDJavaLib.ALG_3DES_112	112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_3DES_168	168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_DESX	DESX of 192 bits. The effective size is 118 bits.
TacNDJavaLib.ALG_AES_128	128-bit AES.
TacNDJavaLib.ALG_AES_192	AES with 192 bits.
TacNDJavaLib.ALG_AES_256	256-bit AES.
TacNDJavaLib.ALG_ARC4	ARC4 with 128 bits.

Exceptions

Exception

◆ createKey() [1/3]

void createKey	(	String	keyId,
		int	keyAlg,
		boolean	exportable ) throws TacException

It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

The key generated will be exportable.

Parameters

keyId Key identifier

keyAlg

Algorithm to be used:
Symmetric Keys

Value	Meaning
TacNDJavaLib.ALG_DES	56-bit DES with odd parity.
TacNDJavaLib.ALG_3DES_112	112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_3DES_168	168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_DESX	DESX of 192 bits. The effective size is 118 bits.
TacNDJavaLib.ALG_AES_128	128-bit AES.
TacNDJavaLib.ALG_AES_192	AES with 192 bits.
TacNDJavaLib.ALG_AES_256	256-bit AES.
TacNDJavaLib.ALG_ARC4	ARC4 with 128 bits.

RSA Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_RSA_512	RSA with 512-bit module.
TacNDJavaLib.ALG_RSA_1024	RSA with 1024-bit modulus.
TacNDJavaLib.ALG_RSA_2048	RSA with 2048-bit module.
TacNDJavaLib.ALG_RSA_4096	RSA with 4096-bit module.
TacNDJavaLib.ALG_RSA_1152	RSA with 1152-bit module.
TacNDJavaLib.ALG_RSA_1408	RSA with 1408-bit module.
TacNDJavaLib.ALG_RSA_1984	RSA with 1984-bit module.

ECC Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_ECC_SECP112R1	SECG/WTLS curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters).
TacNDJavaLib.ALG_ECC_SECP112R2	SECG curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP128R1	SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP128R2	SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP160K1	SECG curve over a finite prime body of 160 bits(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP160R1	SECG curve over a finite prime body of 160 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP160R2	SECG/WTLS curve over a 160-bit finite prime body(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP192K1	SECG curve over a finite 192-bit prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP192R1	SECG/X9.62/NIST curve over a finite 192-bit prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP224K1	SECG curve over a 224-bit finite prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP224R1	SECG/NIST curve over a 224-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP256K1	SECG curve over a 256-bit finite prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP256R1	SECG/X9.62 curve over a 256-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP384R1	SECG/NIST curve over a finite prime body of 384 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP521R1	SECG/NIST curve over a finite prime body of 521 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V1	X9.62 curve over a finite 192-bit prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V2	X9.62 curve over a finite 192-bit prime body(version 2 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V3	X9.62 curve over a finite 192-bit prime body(version 3 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V1	X9.62 curve over a 239-bit finite prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V2	X9.62 curve over a 239-bit finite prime body(version 2 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V3	X9.62 curve over a 239-bit finite prime body(version 3 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME256V1	X9.62 curve over a 256-bit finite prime body(version 1 domain parameters).

exportable The key can be exported from the HSM if set to true.

Exceptions

Exception

◆ createKey() [2/3]

void createKey	(	String	keyId,
		int	keyAlg ) throws TacException

It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

The key generated will be exportable.

Parameters

keyId Key identifier

keyAlg

Algorithm to be used:

Symmetric Keys

Value	Meaning
TacNDJavaLib.ALG_DES	56-bit DES with odd parity.
TacNDJavaLib.ALG_3DES_112	112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_3DES_168	168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_DESX	DESX of 192 bits. The effective size is 118 bits.
TacNDJavaLib.ALG_AES_128	128-bit AES.
TacNDJavaLib.ALG_AES_192	AES with 192 bits.
TacNDJavaLib.ALG_AES_256	256-bit AES.
TacNDJavaLib.ALG_ARC4	ARC4 with 128 bits.

RSA Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_RSA_512	RSA with 512-bit module.
TacNDJavaLib.ALG_RSA_1024	RSA with 1024-bit modulus.
TacNDJavaLib.ALG_RSA_2048	RSA with 2048-bit module.
TacNDJavaLib.ALG_RSA_4096	RSA with 4096-bit module.
TacNDJavaLib.ALG_RSA_1152	RSA with 1152-bit module.
TacNDJavaLib.ALG_RSA_1408	RSA with 1408-bit module.
TacNDJavaLib.ALG_RSA_1984	RSA with 1984-bit module.

ECC Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_ECC_SECP112R1	SECG/WTLS curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters).
TacNDJavaLib.ALG_ECC_SECP112R2	SECG curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP128R1	SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP128R2	SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP160K1	SECG curve over a finite prime body of 160 bits(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP160R1	SECG curve over a finite prime body of 160 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP160R2	SECG/WTLS curve over a 160-bit finite prime body(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP192K1	SECG curve over a finite 192-bit prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP192R1	SECG/X9.62/NIST curve over a finite 192-bit prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP224K1	SECG curve over a 224-bit finite prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP224R1	SECG/NIST curve over a 224-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP256K1	SECG curve over a 256-bit finite prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP256R1	SECG/X9.62 curve over a 256-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP384R1	SECG/NIST curve over a finite prime body of 384 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP521R1	SECG/NIST curve over a finite prime body of 521 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V1	X9.62 curve over a finite 192-bit prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V2	X9.62 curve over a finite 192-bit prime body(version 2 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V3	X9.62 curve over a finite 192-bit prime body(version 3 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V1	X9.62 curve over a 239-bit finite prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V2	X9.62 curve over a 239-bit finite prime body(version 2 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V3	X9.62 curve over a 239-bit finite prime body(version 3 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME256V1	X9.62 curve over a 256-bit finite prime body(version 1 domain parameters).

Exceptions

Exception

◆ createKey() [3/3]

void createKey	(	String	keyId,
		int	keyAlg,
		int	dwFlags ) throws TacException

It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

Parameters

keyId Key identifier

keyAlg

Algorithm to be used:

Symmetric Keys

Value	Meaning
TacNDJavaLib.ALG_DES	56-bit DES with odd parity.
TacNDJavaLib.ALG_3DES_112	112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_3DES_168	168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity.
TacNDJavaLib.ALG_DESX	DESX of 192 bits. The effective size is 118 bits.
TacNDJavaLib.ALG_AES_128	128-bit AES.
TacNDJavaLib.ALG_AES_192	AES with 192 bits.
TacNDJavaLib.ALG_AES_256	256-bit AES.
TacNDJavaLib.ALG_ARC4	ARC4 with 128 bits.

RSA Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_RSA_512	RSA key pair with 512-bit modulus.
TacNDJavaLib.ALG_RSA_1024	RSA key pair with 1024-bit modulus.
TacNDJavaLib.ALG_RSA_2048	RSA key pair with 2048-bit modulus.
TacNDJavaLib.ALG_RSA_4096	RSA key pair with 4096-bit modulus.
TacNDJavaLib.ALG_RSA_1152	RSA key pair with 1152-bit modulus.
TacNDJavaLib.ALG_RSA_1408	RSA key pair with 1408-bit modulus.
TacNDJavaLib.ALG_RSA_1536	RSA key pair with 1536-bit modulus.
TacNDJavaLib.ALG_RSA_1976	RSA key pair with 1976-bit module.
TacNDJavaLib.ALG_RSA_1984	RSA key pair with 1984-bit modulus.
TacNDJavaLib.ALG_RSA_8192	RSA key pair with 8192-bit modulus.
TacNDJavaLib.ALG_RSA_2304	RSA key pair with 2304-bit modulus.
TacNDJavaLib.ALG_RSA_2560	RSA key pair with 2560-bit modulus.
TacNDJavaLib.ALG_RSA_2816	RSA key pair with 2816-bit modulus.
TacNDJavaLib.ALG_RSA_3072	RSA key pair with 3072-bit modulus.

ECC Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_ECC_SECP112R1	SECG/WTLS curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters).
TacNDJavaLib.ALG_ECC_SECP112R2	SECG curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP128R1	SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP128R2	SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP160K1	SECG curve over a finite prime body of 160 bits(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP160R1	SECG curve over a finite prime body of 160 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP160R2	SECG/WTLS curve over a 160-bit finite prime body(verifiably random elliptic curve domain parameters 2).
TacNDJavaLib.ALG_ECC_SECP192K1	SECG curve over a finite 192-bit prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP192R1	SECG/X9.62/NIST curve over a finite 192-bit prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP224K1	SECG curve over a 224-bit finite prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP224R1	SECG/NIST curve over a 224-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP256K1	SECG curve over a 256-bit finite prime body(koblitz domain parameters ).
TacNDJavaLib.ALG_ECC_SECP256R1	SECG/X9.62 curve over a 256-bit finite prime body(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP384R1	SECG/NIST curve over a finite prime body of 384 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_SECP521R1	SECG/NIST curve over a finite prime body of 521 bits(verifiably random elliptic curve domain parameters 1).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V1	X9.62 curve over a finite 192-bit prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V2	X9.62 curve over a finite 192-bit prime body(version 2 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME192V3	X9.62 curve over a finite 192-bit prime body(version 3 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V1	X9.62 curve over a 239-bit finite prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V2	X9.62 curve over a 239-bit finite prime body(version 2 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME239V3	X9.62 curve over a 239-bit finite prime body(version 3 domain parameters).
TacNDJavaLib.ALG_ECC_X9_62_PRIME256V1	X9.62 curve over a 256-bit finite prime body(version 1 domain parameters).
TacNDJavaLib.ALG_ECC_BRAINPOOL_P160R1	RFC 5639 Brainpool curve over a 160-bit finite prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P160T1	RFC 5639 Brainpool curve over a 160-bit finite prime body(twisted domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P192R1	RFC 5639 Brainpool curve over a finite 192-bit prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P192T1	RFC 5639 Brainpool curve over a finite 192-bit prime body(twisted domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P224R1	RFC 5639 Brainpool curve over a finite 224-bit prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P224T1	RFC 5639 Brainpool curve over a 224-bit finite prime body(twisted domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P256R1	RFC 5639 Brainpool curve over a 256-bit finite prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P256T1	RFC 5639 Brainpool curve over a 256-bit finite prime body(twisted domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P320R1	RFC 5639 Brainpool curve over a 320-bit finite prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P320T1	RFC 5639 Brainpool curve over a 320-bit finite prime body(twisted domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P384R1	RFC 5639 Brainpool curve over a finite 384-bit prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P384T1	RFC 5639 Brainpool curve over a finite 384-bit prime body(twisted domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P512R1	RFC 5639 Brainpool curve over a 512-bit finite prime body(verifiably random domain parameters 1)
TacNDJavaLib.ALG_ECC_BRAINPOOL_P512T1	RFC 5639 Brainpool curve over a 512-bit finite prime body(twisted domain parameters 1)

ECX Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_ECX_ED25519	RFC 8032 curve (signature only) over a finite prime body of ~256 bits.
TacNDJavaLib.ALG_ECX_ED448	RFC 8032 curve (signature only) over a finite prime body of ~448 bits.
TacNDJavaLib.ALG_ECX_X25519	RFC 7748 curve ( key-agreement only) over a finite prime body of ~256 bits.
TacNDJavaLib.ALG_ECX_X448	RFC 7748 curve ( key-agreement only) over a finite prime body of ~448 bits.

HMAC Keys

Value	Meaning
TacNDJavaLib.ALG_HMAC_MD5	HMAC MD5 key with a size of 16 bytes.
TacNDJavaLib.ALG_HMAC_SHA1	HMAC SHA1 key with a size of 20 bytes.
TacNDJavaLib.ALG_HMAC_SHA2_256	HMAC SHA2 256 key with a size of 32 bytes.
TacNDJavaLib.ALG_HMAC_SHA2_384	HMAC SHA2 384 key with a size of 48 bytes.
TacNDJavaLib.ALG_HMAC_SHA2_512	HMAC SHA2 512 key with a size of 64 bytes.

dwFlags

Additional key parameters.

Value	Meaning
TacNDJavaLib.EXPORTABLE_KEY	The key can be exported from the HSM.
TacNDJavaLib.TEMPORARY_KEY	The key will only exist while the session is active. It will be destroyed when the session is closed. The szKeyId parameter, the key identifier, must be NULL.

In addition to the values in the previous table, you can add a key usage profile definition.

You can define the key usage profile (Attribute Usage-profile), using only one of the values below. If none of the values below are specified, the key profile is set to free for any use. It is mandatory to define the usage profile when the HSM is in RM3 mode.

Value	Meaning
TacNDJavaLib.AUP_DIG_SIG	signature generation/verification
TacNDJavaLib.AUP_DATA_CRYPTO	data encryption/decryption
TacNDJavaLib.AUP_KeK	key wrapping/unwrapping
TacNDJavaLib.AUP_MAC	MAC generation/verification
TacNDJavaLib.AUP_KDF	key derivation function
TacNDJavaLib.AUP_CRYPTOGRAM	cryptogram generation/verification
TacNDJavaLib.AUP_KEY_TRANSLATE	key translation
TacNDJavaLib.AUP_EFT_CVK	VSC generation/verification
TacNDJavaLib.AUP_EFT_VISA_PVK	PVP generation
TacNDJavaLib.AUP_EFT_IBM_3624	PIN generation/validation
TacNDJavaLib.AUP_EFT_PEK	PIN encryption/decryption
TacNDJavaLib.AUP_EFT_BDK	DUKPT
TacNDJavaLib.AUP_EFT_IPEK	DUKPT IPEK
TacNDJavaLib.AUP_EMV_IMK	ICC derivation MK, IDN
TacNDJavaLib.AUP_EMV_IMKDAC	ICC DAC shunt
TacNDJavaLib.AUP_EMV_IMKENC	ICC data encryption - PinBlock
TacNDJavaLib.AUP_EMV_IMKMAC	ICC data cryptogram - EmvMac
TacNDJavaLib.AUP_EMV_KeK	ICC MK wrapping
TacNDJavaLib.AUP_EMV_IMKKDF	EMV key derivation
TacNDJavaLib.AUP_EMV_IMKACRYPTO	ARPC calculation
TacNDJavaLib.AUP_EFT_KeK	EFT key wrapping/unwrapping
TacNDJavaLib.AUP_EMV_DIG_SIG	EMV signature generation/verification
TacNDJavaLib.AUP_EFT_TR31_KBPK	TR31 key-block protection key
TacNDJavaLib.AUP_EFT_TR34_PK	signature/envelope TR34
TacNDJavaLib.AUP_SPB_PK	SPB signature generation/verification and key wrapping

Exceptions

Exception

◆ exportKey() [1/3]

byte[] exportKey	(	String	szKey,
		int	dwBlobType ) throws TacException

Exports an HSM key to the local machine.

Parameters

szKey	Name of the key to be exported.
dwBlobType	Output buffer format. See importKey for a list of supported types.

Return: Buffer containing the exported object.

Exceptions

TacException

◆ exportKey() [2/3]

byte[] exportKey	(	String	szKey,
		byte[]	hKEKey,
		int	dwBlobType ) throws TacException

Exports an HSM key to the local machine.

Parameters

szKey	Name of the key to be exported.
hKEKey	Context of the key with which the key block will be encrypted - KEK (key encryption key).
dwBlobType	Output buffer format. See importKey for a list of supported types.

Return: Buffer containing the exported object.

Exceptions

TacException

◆ exportKey() [3/3]

byte[] exportKey	(	byte[]	hKey,
		byte[]	hKEKey,
		int	dwBlobType ) throws TacException

Exports an HSM key to the local machine.

Parameters

hKey	Context of the key to be exported.
hKEKey	Context of the key with which the key block will be encrypted - KEK (key encryption key).
dwBlobType	Output buffer format. See importKey for a list of supported types.

Return: Buffer containing the exported object.

Exceptions

TacException

◆ importKey() [1/5]

void importKey	(	String	szKey,
		int	dwBlobType,
		int	nAlgId,
		byte[]	pbInData,
		boolean	isExportable ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey Name that the imported key will have inside the HSM.

dwBlobType

Output buffer format.

Value	Meaning
TacNDJavaLib.PRIVATEKEY_BLOB_STRICT	An RSA or EC key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key (internal to the HSM see PUBLICKEY_BLOB_HSM) or NULL. The following formats are accepted. For RSA: Private key (containing modulus information and public exponent), defined in PKCS#1 v1.5 section 7.2. For ECC keys must have the ECPrivateKey format described in RFC 5915. For ECX keys (EdDSA and XECDH) the format is that described in RFC 8410.
TacNDJavaLib.PRIVATEKEY_BLOB	Same behavior as TacNDJavaLib.PRIVATEKEY_BLOB_STRICT but in older versions of HSM it can return RSA keys as a concatenation of private key and public key in the formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2. This option is kept for compatibility. Use TacNDJavaLib.PRIVATEKEY_BLOB_STRICT.
TacNDJavaLib.PUBLICKEY_BLOB	A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented).
TacNDJavaLib.SIMPLE_BLOB	A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
TacNDJavaLib.PLAINTEXTKEY_BLOB	This flag is not yet supported for RSA keys.
TacNDJavaLib.RAW_BLOB	The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly.
TacNDJavaLib.SIMPLE_BLOB_OAEP	Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode.
TacNDJavaLib.SYM_WRAPPED_KEY_BLOB	Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.HOTP_BLOB	Defines the import of an HTOP object into the User's domain.
TacNDJavaLib.PUBLICKEY_BLOB_HSM	A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below.

Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM.

Value	Meaning
TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB	RSA key imported in PKCS#1 format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB	ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB	RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.

nAlgId Algorithm of the imported key. See createKey.

isExportable Signals that the imported key will be exportable.

pbInData Buffer containing the key to be imported, as specified in dwBlobType.

Exceptions

TacException

◆ importKey() [2/5]

void importKey	(	String	szKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData,
		int	dwInDataLen ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey Name that the imported key will have inside the HSM.

dwBlobType

Output buffer format.

Value	Meaning
TacNDJavaLib.PRIVATEKEY_BLOB	An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2.
TacNDJavaLib.PUBLICKEY_BLOB	A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented).
TacNDJavaLib.SIMPLE_BLOB	A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
TacNDJavaLib.PLAINTEXTKEY_BLOB	This flag is not yet supported for RSA keys.
TacNDJavaLib.RAW_BLOB	The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly.
TacNDJavaLib.SIMPLE_BLOB_OAEP	Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode.
TacNDJavaLib.SYM_WRAPPED_KEY_BLOB	Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.HOTP_BLOB	Defines the import of an HTOP object into the User's domain.
TacNDJavaLib.PUBLICKEY_BLOB_HSM	A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below.

Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM.

Value	Meaning
TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB	RSA key imported in PKCS#1 format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB	ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB	RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.

nAlgId Algorithm of the imported key. See createKey.

dwFlags Additional key parameters. See createKey.

pbInData Buffer containing the key to be imported, as specified in dwBlobType.

dwInDataLen Size of the pbInData buffer to be imported.

Exceptions

TacException

◆ importKey() [3/5]

void importKey	(	String	szKey,
		byte[]	hKEKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData,
		byte[]	hKey ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey Name that the imported key will have inside the HSM.

hKEKey Context of the key with which the blob of the key to be imported is encrypted - KEK (key encryption key)

dwBlobType

Output buffer format.

Value	Meaning
TacNDJavaLib.PRIVATEKEY_BLOB	An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2.
TacNDJavaLib.PUBLICKEY_BLOB	A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented).
TacNDJavaLib.SIMPLE_BLOB	A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
TacNDJavaLib.PLAINTEXTKEY_BLOB	This flag is not yet supported for RSA keys.
TacNDJavaLib.RAW_BLOB	The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly.
TacNDJavaLib.SIMPLE_BLOB_OAEP	Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode.
TacNDJavaLib.SYM_WRAPPED_KEY_BLOB	Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.HOTP_BLOB	Defines the import of an HTOP object into the User's domain.
TacNDJavaLib.PUBLICKEY_BLOB_HSM	A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below.
TacNDJavaLib.WRAPPED_KEY_BLOB	Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.WRAPPED_KEY_BLOB_P8	Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8.

Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM.

Value	Meaning
TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB	RSA key imported in PKCS#1 format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB	ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB	RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.

nAlgId Algorithm of the imported key. See createKey.

dwFlags Additional key parameters. See createKey.

pbInData Buffer containing the key to be imported, as specified in dwBlobType.

hKey Context of the imported key.

Exceptions

TacException

◆ importKey() [4/5]

byte[] importKey	(	String	szKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey Name that the imported key will have inside the HSM.

dwBlobType

Output buffer format.

Value	Meaning
TacNDJavaLib.PRIVATEKEY_BLOB	An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2.
TacNDJavaLib.PUBLICKEY_BLOB	A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented).
TacNDJavaLib.SIMPLE_BLOB	A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
TacNDJavaLib.PLAINTEXTKEY_BLOB	This flag is not yet supported for RSA keys.
TacNDJavaLib.RAW_BLOB	The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly.
TacNDJavaLib.SIMPLE_BLOB_OAEP	Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode.
TacNDJavaLib.SYM_WRAPPED_KEY_BLOB	Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.HOTP_BLOB	Defines the import of an HTOP object into the User's domain.
TacNDJavaLib.PUBLICKEY_BLOB_HSM	A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below.
TacNDJavaLib.WRAPPED_KEY_BLOB	Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.WRAPPED_KEY_BLOB_P8	Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8.

Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM.

Value	Meaning
TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB	RSA key imported in PKCS#1 format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB	ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB	RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.

nAlgId Algorithm of the imported key. See createKey.

dwFlags Additional key parameters. See createKey.

pbInData Buffer containing the key to be imported, as specified in dwBlobType.

Exceptions

TacException

◆ importKey() [5/5]

void importKey	(	String	szKey,
		byte[]	hKEKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData,
		int	dwInDataLen,
		byte[]	hKey ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey Name that the imported key will have inside the HSM.

hKEKey Context of the key with which the blob of the key to be imported is encrypted - KEK (key encryption key)

dwBlobType

Output buffer format.

Value	Meaning
TacNDJavaLib.PRIVATEKEY_BLOB	An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2.
TacNDJavaLib.PUBLICKEY_BLOB	A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented).
TacNDJavaLib.SIMPLE_BLOB	A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
TacNDJavaLib.PLAINTEXTKEY_BLOB	This flag is not yet supported for RSA keys.
TacNDJavaLib.RAW_BLOB	The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly.
TacNDJavaLib.SIMPLE_BLOB_OAEP	Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode.
TacNDJavaLib.SYM_WRAPPED_KEY_BLOB	Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.HOTP_BLOB	Defines the import of an HTOP object into the User's domain.
TacNDJavaLib.PUBLICKEY_BLOB_HSM	A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below.
TacNDJavaLib.WRAPPED_KEY_BLOB	Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
TacNDJavaLib.WRAPPED_KEY_BLOB_P8	Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8.

Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM.

Value	Meaning
TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB	RSA key imported in PKCS#1 format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB	ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB	RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.

nAlgId Algorithm of the imported key. See createKey.

dwFlags Additional key parameters. See createKey.

pbInData Buffer containing the key to be imported, as specified in dwBlobType.

dwInDataLen Size of the pbInData buffer to be imported.

hKey Context of the imported key.

Exceptions

TacException

◆ PKCS12Import()

void PKCS12Import	(	String	szPathFile,
		String	szPassword,
		String	szKey,
		String	szCert,
		boolean	isExportable ) throws TacException

Imports a key/certificate from a file in PKCS#12 format into the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
szPathFile	Location of the physical PFX file to be imported.
szPassword	Password to open PFX file.
szCert	Name that the imported certificate will have within the HSM.
isExportable	Import the key in exportable form.

Obsolete

Exceptions

TacException

◆ importPKCS12() [1/3]

void importPKCS12	(	String	szPathFile,
		String	szPassword,
		String	szKey,
		String	szCert,
		boolean	isExportable ) throws TacException

Imports a key/certificate from a file in PKCS#12 format into the HSM.

Parameters

szPathFile	Location of the physical PFX file to be imported.
szPassword	Password to open PFX file.
szKey	Name that the imported key will have inside the HSM.
szCert	Name that the imported certificate will have within the HSM.
isExportable	Import the key in exportable form.

Exceptions

TacException

◆ importPKCS12() [2/3]

void importPKCS12	(	byte[]	pbPkcs12,
		String	szPassword,
		String	szKey,
		String	szCert,
		boolean	isExportable ) throws TacException

Imports a key/certificate from a buffer in PKCS#12 format into the HSM.

Parameters

pbPkcs12	PKCS#12.
szPassword	Password for PKCS#12.
szKey	Name that the imported key will have inside the HSM.
szCert	Name that the imported certificate will have within the HSM.
isExportable	Import the private key in exportable form.

Exceptions

TacException

◆ importPKCS12() [3/3]

void importPKCS12	(	byte[]	pbPkcs12,
		String	szPassword,
		String	szKey,
		int	nKeyAttr,
		String	szCert,
		String	szPubKey,
		int	nReserved ) throws TacException

Imports a key/certificate from a buffer in PKCS#12 format into the HSM.

Parameters

pbPkcs12	PKCS#12.
szPassword	Password for PKCS#12.
szKey	Name that the imported key will have inside the HSM.
nKeyAttr	Attributes of the key that will be imported into the HSM. See possible options in the dwFlags parameter at Dinamo.createKey().
szCert	Name that the imported certificate will have within the HSM.
szPubKey	Name that the imported public key will have inside the HSM. Can be null to not import the public key object.
nReserved	Reserved for future use. Must be 0.

Exceptions

TacException

◆ exportPKCS12() [1/2]

byte[] exportPKCS12	(	String	password,
		String	key,
		String	cert,
		String	strReserved,
		int	dwFlags ) throws TacException

Exports an HSM key and certificate in PKCS#12 format.

Parameters

password Password for PFX protection.

key Name of the key to be exported to PFX.

cert Name of the certificate to be exported to PFX.

strReserved Reserved for future use.

dwFlags

Pass 0 or one of the options in the table below.

Attribute	Value
DN_EXPORT_P12_LEGACY	It exports the key and certificate and generates the PKCS#12 file in software.

Return: Array of bytes in PFX format containing the specified key and certificate.

Exceptions

TacException

◆ exportPKCS12() [2/2]

byte[] exportPKCS12	(	String	password,
		String	key,
		String	cert ) throws TacException

Exports an HSM key and certificate in PKCS#12 format.

Parameters

password	Password for PFX protection.
key	Name of the key to be exported to PFX.
cert	Name of the certificate to be exported to PFX.

Return: Array of bytes in PFX format containing the specified key and certificate.

Exceptions

TacException

◆ PKCS8ExportKey()

byte[] PKCS8ExportKey	(	String	szKeyId,
		String	szSecret ) throws TacException

Exports an asymmetric key in a file in PKCS#8 format to the HSM.

Parameters

szKeyId	Key identification.
szSecret	Password for the PKCS#8 file (must be longer than 16 characters).

Exceptions

TacException

◆ PKCS8ImportKey()

void PKCS8ImportKey	(	String	szKeyId,
		String	szSecret,
		int	dwKeyAlg,
		byte[]	bKeyEnvelope,
		boolean	isExportable ) throws TacException

Imports an asymmetric key from a file in PKCS#8 format into the HSM.

Parameters

szKeyId Key identification.

szSecret Password for the PKCS#8 file (must be longer than 16 characters).

dwKeyAlg

Key algorithm identifier. RSA Asymmetric Keys

Value	Meaning
TacNDJavaLib.ALG_RSA_512	RSA with 512-bit module.
TacNDJavaLib.ALG_RSA_1024	RSA with 1024-bit modulus.
TacNDJavaLib.ALG_RSA_2048	RSA with 2048-bit module.
TacNDJavaLib.ALG_RSA_4096	RSA with 4096-bit module.
TacNDJavaLib.ALG_RSA_1152	RSA with 1152-bit module.
TacNDJavaLib.ALG_RSA_1408	RSA with 1408-bit module.
TacNDJavaLib.ALG_RSA_1984	RSA with 1984-bit module.

bKeyEnvelope Binary file format PKCS#8

isExportable Import the key in exportable form.

Exceptions

TacException

◆ getAlgId() [1/2]

int getAlgId ( byte[] ctxKey ) throws TacException

Retrieves the key's algorithm.

Parameters

ctxKey Handle of the key, retrieved by getKeyHandle().

Return

Exceptions

TacException

◆ getAlgId() [2/2]

int getAlgId ( String keyId ) throws TacException

Retrieves the key's algorithm.

Parameters

keyId Key identifier

Return

Exceptions

TacException

◆ readObject()

byte[] readObject ( String szObject ) throws TacException

Exports an HSM object to the local machine.

Parameters

szObject Name of the object to be exported.

Return: Buffer containing the exported object.

Exceptions

TacException

◆ writeObject()

void writeObject	(	String	szObject,
		byte[]	jbObjectData ) throws TacException

Import an object from the local machine to the HSM.

Parameters

szObject	Name of the object to be imported.
jbObjectData	Data of the object to be imported.

Exceptions

TacException

◆ getKeyHandle()

byte[] getKeyHandle ( String keyId ) throws TacException

Retrieves a key handle.

It must be released with the releaseKey() method.

Parameters

keyId Key identifier in text format

Return: key handle

Exceptions

TacException

◆ releaseKeyHandle()

void releaseKeyHandle ( byte[] keyHandle ) throws TacException

Releases a key handle.

Parameters

keyHandle Handle of the key retrieved by getKeyHandle().

Exceptions

TacException

◆ isKeyExportable() [1/2]

boolean isKeyExportable ( byte[] keyHandle ) throws TacException

Check that the key is exportable.

Parameters

keyHandle Handle of the key retrieved by getKeyHandle().

Return: Key status.

Exceptions

TacException

◆ isKeyExportable() [2/2]

boolean isKeyExportable ( String keyId ) throws TacException

Check that the key is exportable.

Parameters

keyId Key identifier.

Return: Key status.

Exceptions

TacException

◆ setObjLabel()

void setObjLabel	(	String	objId,
		String	label ) throws TacException

Defines the label attribute of the object's metadata.

Parameters

objId	Object identifier
label	Label

Exceptions

TacException

◆ createMap()

void createMap	(	String	mapId,
		String	objId1,
		int	objId1Alg,
		String	objId2,
		int	objId2Alg ) throws TacException

Creates a mapping object (MAP) within the HSM.

Parameters

mapId	Identifier of the PRT object.
objId1	Identifier of the object pointed to by the first slot in the PRT.
objId1Alg	Algorithm of the object indicated by objId1Alg. It can be any type of object (see createKey) or TacNDJavaLib.ALG_OBJ_NULL.
objId2	Identifier of the object pointed to by the second slot in the PRT.
objId2Alg	Algorithm of the object indicated by objId2Alg. It can be any type of object (see createKey) or TacNDJavaLib.ALG_OBJ_NULL.

Exceptions

Exception

◆ listObjects()

String[] listObjects ( ) throws TacException

Lists the HSM objects.

Return: Array of strings containing the list of objects in the HSM.

Exceptions

TacException