Keys

Detailed description

Managing the life cycle of cryptographic keys in HSM.

See the HSM technical documentation.

Functions
byte[]	getUserKey (String strKeyName, int nFlags) throws TacException
	Retrieves the context of a key, as long as the current User has access, stored within the HSM.
byte[]	getUserKey (String strKeyName) throws TacException
	Retrieves the context of a key, as long as the current User has access, stored within the HSM.
byte[]	getUserKeyOffline (String strKeyName, int algId, boolean isTemporary, boolean isExportable) throws TacException
	Retrieves the context of a key, without verifying the information passed, as long as the current User has access, stored within the HSM.
void	deleteKey (String keyId) throws TacException
	Turn off the key.
void	deleteKeyIfExists (String keyId) throws TacException
	Delete the key if it exists.
byte[]	createKeyMaterial (int keyAlg) throws TacException
	It creates a new cryptographic key and returns its content without persisting it in the HSM.
void	createKey (String keyId, int keyAlg, boolean exportable) throws TacException
	It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.
void	createKey (String keyId, int keyAlg) throws TacException
	It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.
void	createKey (String keyId, int keyAlg, int dwFlags) throws TacException
	It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.
byte[]	exportKey (String szKey, int dwBlobType) throws TacException
	Exports an HSM key to the local machine.
byte[]	exportKey (String szKey, byte[] hKEKey, int dwBlobType) throws TacException
	Exports an HSM key to the local machine.
byte[]	exportKey (byte[] hKey, byte[] hKEKey, int dwBlobType) throws TacException
	Exports an HSM key to the local machine.
void	importKey (String szKey, int dwBlobType, int nAlgId, byte[] pbInData, boolean isExportable) throws TacException
	Import a key from the local machine to the HSM.
void	importKey (String szKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData, int dwInDataLen) throws TacException
	Import a key from the local machine to the HSM.
void	importKey (String szKey, byte[] hKEKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData, byte[] hKey) throws TacException
	Import a key from the local machine to the HSM.
byte[]	importKey (String szKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData) throws TacException
	Import a key from the local machine to the HSM.
void	importKey (String szKey, byte[] hKEKey, int dwBlobType, int nAlgId, int dwFlags, byte[] pbInData, int dwInDataLen, byte[] hKey) throws TacException
	Import a key from the local machine to the HSM.
void	PKCS12Import (String szPathFile, String szPassword, String szKey, String szCert, boolean isExportable) throws TacException
	Imports a key/certificate from a file in PKCS#12 format into the HSM.
void	importPKCS12 (String szPathFile, String szPassword, String szKey, String szCert, boolean isExportable) throws TacException
	Imports a key/certificate from a file in PKCS#12 format into the HSM.
void	importPKCS12 (byte[] pbPkcs12, String szPassword, String szKey, String szCert, boolean isExportable) throws TacException
	Imports a key/certificate from a buffer in PKCS#12 format into the HSM.
void	importPKCS12 (byte[] pbPkcs12, String szPassword, String szKey, int nKeyAttr, String szCert, String szPubKey, int nReserved) throws TacException
	Imports a key/certificate from a buffer in PKCS#12 format into the HSM.
byte[]	exportPKCS12 (String password, String key, String cert, String strReserved, int dwFlags) throws TacException
	Exports an HSM key and certificate in PKCS#12 format.
byte[]	exportPKCS12 (String password, String key, String cert) throws TacException
	Exports an HSM key and certificate in PKCS#12 format.
byte[]	PKCS8ExportKey (String szKeyId, String szSecret) throws TacException
	Exports an asymmetric key in a file in PKCS#8 format to the HSM.
void	PKCS8ImportKey (String szKeyId, String szSecret, int dwKeyAlg, byte[] bKeyEnvelope, boolean isExportable) throws TacException
	Imports an asymmetric key from a file in PKCS#8 format into the HSM.
int	getAlgId (byte[] ctxKey) throws TacException
	Retrieves the key's algorithm.
int	getAlgId (String keyId) throws TacException
	Retrieves the key's algorithm.
byte[]	readObject (String szObject) throws TacException
	Exports an HSM object to the local machine.
void	writeObject (String szObject, byte[] jbObjectData) throws TacException
	Import an object from the local machine to the HSM.
byte[]	getKeyHandle (String keyId) throws TacException
	Retrieves a key handle.
void	releaseKeyHandle (byte[] keyHandle) throws TacException
	Releases a key handle.
boolean	isKeyExportable (byte[] keyHandle) throws TacException
	Check that the key is exportable.
boolean	isKeyExportable (String keyId) throws TacException
	Check that the key is exportable.
void	setObjLabel (String objId, String label) throws TacException
	Defines the label attribute of the object's metadata.
void	createMap (String mapId, String objId1, int objId1Alg, String objId2, int objId2Alg) throws TacException
	Creates a mapping object (MAP) within the HSM.
String[]	listObjects () throws TacException
	Lists the HSM objects.

Functions

getUserKey() [1/2]

byte[] getUserKey	(	String	strKeyName,
		int	nFlags ) throws TacException

Retrieves the context of a key, as long as the current User has access, stored within the HSM.

This function does not create a new key.

Parameters

strKeyName	Key identifier in the HSM.
nFlags

Return

Byte array representing a handle to the key and not its contents.

Exceptions

TacException

Exception for errors in retrieving the key context.

Obsolete

getUserKey() [2/2]

byte[] getUserKey

(

String

strKeyName

)

throws TacException

Retrieves the context of a key, as long as the current User has access, stored within the HSM.

This function does not create a new key.

Parameters

strKeyName

Key identifier in the HSM.

Return

Byte array representing a handle to the key and not its contents.

Exceptions

TacException

Exception for errors in retrieving the key context.

getUserKeyOffline()

byte[] getUserKeyOffline	(	String	strKeyName,
		int	algId,
		boolean	isTemporary,
		boolean	isExportable ) throws TacException

Retrieves the context of a key, without verifying the information passed, as long as the current User has access, stored within the HSM.

This function does not create a new key.

Parameters

strKeyName	Key identifier in the HSM.
algId	Key algorithm.
isTemporary	Tells you if the key is temporary.
isExportable	Informs whether the key is exportable.

Return

Byte array representing a handle to the key and not its contents.

Exceptions

TacException

Exception for errors in retrieving the key context.

deleteKey()

void deleteKey

(

String

keyId

)

throws TacException

Turn off the key.

Parameters

keyId

Key identifier

Exceptions

TacException

deleteKeyIfExists()

void deleteKeyIfExists

(

String

keyId

)

throws TacException

Delete the key if it exists.

It does not return an error if it does not exist.

Parameters

keyId

Key identifier

Exceptions

TacException

createKeyMaterial()

byte[] createKeyMaterial

(

int

keyAlg

)

throws TacException

It creates a new cryptographic key and returns its content without persisting it in the HSM.

Parameters

keyAlg

Algorithm to be used: Symmetric Keys Value Meaning TacNDJavaLib.ALG_DES 56-bit DES with odd parity. TacNDJavaLib.ALG_3DES_112 112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_3DES_168 168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_DESX DESX of 192 bits. The effective size is 118 bits. TacNDJavaLib.ALG_AES_128 128-bit AES. TacNDJavaLib.ALG_AES_192 AES with 192 bits. TacNDJavaLib.ALG_AES_256 256-bit AES. TacNDJavaLib.ALG_ARC4 ARC4 with 128 bits.

Exceptions

Exception

createKey() [1/3]

void createKey	(	String	keyId,
		int	keyAlg,
		boolean	exportable ) throws TacException

It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

The key generated will be exportable.

Parameters

keyId	Key identifier
keyAlg	Algorithm to be used: Symmetric Keys Value Meaning TacNDJavaLib.ALG_DES 56-bit DES with odd parity. TacNDJavaLib.ALG_3DES_112 112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_3DES_168 168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_DESX DESX of 192 bits. The effective size is 118 bits. TacNDJavaLib.ALG_AES_128 128-bit AES. TacNDJavaLib.ALG_AES_192 AES with 192 bits. TacNDJavaLib.ALG_AES_256 256-bit AES. TacNDJavaLib.ALG_ARC4 ARC4 with 128 bits. RSA Asymmetric Keys Value Meaning TacNDJavaLib.ALG_RSA_512 RSA with 512-bit module. TacNDJavaLib.ALG_RSA_1024 RSA with 1024-bit modulus. TacNDJavaLib.ALG_RSA_2048 RSA with 2048-bit module. TacNDJavaLib.ALG_RSA_4096 RSA with 4096-bit module. TacNDJavaLib.ALG_RSA_1152 RSA with 1152-bit module. TacNDJavaLib.ALG_RSA_1408 RSA with 1408-bit module. TacNDJavaLib.ALG_RSA_1984 RSA with 1984-bit module. ECC Asymmetric Keys Value Meaning TacNDJavaLib.ALG_ECC_SECP112R1 SECG/WTLS curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters). TacNDJavaLib.ALG_ECC_SECP112R2 SECG curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP128R1 SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP128R2 SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP160K1 SECG curve over a finite prime body of 160 bits(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP160R1 SECG curve over a finite prime body of 160 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP160R2 SECG/WTLS curve over a 160-bit finite prime body(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP192K1 SECG curve over a finite 192-bit prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP192R1 SECG/X9.62/NIST curve over a finite 192-bit prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP224K1 SECG curve over a 224-bit finite prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP224R1 SECG/NIST curve over a 224-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP256K1 SECG curve over a 256-bit finite prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP256R1 SECG/X9.62 curve over a 256-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP384R1 SECG/NIST curve over a finite prime body of 384 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP521R1 SECG/NIST curve over a finite prime body of 521 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V1 X9.62 curve over a finite 192-bit prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V2 X9.62 curve over a finite 192-bit prime body(version 2 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V3 X9.62 curve over a finite 192-bit prime body(version 3 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V1 X9.62 curve over a 239-bit finite prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V2 X9.62 curve over a 239-bit finite prime body(version 2 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V3 X9.62 curve over a 239-bit finite prime body(version 3 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME256V1 X9.62 curve over a 256-bit finite prime body(version 1 domain parameters).
exportable	The key can be exported from the HSM if set to true.

Exceptions

Exception

createKey() [2/3]

void createKey	(	String	keyId,
		int	keyAlg ) throws TacException

It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

The key generated will be exportable.

Parameters

keyId

Key identifier

keyAlg

Algorithm to be used: Symmetric Keys Value Meaning TacNDJavaLib.ALG_DES 56-bit DES with odd parity. TacNDJavaLib.ALG_3DES_112 112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_3DES_168 168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_DESX DESX of 192 bits. The effective size is 118 bits. TacNDJavaLib.ALG_AES_128 128-bit AES. TacNDJavaLib.ALG_AES_192 AES with 192 bits. TacNDJavaLib.ALG_AES_256 256-bit AES. TacNDJavaLib.ALG_ARC4 ARC4 with 128 bits. RSA Asymmetric Keys Value Meaning TacNDJavaLib.ALG_RSA_512 RSA with 512-bit module. TacNDJavaLib.ALG_RSA_1024 RSA with 1024-bit modulus. TacNDJavaLib.ALG_RSA_2048 RSA with 2048-bit module. TacNDJavaLib.ALG_RSA_4096 RSA with 4096-bit module. TacNDJavaLib.ALG_RSA_1152 RSA with 1152-bit module. TacNDJavaLib.ALG_RSA_1408 RSA with 1408-bit module. TacNDJavaLib.ALG_RSA_1984 RSA with 1984-bit module. ECC Asymmetric Keys Value Meaning TacNDJavaLib.ALG_ECC_SECP112R1 SECG/WTLS curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters). TacNDJavaLib.ALG_ECC_SECP112R2 SECG curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP128R1 SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP128R2 SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP160K1 SECG curve over a finite prime body of 160 bits(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP160R1 SECG curve over a finite prime body of 160 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP160R2 SECG/WTLS curve over a 160-bit finite prime body(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP192K1 SECG curve over a finite 192-bit prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP192R1 SECG/X9.62/NIST curve over a finite 192-bit prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP224K1 SECG curve over a 224-bit finite prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP224R1 SECG/NIST curve over a 224-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP256K1 SECG curve over a 256-bit finite prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP256R1 SECG/X9.62 curve over a 256-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP384R1 SECG/NIST curve over a finite prime body of 384 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP521R1 SECG/NIST curve over a finite prime body of 521 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V1 X9.62 curve over a finite 192-bit prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V2 X9.62 curve over a finite 192-bit prime body(version 2 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V3 X9.62 curve over a finite 192-bit prime body(version 3 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V1 X9.62 curve over a 239-bit finite prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V2 X9.62 curve over a 239-bit finite prime body(version 2 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V3 X9.62 curve over a 239-bit finite prime body(version 3 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME256V1 X9.62 curve over a 256-bit finite prime body(version 1 domain parameters).

Exceptions

Exception

createKey() [3/3]

void createKey	(	String	keyId,
		int	keyAlg,
		int	dwFlags ) throws TacException

It creates and stores a cryptographic key associated with an algorithm according to the parameters entered within the HSM.

Parameters

keyId	Key identifier
keyAlg	Algorithm to be used: Symmetric Keys Value Meaning TacNDJavaLib.ALG_DES 56-bit DES with odd parity. TacNDJavaLib.ALG_3DES_112 112-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_3DES_168 168-bit 3DES-EDE(Encrypt-Decrypt-Encrypt) with odd parity. TacNDJavaLib.ALG_DESX DESX of 192 bits. The effective size is 118 bits. TacNDJavaLib.ALG_AES_128 128-bit AES. TacNDJavaLib.ALG_AES_192 AES with 192 bits. TacNDJavaLib.ALG_AES_256 256-bit AES. TacNDJavaLib.ALG_ARC4 ARC4 with 128 bits. RSA Asymmetric Keys Value Meaning TacNDJavaLib.ALG_RSA_512 RSA key pair with 512-bit modulus. TacNDJavaLib.ALG_RSA_1024 RSA key pair with 1024-bit modulus. TacNDJavaLib.ALG_RSA_2048 RSA key pair with 2048-bit modulus. TacNDJavaLib.ALG_RSA_4096 RSA key pair with 4096-bit modulus. TacNDJavaLib.ALG_RSA_1152 RSA key pair with 1152-bit modulus. TacNDJavaLib.ALG_RSA_1408 RSA key pair with 1408-bit modulus. TacNDJavaLib.ALG_RSA_1536 RSA key pair with 1536-bit modulus. TacNDJavaLib.ALG_RSA_1976 RSA key pair with 1976-bit module. TacNDJavaLib.ALG_RSA_1984 RSA key pair with 1984-bit modulus. TacNDJavaLib.ALG_RSA_8192 RSA key pair with 8192-bit modulus. TacNDJavaLib.ALG_RSA_2304 RSA key pair with 2304-bit modulus. TacNDJavaLib.ALG_RSA_2560 RSA key pair with 2560-bit modulus. TacNDJavaLib.ALG_RSA_2816 RSA key pair with 2816-bit modulus. TacNDJavaLib.ALG_RSA_3072 RSA key pair with 3072-bit modulus. ECC Asymmetric Keys Value Meaning TacNDJavaLib.ALG_ECC_SECP112R1 SECG/WTLS curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters). TacNDJavaLib.ALG_ECC_SECP112R2 SECG curve over a finite prime body of 112 bits(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP128R1 SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP128R2 SECG curve over a 128-bit finite prime body(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP160K1 SECG curve over a finite prime body of 160 bits(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP160R1 SECG curve over a finite prime body of 160 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP160R2 SECG/WTLS curve over a 160-bit finite prime body(verifiably random elliptic curve domain parameters 2). TacNDJavaLib.ALG_ECC_SECP192K1 SECG curve over a finite 192-bit prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP192R1 SECG/X9.62/NIST curve over a finite 192-bit prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP224K1 SECG curve over a 224-bit finite prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP224R1 SECG/NIST curve over a 224-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP256K1 SECG curve over a 256-bit finite prime body(koblitz domain parameters ). TacNDJavaLib.ALG_ECC_SECP256R1 SECG/X9.62 curve over a 256-bit finite prime body(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP384R1 SECG/NIST curve over a finite prime body of 384 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_SECP521R1 SECG/NIST curve over a finite prime body of 521 bits(verifiably random elliptic curve domain parameters 1). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V1 X9.62 curve over a finite 192-bit prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V2 X9.62 curve over a finite 192-bit prime body(version 2 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME192V3 X9.62 curve over a finite 192-bit prime body(version 3 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V1 X9.62 curve over a 239-bit finite prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V2 X9.62 curve over a 239-bit finite prime body(version 2 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME239V3 X9.62 curve over a 239-bit finite prime body(version 3 domain parameters). TacNDJavaLib.ALG_ECC_X9_62_PRIME256V1 X9.62 curve over a 256-bit finite prime body(version 1 domain parameters). TacNDJavaLib.ALG_ECC_BRAINPOOL_P160R1 RFC 5639 Brainpool curve over a 160-bit finite prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P160T1 RFC 5639 Brainpool curve over a 160-bit finite prime body(twisted domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P192R1 RFC 5639 Brainpool curve over a finite 192-bit prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P192T1 RFC 5639 Brainpool curve over a finite 192-bit prime body(twisted domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P224R1 RFC 5639 Brainpool curve over a finite 224-bit prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P224T1 RFC 5639 Brainpool curve over a 224-bit finite prime body(twisted domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P256R1 RFC 5639 Brainpool curve over a 256-bit finite prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P256T1 RFC 5639 Brainpool curve over a 256-bit finite prime body(twisted domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P320R1 RFC 5639 Brainpool curve over a 320-bit finite prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P320T1 RFC 5639 Brainpool curve over a 320-bit finite prime body(twisted domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P384R1 RFC 5639 Brainpool curve over a finite 384-bit prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P384T1 RFC 5639 Brainpool curve over a finite 384-bit prime body(twisted domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P512R1 RFC 5639 Brainpool curve over a 512-bit finite prime body(verifiably random domain parameters 1) TacNDJavaLib.ALG_ECC_BRAINPOOL_P512T1 RFC 5639 Brainpool curve over a 512-bit finite prime body(twisted domain parameters 1) ECX Asymmetric Keys Value Meaning TacNDJavaLib.ALG_ECX_ED25519 RFC 8032 curve (signature only) over a finite prime body of ~256 bits. TacNDJavaLib.ALG_ECX_ED448 RFC 8032 curve (signature only) over a finite prime body of ~448 bits. TacNDJavaLib.ALG_ECX_X25519 RFC 7748 curve ( key-agreement only) over a finite prime body of ~256 bits. TacNDJavaLib.ALG_ECX_X448 RFC 7748 curve ( key-agreement only) over a finite prime body of ~448 bits. HMAC Keys Value Meaning TacNDJavaLib.ALG_HMAC_MD5 HMAC MD5 key with a size of 16 bytes. TacNDJavaLib.ALG_HMAC_SHA1 HMAC SHA1 key with a size of 20 bytes. TacNDJavaLib.ALG_HMAC_SHA2_256 HMAC SHA2 256 key with a size of 32 bytes. TacNDJavaLib.ALG_HMAC_SHA2_384 HMAC SHA2 384 key with a size of 48 bytes. TacNDJavaLib.ALG_HMAC_SHA2_512 HMAC SHA2 512 key with a size of 64 bytes.
dwFlags	Additional key parameters. Value Meaning TacNDJavaLib.EXPORTABLE_KEY The key can be exported from the HSM. TacNDJavaLib.TEMPORARY_KEY The key will only exist while the session is active. It will be destroyed when the session is closed. The szKeyId parameter, the key identifier, must be NULL. In addition to the values in the previous table, you can add a key usage profile definition. You can define the key usage profile (Attribute Usage-profile), using only one of the values below. If none of the values below are specified, the key profile is set to free for any use. It is mandatory to define the usage profile when the HSM is in RM3 mode. Value Meaning TacNDJavaLib.AUP_DIG_SIG signature generation/verification TacNDJavaLib.AUP_DATA_CRYPTO data encryption/decryption TacNDJavaLib.AUP_KeK key wrapping/unwrapping TacNDJavaLib.AUP_MAC MAC generation/verification TacNDJavaLib.AUP_KDF key derivation function TacNDJavaLib.AUP_CRYPTOGRAM cryptogram generation/verification TacNDJavaLib.AUP_KEY_TRANSLATE key translation TacNDJavaLib.AUP_EFT_CVK VSC generation/verification TacNDJavaLib.AUP_EFT_VISA_PVK PVP generation TacNDJavaLib.AUP_EFT_IBM_3624 PIN generation/validation TacNDJavaLib.AUP_EFT_PEK PIN encryption/decryption TacNDJavaLib.AUP_EFT_BDK DUKPT TacNDJavaLib.AUP_EFT_IPEK DUKPT IPEK TacNDJavaLib.AUP_EMV_IMK ICC derivation MK, IDN TacNDJavaLib.AUP_EMV_IMKDAC ICC DAC shunt TacNDJavaLib.AUP_EMV_IMKENC ICC data encryption - PinBlock TacNDJavaLib.AUP_EMV_IMKMAC ICC data cryptogram - EmvMac TacNDJavaLib.AUP_EMV_KeK ICC MK wrapping TacNDJavaLib.AUP_EMV_IMKKDF EMV key derivation TacNDJavaLib.AUP_EMV_IMKACRYPTO ARPC calculation TacNDJavaLib.AUP_EFT_KeK EFT key wrapping/unwrapping TacNDJavaLib.AUP_EMV_DIG_SIG EMV signature generation/verification TacNDJavaLib.AUP_EFT_TR31_KBPK TR31 key-block protection key TacNDJavaLib.AUP_EFT_TR34_PK signature/envelope TR34 TacNDJavaLib.AUP_SPB_PK SPB signature generation/verification and key wrapping

Exceptions

Exception

exportKey() [1/3]

byte[] exportKey	(	String	szKey,
		int	dwBlobType ) throws TacException

Exports an HSM key to the local machine.

Parameters

szKey	Name of the key to be exported.
dwBlobType	Output buffer format. See importKey for a list of supported types.

Return

Buffer containing the exported object.

Exceptions

TacException

exportKey() [2/3]

byte[] exportKey	(	String	szKey,
		byte[]	hKEKey,
		int	dwBlobType ) throws TacException

Exports an HSM key to the local machine.

Parameters

szKey	Name of the key to be exported.
hKEKey	Context of the key with which the key block will be encrypted - KEK (key encryption key).
dwBlobType	Output buffer format. See importKey for a list of supported types.

Return

Buffer containing the exported object.

Exceptions

TacException

exportKey() [3/3]

byte[] exportKey	(	byte[]	hKey,
		byte[]	hKEKey,
		int	dwBlobType ) throws TacException

Exports an HSM key to the local machine.

Parameters

hKey	Context of the key to be exported.
hKEKey	Context of the key with which the key block will be encrypted - KEK (key encryption key).
dwBlobType	Output buffer format. See importKey for a list of supported types.

Return

Buffer containing the exported object.

Exceptions

TacException

importKey() [1/5]

void importKey	(	String	szKey,
		int	dwBlobType,
		int	nAlgId,
		byte[]	pbInData,
		boolean	isExportable ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
dwBlobType	Output buffer format. Value Meaning TacNDJavaLib.PRIVATEKEY_BLOB_STRICT An RSA or EC key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key (internal to the HSM see PUBLICKEY_BLOB_HSM) or NULL. The following formats are accepted. For RSA: Private key (containing modulus information and public exponent), defined in PKCS#1 v1.5 section 7.2. For ECC keys must have the ECPrivateKey format described in RFC 5915. For ECX keys (EdDSA and XECDH) the format is that described in RFC 8410. TacNDJavaLib.PRIVATEKEY_BLOB Same behavior as TacNDJavaLib.PRIVATEKEY_BLOB_STRICT but in older versions of HSM it can return RSA keys as a concatenation of private key and public key in the formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2. This option is kept for compatibility. Use TacNDJavaLib.PRIVATEKEY_BLOB_STRICT. TacNDJavaLib.PUBLICKEY_BLOB A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented). TacNDJavaLib.SIMPLE_BLOB A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1. TacNDJavaLib.PLAINTEXTKEY_BLOB This flag is not yet supported for RSA keys. TacNDJavaLib.RAW_BLOB The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly. TacNDJavaLib.SIMPLE_BLOB_OAEP Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode. TacNDJavaLib.SYM_WRAPPED_KEY_BLOB Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.HOTP_BLOB Defines the import of an HTOP object into the User's domain. TacNDJavaLib.PUBLICKEY_BLOB_HSM A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below. Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM. Value Meaning TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB RSA key imported in PKCS#1 format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
nAlgId	Algorithm of the imported key. See createKey.
isExportable	Signals that the imported key will be exportable.
pbInData	Buffer containing the key to be imported, as specified in dwBlobType.

Exceptions

TacException

importKey() [2/5]

void importKey	(	String	szKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData,
		int	dwInDataLen ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
dwBlobType	Output buffer format. Value Meaning TacNDJavaLib.PRIVATEKEY_BLOB An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2. TacNDJavaLib.PUBLICKEY_BLOB A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented). TacNDJavaLib.SIMPLE_BLOB A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1. TacNDJavaLib.PLAINTEXTKEY_BLOB This flag is not yet supported for RSA keys. TacNDJavaLib.RAW_BLOB The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly. TacNDJavaLib.SIMPLE_BLOB_OAEP Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode. TacNDJavaLib.SYM_WRAPPED_KEY_BLOB Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.HOTP_BLOB Defines the import of an HTOP object into the User's domain. TacNDJavaLib.PUBLICKEY_BLOB_HSM A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below. Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM. Value Meaning TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB RSA key imported in PKCS#1 format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
nAlgId	Algorithm of the imported key. See createKey.
dwFlags	Additional key parameters. See createKey.
pbInData	Buffer containing the key to be imported, as specified in dwBlobType.
dwInDataLen	Size of the pbInData buffer to be imported.

Exceptions

TacException

importKey() [3/5]

void importKey	(	String	szKey,
		byte[]	hKEKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData,
		byte[]	hKey ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
hKEKey	Context of the key with which the blob of the key to be imported is encrypted - KEK (key encryption key)
dwBlobType	Output buffer format. Value Meaning TacNDJavaLib.PRIVATEKEY_BLOB An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2. TacNDJavaLib.PUBLICKEY_BLOB A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented). TacNDJavaLib.SIMPLE_BLOB A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1. TacNDJavaLib.PLAINTEXTKEY_BLOB This flag is not yet supported for RSA keys. TacNDJavaLib.RAW_BLOB The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly. TacNDJavaLib.SIMPLE_BLOB_OAEP Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode. TacNDJavaLib.SYM_WRAPPED_KEY_BLOB Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.HOTP_BLOB Defines the import of an HTOP object into the User's domain. TacNDJavaLib.PUBLICKEY_BLOB_HSM A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below. TacNDJavaLib.WRAPPED_KEY_BLOB Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.WRAPPED_KEY_BLOB_P8 Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8. Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM. Value Meaning TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB RSA key imported in PKCS#1 format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
nAlgId	Algorithm of the imported key. See createKey.
dwFlags	Additional key parameters. See createKey.
pbInData	Buffer containing the key to be imported, as specified in dwBlobType.
hKey	Context of the imported key.

Exceptions

TacException

importKey() [4/5]

byte[] importKey	(	String	szKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
dwBlobType	Output buffer format. Value Meaning TacNDJavaLib.PRIVATEKEY_BLOB An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2. TacNDJavaLib.PUBLICKEY_BLOB A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented). TacNDJavaLib.SIMPLE_BLOB A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1. TacNDJavaLib.PLAINTEXTKEY_BLOB This flag is not yet supported for RSA keys. TacNDJavaLib.RAW_BLOB The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly. TacNDJavaLib.SIMPLE_BLOB_OAEP Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode. TacNDJavaLib.SYM_WRAPPED_KEY_BLOB Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.HOTP_BLOB Defines the import of an HTOP object into the User's domain. TacNDJavaLib.PUBLICKEY_BLOB_HSM A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below. TacNDJavaLib.WRAPPED_KEY_BLOB Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.WRAPPED_KEY_BLOB_P8 Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8. Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM. Value Meaning TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB RSA key imported in PKCS#1 format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
nAlgId	Algorithm of the imported key. See createKey.
dwFlags	Additional key parameters. See createKey.
pbInData	Buffer containing the key to be imported, as specified in dwBlobType.

Exceptions

TacException

importKey() [5/5]

void importKey	(	String	szKey,
		byte[]	hKEKey,
		int	dwBlobType,
		int	nAlgId,
		int	dwFlags,
		byte[]	pbInData,
		int	dwInDataLen,
		byte[]	hKey ) throws TacException

Import a key from the local machine to the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
hKEKey	Context of the key with which the blob of the key to be imported is encrypted - KEK (key encryption key)
dwBlobType	Output buffer format. Value Meaning TacNDJavaLib.PRIVATEKEY_BLOB An RSA key pair will be imported in PRIVATEKEY_BLOB format. hKEKey must be the context of a symmetric key, a public key or NULL. The key blob format can be a concatenation of the public key and private key formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2, or it can also be just the format defined for the private key (which contains the modulus and public exponent information), defined in PKCS#1 v1.5 section 7.2. TacNDJavaLib.PUBLICKEY_BLOB A public key will be imported from an RSA key pair in the format PUBLICKEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key import should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key. For ECC public key imports, the format used will be DER (not implemented). TacNDJavaLib.SIMPLE_BLOB A symmetric key will be imported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1. TacNDJavaLib.PLAINTEXTKEY_BLOB This flag is not yet supported for RSA keys. TacNDJavaLib.RAW_BLOB The object is transported directly to the HSM's physical storage area in its native mode. Normally only objects exported from the HSM in RAW mode can be imported in RAW mode. All the object's properties are preserved in the HSM, including the encryption (done with the Server Master Key, for encrypted objects), so the operation to import an object in RAW mode must be carried out in a lifted HSM with the same Server Master Key used in the HSM where the RAW mode export was made, otherwise the object cannot be used correctly. TacNDJavaLib.SIMPLE_BLOB_OAEP Defines import via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme.The imported key must be a symmetric key (DES, 3DES or AES).The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This import method can be used in FIPS operating mode. TacNDJavaLib.SYM_WRAPPED_KEY_BLOB Defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter should contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.HOTP_BLOB Defines the import of an HTOP object into the User's domain. TacNDJavaLib.PUBLICKEY_BLOB_HSM A public key from an RSA/ECC key pair in DER format will be imported into the HSM. The nAlgId can have the following values specified in the table below. TacNDJavaLib.WRAPPED_KEY_BLOB Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. TacNDJavaLib.WRAPPED_KEY_BLOB_P8 Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8. Table of TacNDJavaLib.PUBLICKEY_BLOB_HSM. Value Meaning TacNDJavaLib.ALG_OBJ_PUBKEY_RSA_BLOB RSA key imported in PKCS#1 format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_ECC_BLOB ECC key imported in SubjectPublicKeyInfo format. The key size is detected automatically. TacNDJavaLib.ALG_OBJ_PUBKEY_SPKI_RSA_BLOB RSA key imported in SubjectPublicKeyInfo format. The key size is detected automatically.
nAlgId	Algorithm of the imported key. See createKey.
dwFlags	Additional key parameters. See createKey.
pbInData	Buffer containing the key to be imported, as specified in dwBlobType.
dwInDataLen	Size of the pbInData buffer to be imported.
hKey	Context of the imported key.

Exceptions

TacException

PKCS12Import()

void PKCS12Import	(	String	szPathFile,
		String	szPassword,
		String	szKey,
		String	szCert,
		boolean	isExportable ) throws TacException

Imports a key/certificate from a file in PKCS#12 format into the HSM.

Parameters

szKey	Name that the imported key will have inside the HSM.
szPathFile	Location of the physical PFX file to be imported.
szPassword	Password to open PFX file.
szCert	Name that the imported certificate will have within the HSM.
isExportable	Import the key in exportable form.

Obsolete

Exceptions

TacException

importPKCS12() [1/3]

void importPKCS12	(	String	szPathFile,
		String	szPassword,
		String	szKey,
		String	szCert,
		boolean	isExportable ) throws TacException

Imports a key/certificate from a file in PKCS#12 format into the HSM.

Parameters

szPathFile	Location of the physical PFX file to be imported.
szPassword	Password to open PFX file.
szKey	Name that the imported key will have inside the HSM.
szCert	Name that the imported certificate will have within the HSM.
isExportable	Import the key in exportable form.

Exceptions

TacException

importPKCS12() [2/3]

void importPKCS12	(	byte[]	pbPkcs12,
		String	szPassword,
		String	szKey,
		String	szCert,
		boolean	isExportable ) throws TacException

Imports a key/certificate from a buffer in PKCS#12 format into the HSM.

Parameters

pbPkcs12	PKCS#12.
szPassword	Password for PKCS#12.
szKey	Name that the imported key will have inside the HSM.
szCert	Name that the imported certificate will have within the HSM.
isExportable	Import the private key in exportable form.

Exceptions

TacException

importPKCS12() [3/3]

void importPKCS12	(	byte[]	pbPkcs12,
		String	szPassword,
		String	szKey,
		int	nKeyAttr,
		String	szCert,
		String	szPubKey,
		int	nReserved ) throws TacException

Imports a key/certificate from a buffer in PKCS#12 format into the HSM.

Parameters

pbPkcs12	PKCS#12.
szPassword	Password for PKCS#12.
szKey	Name that the imported key will have inside the HSM.
nKeyAttr	Attributes of the key that will be imported into the HSM. See possible options in the dwFlags parameter at Dinamo.createKey().
szCert	Name that the imported certificate will have within the HSM.
szPubKey	Name that the imported public key will have inside the HSM. Can be null to not import the public key object.
nReserved	Reserved for future use. Must be 0.

Exceptions

TacException

exportPKCS12() [1/2]

byte[] exportPKCS12	(	String	password,
		String	key,
		String	cert,
		String	strReserved,
		int	dwFlags ) throws TacException

Exports an HSM key and certificate in PKCS#12 format.

Parameters

password	Password for PFX protection.
key	Name of the key to be exported to PFX.
cert	Name of the certificate to be exported to PFX.
strReserved	Reserved for future use.
dwFlags	Pass 0 or one of the options in the table below. Attribute Value DN_EXPORT_P12_LEGACY It exports the key and certificate and generates the PKCS#12 file in software.

Return

Array of bytes in PFX format containing the specified key and certificate.

Exceptions

TacException

exportPKCS12() [2/2]

byte[] exportPKCS12	(	String	password,
		String	key,
		String	cert ) throws TacException

Exports an HSM key and certificate in PKCS#12 format.

Parameters

password	Password for PFX protection.
key	Name of the key to be exported to PFX.
cert	Name of the certificate to be exported to PFX.

Return

Array of bytes in PFX format containing the specified key and certificate.

Exceptions

TacException

PKCS8ExportKey()

byte[] PKCS8ExportKey	(	String	szKeyId,
		String	szSecret ) throws TacException

Exports an asymmetric key in a file in PKCS#8 format to the HSM.

Parameters

szKeyId	Key identification.
szSecret	Password for the PKCS#8 file (must be longer than 16 characters).

Exceptions

TacException

PKCS8ImportKey()

void PKCS8ImportKey	(	String	szKeyId,
		String	szSecret,
		int	dwKeyAlg,
		byte[]	bKeyEnvelope,
		boolean	isExportable ) throws TacException

Imports an asymmetric key from a file in PKCS#8 format into the HSM.

Parameters

szKeyId	Key identification.
szSecret	Password for the PKCS#8 file (must be longer than 16 characters).
dwKeyAlg	Key algorithm identifier. RSA Asymmetric Keys Value Meaning TacNDJavaLib.ALG_RSA_512 RSA with 512-bit module. TacNDJavaLib.ALG_RSA_1024 RSA with 1024-bit modulus. TacNDJavaLib.ALG_RSA_2048 RSA with 2048-bit module. TacNDJavaLib.ALG_RSA_4096 RSA with 4096-bit module. TacNDJavaLib.ALG_RSA_1152 RSA with 1152-bit module. TacNDJavaLib.ALG_RSA_1408 RSA with 1408-bit module. TacNDJavaLib.ALG_RSA_1984 RSA with 1984-bit module.
bKeyEnvelope	Binary file format PKCS#8
isExportable	Import the key in exportable form.

Exceptions

TacException

getAlgId() [1/2]

int getAlgId

(

byte[]

ctxKey

)

throws TacException

Retrieves the key's algorithm.

Parameters

ctxKey

Handle of the key, retrieved by getKeyHandle().

Return

Exceptions

TacException

getAlgId() [2/2]

int getAlgId

(

String

keyId

)

throws TacException

Retrieves the key's algorithm.

Parameters

keyId

Key identifier

Return

Exceptions

TacException

readObject()

byte[] readObject

(

String

szObject

)

throws TacException

Exports an HSM object to the local machine.

Parameters

szObject

Name of the object to be exported.

Return

Buffer containing the exported object.

Exceptions

TacException

writeObject()

void writeObject	(	String	szObject,
		byte[]	jbObjectData ) throws TacException

Import an object from the local machine to the HSM.

Parameters

szObject	Name of the object to be imported.
jbObjectData	Data of the object to be imported.

Exceptions

TacException

getKeyHandle()

byte[] getKeyHandle

(

String

keyId

)

throws TacException

Retrieves a key handle.

It must be released with the releaseKey() method.

Parameters

keyId

Key identifier in text format

Return

key handle

Exceptions

TacException

releaseKeyHandle()

void releaseKeyHandle

(

byte[]

keyHandle

)

throws TacException

Releases a key handle.

Parameters

keyHandle

Handle of the key retrieved by getKeyHandle().

Exceptions

TacException

isKeyExportable() [1/2]

boolean isKeyExportable

(

byte[]

keyHandle

)

throws TacException

Check that the key is exportable.

Parameters

keyHandle

Handle of the key retrieved by getKeyHandle().

Return

Key status.

Exceptions

TacException

isKeyExportable() [2/2]

boolean isKeyExportable

(

String

keyId

)

throws TacException

Check that the key is exportable.

Parameters

keyId

Key identifier.

Return

Key status.

Exceptions

TacException

setObjLabel()

void setObjLabel	(	String	objId,
		String	label ) throws TacException

Defines the label attribute of the object's metadata.

Parameters

objId	Object identifier
label	Label

Exceptions

TacException

createMap()

void createMap	(	String	mapId,
		String	objId1,
		int	objId1Alg,
		String	objId2,
		int	objId2Alg ) throws TacException

Creates a mapping object (MAP) within the HSM.

Parameters

mapId	Identifier of the PRT object.
objId1	Identifier of the object pointed to by the first slot in the PRT.
objId1Alg	Algorithm of the object indicated by objId1Alg. It can be any type of object (see createKey) or TacNDJavaLib.ALG_OBJ_NULL.
objId2	Identifier of the object pointed to by the second slot in the PRT.
objId2Alg	Algorithm of the object indicated by objId2Alg. It can be any type of object (see createKey) or TacNDJavaLib.ALG_OBJ_NULL.

Exceptions

Exception

listObjects()

String[] listObjects

(

)

throws TacException

Lists the HSM objects.

Return

Array of strings containing the list of objects in the HSM.

Exceptions

TacException