An RSA or EC key pair will be exported in PRIVATE_KEY_BLOB format.
hKEKey must be the context of a symmetric key, a public key (internal to the HSM see PUBLIC_KEY_BLOB_HSM) or NULL.
The following formats are accepted.
For RSA: Private key (containing modulus information and public exponent), defined in PKCS#1 v1.5 section 7.2.
For ECC keys must have the ECPrivateKey format described in RFC 5915.
For ECX keys (EdDSA and XECDH) the format is that described in RFC 8410.
Property
Same behavior as PRIVATE_KEY_BLOB_STRICT but older versions of HSM can return RSA keys as a concatenation of private key and public key in the formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2. This option is retained for compatibility. Use PRIVATE_KEY_BLOB_STRICT.
Property
An RSA key pair in PRIVATE_KEY_BLOB_P8 format will be imported.
hKEKey must be the context of a symmetric key.
The key blob format is the PrivateKeyInfo defined in PKCS#8.
Property
A public key from an RSA or EC key pair will be exported in the format PUBLIC_KEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key export should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key following the PKCS#1 v2.2 DER format standard.For EC public keys (ECC and ECX) the standard is the SubjectPublicKeyInfo DER format.
Property
A symmetric key will be exported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
Property
This flag is not yet supported for RSA keys.
Property
Defines export via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme. The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This export method can be used in restricted operating modes.
Property
It defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM base directly, without any specific formatting.
Property
Defines the import of an HTOP object into the user partition.
Property
A public key from an RSA/ECC key pair in DER format will be imported into the HSM. hKEKey must be equal to NULL.
Property
A public key will be imported into the HSM from the module and the public exponent. hKEKey must be equal to NULL. The completed RSA_PUB_KEY_PARTS structure must be passed in pbData.
Property
Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
Property
Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8.
Description
Key formats to be exported.
Property
An RSA or EC key pair will be exported in PRIVATE_KEY_BLOB format. hKEKey must be the context of a symmetric key, a public key (internal to the HSM see PUBLIC_KEY_BLOB_HSM) or NULL. The following formats are accepted. For RSA: Private key (containing modulus information and public exponent), defined in PKCS#1 v1.5 section 7.2. For ECC keys must have the ECPrivateKey format described in RFC 5915. For ECX keys (EdDSA and XECDH) the format is that described in RFC 8410.
Property
Same behavior as PRIVATE_KEY_BLOB_STRICT but older versions of HSM can return RSA keys as a concatenation of private key and public key in the formats defined in PKCS#1 v1.5, in sections 7.1 and 7.2. This option is retained for compatibility. Use PRIVATE_KEY_BLOB_STRICT.
Property
An RSA key pair in PRIVATE_KEY_BLOB_P8 format will be imported. hKEKey must be the context of a symmetric key. The key blob format is the PrivateKeyInfo defined in PKCS#8.
Property
A public key from an RSA or EC key pair will be exported in the format PUBLIC_KEY_BLOB.hKEKey must be equal to NULL. The context returned by the public key export should only be used in digital envelope operations, as the HSM does not persistently create RSA objects with only the public part of the key following the PKCS#1 v2.2 DER format standard.For EC public keys (ECC and ECX) the standard is the SubjectPublicKeyInfo DER format.
Property
A symmetric key will be exported in the format SIMPLE_BLOB.hKEKey must be the context of a private key associated with the public key used to encrypt the blob to be imported.The padding type used to encrypt the key must be 2, as defined in PKCS#1 v1.5 section 8.1.
Property
This flag is not yet supported for RSA keys.
Property
Defines export via digital envelope using the PKCS#1 version 2.1 standard, with RSAES-OAEP encryption scheme. The KEK must be a private key in the HSM, whose corresponding public key was used to create the envelope. The context for this KEK can be obtained via a call to DGetUserKey, where the id of the HSM's RSA key used to open the envelope will be entered. This export method can be used in restricted operating modes.
Property
It defines a symmetric key encrypted by a KEK (Key Encryption Key) that is also symmetric. The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode and padding. The key will be decrypted and imported into the HSM base directly, without any specific formatting.
Property
Defines the import of an HTOP object into the user partition.
Property
A public key from an RSA/ECC key pair in DER format will be imported into the HSM. hKEKey must be equal to NULL.
Property
A public key will be imported into the HSM from the module and the public exponent. hKEKey must be equal to NULL. The completed RSA_PUB_KEY_PARTS structure must be passed in pbData.
Property
Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting.
Property
Import a key encrypted by a KEK (Key Encryption Key). The hKEKey parameter must contain the context of a symmetric key with the appropriate usage parameters already defined, such as mode (according to the algorithm) and padding. The key will be decrypted and imported into the HSM database directly, without any specific formatting. In the key export operation, the format of the private key will be PKCS#8.