Key name.
Key algorithm.
Optional
exportable: booleanIf the key is exportable.
Optional
temporary: booleanIf the key is temporary.
Optional
blockchain: booleanWhether the key can be used in blockchain operations.
ATTENTION: Only a few keys will be allowed if blockchain
be informed:
Returns true if the key was created successfully.
If the key name is invalid.
In the event of an error when creating the key.
Example code: Creating a key
Deletes a key stored in the HSM.
Key name.
Returns true if the key was successfully deleted.
If the key name is invalid.
In the event of an error when deleting the key.
Example code: Deleting a key
Locks a key in the HSM.
Key name.
Returns true if the key was successfully locked.
If the key name is invalid.
In the event of an error when deleting the key.
Example code: Locking a key
Unlocks a key in the HSM.
Key name.
Returns true if the key was successfully unlocked.
If the key name is invalid.
In the event of an error when deleting the key.
Example code: Unlocking a key
Import a cryptographic key into the HSM.
Key name.
Data of the key to be imported.
Optional
exportable: booleanIf the key is exportable.
Optional
temporary: booleanIf the key is temporary.
Optional
blockchain: booleanWhether the key can be used in blockchain operations.
Returns true if the key was imported successfully
If the key name is invalid.
If an error occurs when importing the key.
Example code: Importing a symmetric key
Import a certificate into HSM.
Name of certificate.
Certificate to be imported.
Returns true if the certificate was imported successfully.
If the name of the certificate is invalid.
In the event of an error when importing the certificate.
Example code: Importing a certificate
Generates a CSR (Certificate Signing Request).
This is a specialized function of HSM's PKCS#10 CSR generation API.
Key name.
Certificate data.
Optional
hashAlgorith: PKCS10_HASH_ALGORITHMHash algorithm to be used to generate the CSR. If not provided, the standard HSM algorithm will be used.
Returns the CSR in DER format.
Exports a cryptographic key stored in the HSM.
Key name.
Whether the key will be exported in X509 format.
Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.
If the key name is invalid.
If an error occurs when importing the key.
Example code: Exporting an asymmetric public key
Exports the private part of the asymmetric key stored in the HSM.
Key name.
Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.
If the key name is invalid.
If an error occurs when importing the key.
Example code: Exporting an asymmetric private key
Exports the private key stored in the HSM in clear text.
Key name.
Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.
If the key name is invalid.
If an error occurs when importing the key.
Example code: Exporting a symmetric key
Exports the certificate stored in the HSM in clear text.
Key name.
Buffer containing the certificate.
If the key name is invalid.
If an error occurs when importing the key.
Example code: Exporting certificate in plain text
Import a key encrypted by a KEK (Key Encryption Key).
Operating mode for importing the key.
Padding option for KEK operation.
Key name.
Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.
Object type.
Buffer containing the data of the encrypted key to be imported.
Optional
iv: stringInitialization Vector. Required for enums.KEK_MODE.MODE_CBC mode.
Optional
exportable: booleanIf the key is exportable.
Optional
temporary: booleanIf the key is temporary.
Optional
blockchain: booleanWhether the key can be used in blockchain operations.
Returns true if the key has been imported.
If the key name is invalid.
If an error occurs when importing the key.
Example code: Importing KEKed key
Exports a key encrypted by a KEK (Key Encryption Key).
Operating mode for importing the key.
Padding option for KEK operation.
Key name.
Name of the Key Encryption Key (KEK) that will be used to decrypt the imported key.
Optional
iv: stringInitialization Vector. Required for enums.KEK_MODE.MODE_CBC mode.
Buffer containing the key data according to the enums.KEY_EXPORT_FORMAT format.
If the key name is invalid.
If an error occurs when importing the key.
Example code: Exporting KEKed key
Import a PKCS#8 key for the HSM.
Key name.
Key type.
Key password. Minimum $constants.P8_IMPORT_EXPORT_SECRET_MIN_LEN characters, maximum $constants.P8_IMPORT_EXPORT_SECRET_MAX_LEN characters.
Key data in PKCS#8 format (base64).
Optional
exportable: booleanIf the key is exportable.
Optional
temporary: booleanIf the key is temporary.
Optional
blockchain: booleanWhether the key can be used in blockchain operations.
ATTENTION: Only a few keys will be allowed if blockchain
be informed:
Returns true if the key was imported successfully.
Exports a PKCS#8 key from the HSM.
Key name. Minimum $constants.P8_IMPORT_EXPORT_SECRET_MIN_LEN characters, maximum $constants.P8_IMPORT_EXPORT_SECRET_MAX_LEN characters.
Key password.
Returns a buffer containing the key data.
Imports a private key and its corresponding certificate in PKCS#12 format into the HSM.
PKCS#12 (Public-Key Cryptography Standards #12) is a standard file format for storing private keys, certificates and other cryptographic secrets. It allows multiple objects to be stored in a single file and protected by a password.
The name of the key to be created in the HSM. This name must be unique and follow the HSM naming rules.
The name of the certificate to be created in the HSM. This name must be unique and follow the HSM naming rules.
The password that protects the PKCS#12 file. The length of the password must be between P8_IMPORT_EXPORT_SECRET_MIN_LEN
e P8_IMPORT_EXPORT_SECRET_MAX_LEN
.
The contents of the PKCS#12 file in the form of a Buffer. This buffer must contain the binary data from the PKCS#12 file.
Optional
pubKey: stringPublic key of the certificate in hexadecimal format.
Optional
exportable: booleanIf the key is exportable.
Optional
temporary: booleanIf the key is temporary.
A promise that resolves to true
if the import is successful.
If the name of the key or certificate is invalid.
If the password is invalid (null, empty or out of bounds).
If an error occurs during the import, such as a communication error with the HSM or an incorrect password.
Example code: Importing a PKCS#12
Creates and stores a cryptographic key associated with an algorithm according to the parameters entered, within the HSM.