Card PIN. It must be an ASCII numeric string with a maximum length of 8.
exceptions.HsmError If an error occurs in the operation.
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use an approved smartcard reader to read the cards.
Example code: Recovering the shadow of a smartcard
Configures the authentication status of the NS (Network Security) system.
Access control mask(ACL_MASK). It can be a combination of allowed values (e.g. ACL_MASK . OBJ_READ | ACL_MASK.USR_CREATE | ACL_MASK.SYS_OPERATOR) using bitwise operations.
NS authentication state (STATE). Must be one of the values in the NSAUTH_STATE enum.
Array of hexadecimal strings representing the shares M of N. Each share must be a hexadecimal string.
exceptions.HsmError If an error occurs in the operation or if a parameter is invalid.
Generate a Secret and divide it into parts using Shamir's secret sharing scheme.
Minimum number of parts needed to reconstruct the secret. It must be greater than or equal to 2 and less than or equal to n.
Total number of parts generated. Must be greater than or equal to m and less than or equal to 255.
Secret to be divided. If null or not supplied, a random secret will be generated. If supplied, it must be an ASCII string with a fixed length depending on the SVMK version.
Optional
version: SVMK_VERSIONVersion of SVMK that determines the size of the secret. (Optional. Default value is 2)
exceptions.HsmError If an error occurs during operation, such as invalid parameters or a communication error with the HSM.
Shamir's scheme allows you to divide a secret into n
parties, so that at least m
parts are needed to reconstruct the original secret. No combination of m-1
parties reveal any information about the secret.
The SVMK version defines the size of the secret and the format of the parts. Version 2 introduces security improvements over version 1.
If secret
is null, a new random secret with the appropriate size (determined by the version) will be generated. The entropy used to generate the secret will be included in the answer.
If secret
is provided, it will be used as the secret to be split. Make sure that the secret is the correct size for the specified version.
Example code: Generating a Server Master Key and Splitting it into parts with Shamir
Recovers the SVMK (Server Master Key) from a set of parts generated by Shamir's secret sharing scheme.
Array of hexadecimal strings representing the parts of the SVMK. Must contain at least m
valid parts, where m
is the minimum number of parts defined during SVMK generation.
exceptions.HsmError If an error occurs during operation, such as invalid parts, insufficient number of parts or communication error with the HSM.
This method recovers the original SVMK from the parts provided. The parts must have been previously generated by the generateSVMK
. The number of parts supplied must be equal to or greater than the value of m
defined in the generation. The order of the parts does not matter.
If the parts supplied are invalid (incorrect format, different sizes, etc.) or if the number of parts is insufficient, an error will be thrown.
Example code: Recovering a split Server Master Key with Shamir
Obtains information about the smart card.
This method obtains detailed information about the smart card inserted in the reader.
A Promise that resolves with an object ScInfo
containing the smart card information in case of success, or rejects with an object ErrorResponseNH
in the event of an error.
If an error occurs during communication with the Native Host, such as:
This method requires the HSM client to be installed and configured correctly.
The smart card information is returned in an object ScInfo
which contains details such as ATR, CSN, chip version, etc.
In the event of an error, an ErrorResponseNH
is returned, containing the status and error code.
Example code: Retrieving information from a smartcard
Get the smart card label.
The smart card PIN.
A Promise that resolves with an object ScLabel
containing the smart card label in case of success, or reject with a ErrorResponseNH
in the event of an error.
If an error occurs.
This method requires the HSM client to be installed and configured correctly.
The smart card label is returned in a ScLabel
.
In the event of an error, an object ErrorResponseNH
is returned, containing the status and error code.
Example code: Retrieving the label from a smartcard
Define the smart card label.
The smart card PIN.
The new label to be defined.
A Promise that resolves with an object SuccessResponseNH
if successful, or reject with an object ErrorResponseNH
in the event of an error.
Change the smart card PIN.
The current PIN of the smart card.
New PIN to be defined.
A Promise that resolves with an object SuccessResponseNH
if successful, or reject with an object ErrorResponseNH
in the event of an error.
Saves the SVMK (Server Master Key) on the smart card.
The smart card PIN. This must be a numeric string with exactly 8 digits.
The shadow to be recorded, in hexadecimal format. It must be the correct size according to the SVMK version.
Indicates whether to overwrite an existing shadow. If false
and a shadow already exists, the operation will fail.
A Promise that resolves with an object SuccessResponseNH
if successful, or reject with an object ErrorResponseNH
in the event of an error.
If an error occurs, such as:
overwrite
é false
.This method requires the HSM client to be installed and configured correctly. The shadow provided will be stored on the smart card, allowing it to be used for authentication and other operations. Make sure that the shadow is valid and of the correct size according to the SVMK version.
Erases the contents of a smart card.
The smart card PIN. This must be a numeric string with exactly 8 digits.
A Promise that resolves with an object SuccessResponseNH
if successful, or reject with an object ErrorResponseNH
in the event of an error.
If an error occurs, such as:
This method requires the HSM client to be installed and configured correctly. Warning: This operation is irreversible and will erase all the data on the smart card. Make sure you want to delete the smart card before calling up this method.
Reads the shadow of a smart card M from N Dinamo.