Card PIN. It must be an ASCII numeric string with a maximum length of 8.
Optional attribute with the path to the dinamonh.exe utility.
exceptions.HsmError If an error occurs in the operation.
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
Example code: Recovering the shadow of a smartcard
Configures the authentication status of the NS (Network Security) system.
Access control mask(ACL_MASK). It can be a combination of allowed values (e.g. ACL_MASK . OBJ_READ | ACL_MASK.USR_CREATE | ACL_MASK.SYS_OPERATOR) using bitwise operations.
NS authentication state (STATE). Must be one of the values in the NSAUTH_STATE enum.
Array of hexadecimal strings representing the shares M of N. Each share must be a hexadecimal string.
exceptions.HsmError If an error occurs in the operation or if a parameter is invalid.
Generate a Secret and divide it into parts using Shamir's secret sharing scheme.
Minimum number of parts needed to reconstruct the secret. It must be greater than or equal to 2 and less than or equal to n.
Total number of parts generated. Must be greater than or equal to m and less than or equal to 255.
Secret to be divided. If null or not supplied, a random secret will be generated. If supplied, it must be an ASCII string with a fixed length depending on the SVMK version.
Version of SVMK that determines the size of the secret. (Optional. Default value is 2)
exceptions.HsmError If an error occurs during operation, such as invalid parameters or a communication error with the HSM.
Shamir's scheme allows you to divide a secret into n parts, so that at least m parts are needed to reconstruct the original secret. No combination of m-1 parts reveals any information about the secret.
The SVMK version defines the size of the secret and the format of the parts. Version 2 introduces security improvements over version 1.
If secret is null, a new random secret with the appropriate size (determined by the version) will be generated. The entropy used to generate the secret will be included in the response.
If secret is provided, it will be used as the secret to be split. Make sure that the secret is the correct size for the specified version.
Recovers the SVMK (Server Master Key) from a set of parts generated by Shamir's secret sharing scheme.
Array of hexadecimal strings representing the parts of the SVMK. It must contain at least m valid parts, where m is the minimum number of parts defined during SVMK generation.
exceptions.HsmError If an error occurs during operation, such as invalid parts, insufficient number of parts or communication error with the HSM.
This method recovers the original SVMK from the parts provided. The parts must have been previously generated by the generateSVMK method. The number of parts provided must be equal to or greater than the value of m defined in the generation. The order of the parts does not matter.
If the parts supplied are invalid (incorrect format, different sizes, etc.) or if the number of parts is insufficient, an error will be thrown.
Example code: Recovering a split Server Master Key with Shamir
Obtains information about the smart card.
This method obtains detailed information about the smart card inserted in the reader.
Optional attribute with the path to the dinamonh.exe utility.
A Promise that resolves with an ScInfo object containing the smart card information in case of success, or rejects with an ErrorResponseNH object in case of error.
If an error occurs during communication with the Native Host, such as:
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
The smart card information is returned in an ScInfo object, which contains details such as ATR, CSN, chip version, etc.
In the event of an error, an ErrorResponseNH object is returned, containing the status and error code.
Example code: Retrieving information from a smartcard
Get the smart card label.
The smart card PIN.
Optional attribute with the path to the dinamonh.exe utility.
A Promise that resolves with a ScLabel object containing the smart card label in case of success, or rejects with an ErrorResponseNH object in case of error.
The smart card label is returned in a ScLabel object. In the event of an error, an ErrorResponseNH object is returned, containing the status and error code.
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
Example code: Retrieving the label from a smartcard
Define the smart card label.
The smart card PIN.
The new label to be defined.
Optional attribute with the path to the dinamonh.exe utility.
A Promise that resolves with a SuccessResponseNH object in the event of success, or rejects with an ErrorResponseNH object in the event of an error.
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
Change the smart card PIN.
The current PIN of the smart card.
New PIN to be defined.
Optional attribute with the path to the dinamonh.exe utility.
A Promise that resolves with a SuccessResponseNH object in the event of success, or rejects with an ErrorResponseNH object in the event of an error.
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
Saves the SVMK (Server Master Key) on the smart card.
The smart card PIN. This must be a numeric string with exactly 8 digits.
The shadow to be recorded, in hexadecimal format. It must be the correct size according to the SVMK version.
Indicates whether to overwrite an existing shadow. If false and a shadow already exists, the operation will fail.
Optional attribute with the path to the dinamonh.exe utility.
A Promise that resolves with a SuccessResponseNH object in the event of success, or rejects with an ErrorResponseNH object in the event of an error.
If an error occurs, such as:
overwrite an existing shadow when overwrite is false.NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
The shadow provided will be stored on the smart card, allowing it to be used for authentication and other operations. Make sure that the shadow is valid and of the correct size according to the SVMK version.
Erases the contents of a smart card.
The smart card PIN. This must be a numeric string with exactly 8 digits.
Optional attribute with the path to the dinamonh.exe utility.
A Promise that resolves with a SuccessResponseNH object in the event of success, or rejects with an ErrorResponseNH object in the event of an error.
If an error occurs, such as:
NOTE: To carry out this operation, you need to install the HSM Client in the Full option on the device. You can download the HSM Client via this link. You must also use a smartcard reader certified by Dinamo Networks.
OBS:Although it is possible to indicate the path of the Dinamo Native Host manually via the path attribute, Dinamo Networks recommends using it only in cases of severe restriction to the Windows registry or changes to the client's default installation method. Dinamo
Warning: This operation is irreversible and will erase all the data on the smart card. Make sure you want to erase the smart card before using this method.
Lists the objects stored in the HSM.
A Promise that resolves to an array of strings, containing list of objects contained in the HSM partition.
If an error occurs during communication with the HSM, such as connection problems or errors in the HSM's response.
Example code: Listing objects in an HSM partition
Enable TLS Bundle in HSM
Id of the private key in string.
Certificate id in string.
A promise that resolves with a SuccessResponse object in case of success, or rejects with an error in case of failure.
Enable second factor authentication (TFA) for a user
User identifier
Certificate used to enable x509.
A promise that resolves with a SuccessResponse object in case of success, or rejects with an error in case of failure.
Removes Second Authentication Factor (TFA) assigned to a user
User identifier
TFA identifier to be removed.
A promise that resolves with a SuccessResponse object in case of success, or rejects with an error in case of failure.
Retrieves a user's ACL.
User identifier
A promise that resolves with an acls-listed object in case of success, or rejects with an error in case of failure.
Example Code: Retrieving a user's ACLs from an HSM partition
Assigns an Access Control List (ACL) to a user (trust relationship).
The identifier of the user.
Array with the set of ACLs linked to the user.
SuccessResponse object.exceptions.HsmError - Returned if an error is encountered.
Lists blobs stored in the HSM partition.
exceptions.HsmError - Returned if an error is encountered.
Example code: Listing blobs in an HSM partition
Returns information about an object stored in the HSM.
The identifier of the object in the HSM partition.
ObjectInfo object containing information about the object.exceptions.HsmError - Returned if an error is encountered.
Example code: Retrieving information from an object stored in the HSM
Returns information about an object stored in the HSM, avoiding possible noise in the log when trying to query objects that do not exist in the partition.
The identifier of the object in the HSM partition.
ObjectInfo object containing information about the object.exceptions.HsmError - Returned if an error is encountered.
Example code: Retrieving information from an object stored in the HSM
Reads the shadow of a smart card M from N Dinamo.