 |
CXI
|
Loading...
Searching...
No Matches
|
CXI
|
This class implements an interface to the firmware module CXI running on Utimaco's Hardware Security Module "CryptoServer". More...
Classes | |
| class | ByteArray |
| Flexible byte array. More... | |
| class | ECParameter |
| This class provides methods to handle EC domain parameters. More... | |
| class | ECPublicKey |
| This class provides methods to create and handle public EC keys. More... | |
| class | Key |
| This class is used to encapsulate CXI keys. More... | |
| class | KeyAttAndComp |
| This class is used to encapsulate key attributes (see KeyAttributes) and key components (see KeyComponents) of a key. More... | |
| class | KeyAttributes |
| This class provides methods to create and handle key attribute (property) lists. More... | |
| class | KeyComponents |
| This class provides methods to create and handle key component lists. More... | |
| class | KeyFile |
| This class is used to write the public components of an RSA key into a keyfile. More... | |
| class | KeyStore |
| Key storage for external (MBK encrypted) keys More... | |
| class | MechanismParameter |
| This class is used to construct a mechanism parameter which provides additional, mechanism-specific information. More... | |
| class | MechParamCCM |
| This class is used to construct a mechanism parameter for AES encryption / decryption in mode Counter with CBC-MAC (CCM, see NIST SP-800-38C). More... | |
| class | MechParamECIES |
| This class is used to construct a mechanism parameter for 'Elliptic Curve (Augmented) Encryption Scheme' (ECIES, see ANSI X9.63). More... | |
| class | MechParamGCM |
| This class is used to construct a mechanism parameter for AES encryption / decryption with GCM (Galois Counter Mode, see NIST SP-800-38D) chaining. More... | |
| class | MechParamGMAC |
| This class is used to construct a mechanism parameter for AES MAC creation / verification with 'Galois Counter MAC' chaining (GMAC, see NIST SP-800-38D). More... | |
| class | MechParamOAEP |
| This class is used to construct a mechanism parameter for RSA encryption / decryption with PKCS#1_v2.1 RSAES-OAEP padding scheme. More... | |
| class | MechParamPSS |
| This class is used to construct a mechanism parameter for RSA signature creation / verification with PKCS#1_v2.1 RSASSA-PSS padding scheme. More... | |
Public Member Functions | |
Constructors | |
| CryptoServerCXI (String device) throws IOException, NumberFormatException, CryptoServerException | |
| Creates a new connection to a single CryptoServer. More... | |
| CryptoServerCXI (String device, int timeout) throws IOException, NumberFormatException, CryptoServerException | |
| Creates a new connection to a single CryptoServer. More... | |
| CryptoServerCXI (String[] devices, int timeout) throws IOException, CryptoServerException | |
| Creates a new connection to a CryptoServer cluster. More... | |
| CryptoServerCXI (CryptoServerConfig config) throws IOException, CryptoServerException | |
| Creates a new connection to a CryptoServer or CryptoServer cluster. More... | |
Miscellaneous Functions | |
| int | getFirmwareVersion () throws IOException, CryptoServerException |
| Returns the version number of the CryptoServer firmware module CXI (x.x.x.x). | |
Functions for Key Management | |
| Key | generateKey (int flags, KeyAttributes keyTemplate, int mech) throws IOException, CryptoServerException |
| Generates a new keys according on the given template (key attributes). More... | |
| Key | generateKey (int flags, KeyAttributes keyTemplate) throws IOException, CryptoServerException |
| Generates a new keys according on the given template (key attributes). More... | |
| KeyAttributes | generateDSADomainParam (int psize, int qsize, int mech) throws IOException, CryptoServerException |
| Creates the domain parameter (P, Q and G), needed to create a DSA key (see CryptoServerCXI.CryptoServerCXI.generateKey). More... | |
| byte[] | generateDSAPQParam (int psize, int qsize, int mech, int hash, byte[] seed, int index) throws IOException, CryptoServerException |
| Creates the domain parameter (P and Q), needed to create a DSA key (see CryptoServerCXI.CryptoServerCXI.generateKey) as described in FIPS 186-4. More... | |
| KeyAttributes | generateDSAGParam (byte[] mechParamAndPropList) throws IOException, CryptoServerException |
| Creates the domain parameter G, needed to create a DSA key (see CryptoServerCXI.CryptoServerCXI.generateKey) as described in FIPS 186-4. More... | |
| Key | findKey (int flags, KeyAttributes keyTemplate) throws IOException, CryptoServerException |
| Finds a key in the internal database of the CryptoServer and returns either a key handle or a key backup blob. More... | |
| Key | findKey (KeyAttributes keyTemplate) throws IOException, CryptoServerException |
| Finds a key in the internal database of the CryptoServer and returns a key handle. More... | |
| KeyAttributes | getKeyAttributes (Key key, boolean all) throws IOException, CryptoServerException |
| Inquires key attributes of a key. More... | |
| Key | setKeyAttributes (Key key, KeyAttributes attr) throws IOException, CryptoServerException |
| Sets one or more key attributes for a key. More... | |
| KeyAttributes | getKeyAttributes (Key key, int[] desired) throws IOException, CryptoServerException |
| KeyAttributes[] | listKeys (KeyAttributes keyTemplate) throws IOException, CryptoServerException |
| Enumerates the keys which are currently stored in the CXI database on the CryptoServer. More... | |
| KeyAttributes[] | listKeys () throws IOException, CryptoServerException |
| Enumerates the keys which are currently stored in the CXI database on the CryptoServer. More... | |
| Key | backupKey (Key key) throws IOException, CryptoServerException |
| Exports a key as key backup blob. More... | |
| Key | restoreKey (int flags, Key key, KeyAttributes keyTemplate) throws IOException, CryptoServerException |
| Restores (imports) a key from a key backup blob, see Format of Key Blobs. More... | |
| void | deleteKey (Key key) throws IOException, CryptoServerException |
| Delete a key from the CryptoServer. More... | |
| byte[] | exportKey (Key key, int type, Key wrapKey, int mech) throws IOException, CryptoServerException |
| Export a key from the CryptoServer. More... | |
| byte[] | exportKey (Key key, int type, Key wrapKey) throws IOException, CryptoServerException |
| Export a key from the CryptoServer. More... | |
| KeyAttAndComp | exportClearKey (Key key, int type) throws IOException, CryptoServerException |
| Export a key (cleartext) from the CryptoServer. More... | |
| Key | importKey (int flags, int type, KeyAttributes keyTemplate, byte[] keyBlob, Key wrapKey, int mech) throws IOException, CryptoServerException |
| Imports a key blob of type 'Simple Blob' (see Format of Key Blobs). More... | |
| Key | importKey (int flags, int type, KeyAttributes keyTemplate, byte[] keyBlob, Key wrapKey) throws IOException, CryptoServerException |
| Imports a key blob of type 'Simple Blob' (see Format of Key Blobs). More... | |
| Key | importClearKey (int flags, int type, KeyAttributes keyTemplate, KeyComponents keyComponents) throws IOException, CryptoServerException |
| Imports a clear text key. More... | |
Cryptographic Functions | |
| byte[] | crypt (int flags, Key key, int mech, byte[] mechParam, byte[] data, ByteArray iv, ByteArray tag, byte[] tag_in) throws IOException, CryptoServerException |
| Encrypt or decrypt data. More... | |
| byte[] | crypt (Key key, int mech, byte[] mechParam, byte[] data, ByteArray iv) throws IOException, CryptoServerException |
| Encrypt or decrypt data. More... | |
| byte[][] | bulkCrypt (Key key, int mech, byte[][] data) throws IOException, CryptoServerException |
| Encrypt or decrypt multiple data items in one operation. More... | |
| byte[] | sign (int flags, Key key, int mech, byte[] mechParam, byte[] data, ByteArray iv) throws IOException, CryptoServerException |
| Digitally signs the given hash value (asymmetric algorithms) or calculates a Message Authentication Code (MAC) or hash based MAC (HMAC) (symmetric algorithms). More... | |
| byte[] | sign (Key key, int mech, byte[] data) throws IOException, CryptoServerException |
| Digitally signs the given hash value (asymmetric algorithms) or calculates a Message Authentication Code (MAC) or hash based MAC (HMAC) (symmetric algorithms). More... | |
| byte[][] | bulkSign (Key key, int mech, byte[][] data) throws IOException, CryptoServerException |
| Digitally signs up to 16(ECDSA)/50(RSA) hash values in one operation. More... | |
| boolean | verify (int flags, Key key, int mech, byte[] mechParam, byte[] data, byte[] signature, ByteArray iv) throws IOException, CryptoServerException |
| Verifies a digital signature, Message Authentication Code (MAC) or hash based MAC (HMAC). More... | |
| boolean | verify (Key key, int mech, byte[] data, byte[] signature) throws IOException, CryptoServerException |
| Verifies a digital signature, Message Authentication Code (MAC) or hash based MAC (HMAC). More... | |
| byte[] | generateRandom (int length, int mech) throws IOException, CryptoServerException |
| Generate random bytes. More... | |
| byte[] | computeHash (int flags, int mech, byte[] data, byte[] info, Key key) throws IOException, CryptoServerException |
| Computes a hash or hash based MAC (HMAC) over the given data. More... | |
| byte[] | agreeSecret (int flags, Key privateKey, Key publicKey, int mech, byte[] mechParam) throws IOException, CryptoServerException |
| This function calculates a shared secret from two ECDH or ECDSA keys as described in TR-03111. More... | |
| Key | deriveKey (int flags, Key privateKey, KeyAttributes keyTemplate, int mech, byte[] mechParam) throws IOException, CryptoServerException |
| Key | setFIPSUsage (Key key, int usage) throws CryptoServerException, IOException |
| Sets the FIPS usage/padding specifier in the attribute list of the Key. More... | |
 Public Member Functions inherited from CryptoServerCluster | |
| CryptoServerCluster (String[] devices, int timeout) throws IOException, CryptoServerException | |
| Creates a new connection to a CryptoServer cluster. More... | |
| CryptoServerCluster (CryptoServerConfig config) throws IOException, CryptoServerException | |
| Creates a new connection to a CryptoServer or CryptoServer cluster. More... | |
| CryptoServerCluster (String device, int timeout) throws IOException, CryptoServerException | |
| Creates a new connection to a CryptoServer (a cluster of one only one CryptoServer). More... | |
| CryptoServerCluster (String device) throws IOException, CryptoServerException | |
| Creates a new connection to a CryptoServer (a cluster of one only one CryptoServer). More... | |
| synchronized void | open (String[] devices, int connTimeout) throws CryptoServerException |
| synchronized void | close () |
| Closes the connection to the CryptoServer cluster. More... | |
| byte[] | exec (int fc, int sfc, byte[] cmd, CryptoServerAPI.CryptoServerCluster.Error[] errList) throws IOException, CryptoServerException |
| Executes a command on the current CryptoServer. More... | |
| byte[] | exec (int fc, int sfc, byte[] cmd) throws IOException, CryptoServerException |
| Executes a command on the current CryptoServer. More... | |
| String | getDevice () |
| Returns the device specifier of the current CryptoServer. | |
| int | getTimeout () |
| Returns the current read timeout for all communication with the current CryptoServer. More... | |
| synchronized void | setTimeout (int timeout) throws IOException, CryptoServerException |
| Sets the read timeout. More... | |
| synchronized void | setFallbackInterval (int seconds) throws CryptoServerException |
| Sets the fallback interval time. More... | |
| synchronized void | setKeepSessionAlive (boolean flag) throws CryptoServerException |
| Starts an additional thread that keeps the current session alive and prevents it from expiring after 15 minutes of idle time. More... | |
| synchronized void | setEventHandler (EventHandler eventHandler) throws CryptoServerException |
| Registers an event (callback) handler, that receives notification messages if the state of a CryptoServer changes or an error occurs. More... | |
| synchronized void | logon (String user, String keyFile, byte[] password) throws IOException, CryptoServerException |
| Authenticates a user and establishes a secure messaging session with the current CryptoServer. More... | |
| synchronized void | logoff () throws IOException, CryptoServerException |
| Terminates a secure messaging session and invalidates authentication. More... | |
| int | getAuthState () throws IOException, CryptoServerException |
| Returns resulting authentication state. More... | |
| void | setFallbackInterval (long seconds) throws CryptoServerException |
| void | logonPassword (String user, byte[] password) throws IOException, CryptoServerException |
| void | logonPassword (String user, String password) throws IOException, CryptoServerException |
| void | logonSign (String user, String keyFile, String password) throws IOException, CryptoServerException |
| void | keepSessionAlive () throws CryptoServerException |
| void | logonSC (String user, String pin) throws IOException, CryptoServerException |
| Public Member Functions inherited from CryptoServer | |
| CryptoServer (String device, int timeout) throws IOException, NumberFormatException, CryptoServerException | |
| Creates a new connection to a CryptoServer. More... | |
| CryptoServer (String device) throws IOException, NumberFormatException, CryptoServerException | |
| Creates a new connection to a CryptoServer. More... | |
| CryptoServer (CryptoServerConfig config) throws IOException, NumberFormatException, CryptoServerException | |
| Creates a new connection to a CryptoServer. More... | |
| synchronized void | open (String device, int connTimeout) throws CryptoServerException |
| void | open (String device) throws CryptoServerException |
| void | prepareAuthenticationHMAC (String user, byte[] password) throws CryptoServerException |
| Prepares to authenticate the subsequent commands with "HMAC Password" mechanism. More... | |
| void | prepareAuthenticationHMAC (String user, String password) throws CryptoServerException, UnsupportedEncodingException |
| Prepares to authenticate the subsequent commands with "HMAC Password" mechanism. More... | |
| void | prepareAuthenticationRSASign (String user, String keySpec, String pin) throws IOException, CryptoServerException |
| Prepares to authenticate the subsequent commands with "RSA Signature" mechanism. More... | |
| void | prepareAuthenticationRSASC (String user, String pin) throws IOException, CryptoServerException |
| Prepares to authenticate the subsequent commands with "RSA Smartcard" mechanism. More... | |
| synchronized void | endAuthentication () |
| Stops authentication. More... | |
| void | getSessionKeyDH () throws IOException, CryptoServerException |
| Establishes a secure messaging session with the CryptoServer using 2048 bit Diffie-Hellman key agreement. More... | |
| void | setEndSessionOnShutdown (boolean flag) |
| Enables or disables a ShutdownHook for terminating active sessions. More... | |
| synchronized void | endSession () |
| Terminates a secure messaging session. More... | |
| void | getSessionKeyDH (int size) throws IOException, CryptoServerException |
| void | setTrace (PrintStream out) |
| void | setTrace (boolean flag) |
| void | setTrace (PrintStream out, boolean flag) |
| Enables or disables the trace function. More... | |
Static Public Member Functions | |
| static double | getVersion () |
| Returns the version of the CXI API (x.xx). | |
| Static Public Member Functions inherited from CryptoServer | |
| static String | getName () |
| Returns the name of the CryptoServerAPI. More... | |
| static double | getVersion () |
| Returns the version of the CryptoServerAPI (x.xx) More... | |
Static Public Attributes | |
| static final int | KEY_ALGO_RAW = 0x00000000 |
| Raw data object or generic secret. | |
| static final int | KEY_ALGO_DES = 0x00000001 |
| DES (56, 112, 168 bit) | |
| static final int | KEY_ALGO_AES = 0x00000002 |
| AES (128, 192, 256 bit) | |
| static final int | KEY_ALGO_RSA = 0x00000003 |
| RSA. | |
| static final int | KEY_ALGO_ECDSA = 0x00000004 |
| Elliptic Curves signature algorithm. | |
| static final int | KEY_ALGO_DSA = 0x00000005 |
| Digital Signature Algorithm. | |
| static final int | KEY_ALGO_ECDH = 0x00000006 |
| Diffie-Hellmann key exchange algorithm based on Elliptic Curves. | |
| static final int | KEY_ALGO_DH = 0x00000007 |
| Diffie-Hellman according to X9.42 (domain parameter P,Q,G) | |
| static final int | KEY_ALGO_DH_PKCS = 0x00000008 |
| Diffie-Hellman according to PKCS#11 (domain parameter P,G) | |
| static final int | KEY_ALGO_X509 = 0x00000009 |
| X509 certificate. | |
| static final int | KEY_ALGO_X509_ATT = 0x0000000A |
| X509 attribute certificate. | |
| static final int | KEY_EXPORT_ALLOW = 0x00000001 |
| Allow key export. | |
| static final int | KEY_EXPORT_ALLOW_PLAIN = 0x00000002 |
| Allow clear text key export. | |
| static final int | KEY_EXPORT_DENY_BACKUP = 0x00010000 |
| Deny key backup. | |
| static final int | KEY_USAGE_DECRYPT = 0x00000001 |
| Key may be used for decryption. | |
| static final int | KEY_USAGE_SIGN = 0x00000002 |
| Key may be used for signature creation. | |
| static final int | KEY_USAGE_DERIVE = 0x00000004 |
| Key may be used for key agreement. | |
| static final int | KEY_USAGE_WRAP = 0x00000008 |
| Key may be used for key wrapping. | |
| static final int | KEY_USAGE_ENCRYPT = 0x00000010 |
| Key may be used for encryption. | |
| static final int | KEY_USAGE_VERIFY = 0x00000020 |
| Key may be used for signature verification. | |
| static final int | KEY_USAGE_UNWRAP = 0x00000080 |
| Key may be used for key unwrapping. | |
| static final int | KEY_TYPE_PUBLIC = 0x00000001 |
| Public key object. | |
| static final int | KEY_TYPE_PRIVATE_ONLY = 0x00000002 |
| Private key object (without public components) | |
| static final int | KEY_TYPE_PRIVATE = 0x00000003 |
| Private key object (contains also public components) | |
| static final int | KEY_TYPE_PRIVATEF = 0x00000007 |
| rfu | |
| static final int | KEY_TYPE_SECRET = 0x00000008 |
| Secret key object. | |
| static final int | KEY_BLOB_SIMPLE = 0x00010000 |
| Simple blob format (Utimaco) | |
| static final int | MECH_KDF_ENC_DATA = 0x40000000 |
| Derive key using result of data encryption. | |
| static final int | MECH_KDF_ECDH = 0x50000000 |
| Derive key using result of hash calculation over shared secret. | |
| static final int | MECH_KDF_ECDH_COF = 0x60000000 |
| Same as CXI_MECH_KDF_ECDH but include cofactor of curve into hash calculation. | |
| static final int | MECH_KDF_DH = 0x70000000 |
| Derive key using result of hash calculation over shared secret. | |
| static final int | MECH_KDF_XOR_BASE_AND_DATA = 0x80000000 |
| XOR a base key and given data to derive key. | |
| static final int | MECH_KDF_CAT_BASE_AND_KEY = 0x90000000 |
| Concatenate a base key with a second key to derive key. | |
| static final int | MECH_KDF_CAT_BASE_AND_DATA = 0xA0000000 |
| Concatenate a base key with given data to derive key. | |
| static final int | MECH_KDF_CAT_DATA_AND_BASE = 0xB0000000 |
| Concatenate given data with a base key to derive key. | |
| static final int | MECH_KDF_EXTRACT_KEY_FROM_KEY = 0xC0000000 |
| Extract part of a base key to derive key. | |
| static final int | MECH_MODE_HASH = 0x00000000 |
| Calculate HASH. | |
| static final int | MECH_MODE_HMAC = 0x01000000 |
| Calculate HMAC. | |
| static final int | MECH_MODE_MAC1 = 0x05000000 |
| Calculate ECIES MAC1. | |
| static final int | MECH_MODE_ENCRYPT = 0x02000000 |
| Encryption mode. | |
| static final int | MECH_MODE_DECRYPT = 0x03000000 |
| Decryption mode. | |
| static final int | MECH_CHAIN_ECB = 0x00000000 |
| Electronic Code Book chaining mode. | |
| static final int | MECH_CHAIN_CBC = 0x00100000 |
| Cipher Block Chaining mode. | |
| static final int | MECH_CHAIN_CBC_RETAIL = 0x00200000 |
| CBC retail chaining mode (DES) | |
| static final int | MECH_CHAIN_CMAC = 0x00300000 |
| AES CMAC. | |
| static final int | MECH_CHAIN_CFB_RETAIL = 0x00400000 |
| CFB retail chaining mode (DES) | |
| static final int | MECH_CHAIN_GCM = 0x00600000 |
| Galois Counter Mode (AES) | |
| static final int | MECH_CHAIN_OFB = 0x00700000 |
| Output Feedback Mode (AES) | |
| static final int | MECH_CHAIN_CCM = 0x00800000 |
| Counter with CBC-MAC (AES) | |
| static final int | MECH_CHAIN_KEY_WRAP = 0x00900000 |
| Key Wrap NIST SP800-38F (AES) | |
| static final int | MECH_PAD_NONE = 0x00000000 |
| Don't apply padding. | |
| static final int | MECH_PAD_PKCS5 = 0x00001000 |
| Apply padding according to PKCS#5. | |
| static final int | MECH_PAD_RANDOM = 0x00002000 |
| Apply random padding (ISO 10126) | |
| static final int | MECH_PAD_ISO7816 = 0x00003000 |
| Apply padding according to ISO7816. | |
| static final int | MECH_PAD_PKCS1 = 0x00004000 |
| Apply padding according to PKCS#1_v1.5. | |
| static final int | MECH_PAD_OAEP = 0x00005000 |
| Apply padding according to PKCS#1_v2.1 RSAES-OAEP. | |
| static final int | MECH_PAD_PSS = 0x00006000 |
| Apply padding according to PKCS#1_v2.1 RSASSA-PSS. | |
| static final int | MECH_PAD_X9_31 = 0x00007000 |
| Apply padding according to ANSI X9.31. | |
| static final int | MECH_PAD_ZEROFILL = 0x00008000 |
| Pad with zeros up to block length. | |
| static final int | MECH_PAD_KWP = 0x00009000 |
| Pad for key wrap NIST SP800-38F (AES) | |
| static final int | MECH_NIST_SP800_56A = 0x00000200 |
| Apply NIST SP800-56A. | |
| static final int | MECH_FORMAT_ASN1 = 0x00000400 |
| Return ASN.1 encoded data. | |
| static final int | MECH_FORMAT_STRIP_LEAD_ZERO = 0x00000000 |
| Strip leading zeros. | |
| static final int | MECH_FORMAT_KEEP_LEAD_ZERO = 0x00000800 |
| Keep leading zeros. | |
| static final int | MECH_FORMAT_X = 0x00000800 |
| x coordinate only | |
| static final int | MECH_HASH_ALGO_SHA1 = 0x00000010 |
| SHA1 hash algorithm. | |
| static final int | MECH_HASH_ALGO_RMD160 = 0x00000020 |
| RipeMD160 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA224 = 0x00000030 |
| SHA224 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA256 = 0x00000040 |
| SHA256 hash algorithm. | |
| static final int | MECH_HASH_ALGO_MD5 = 0x00000050 |
| MD5 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA384 = 0x00000060 |
| SHA384 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA512 = 0x00000070 |
| SHA512 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA3_224 = 0x00000080 |
| SHA3-224 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA3_256 = 0x00000090 |
| SHA3-256 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA3_384 = 0x000000A0 |
| SHA3-384 hash algorithm. | |
| static final int | MECH_HASH_ALGO_SHA3_512 = 0x000000B0 |
| SHA3-512 hash algorithm. | |
| static final int | MECH_RND_REAL = 0x00000000 |
| Use real (hardware) random number generator. | |
| static final int | MECH_RND_PSEUDO = 0x00000001 |
| Use pseudo (deterministic) random generator. | |
| static final int | MECH_KEYGEN_PROB_PRIME = 0x00000000 |
| Use probable prime number generation according to Miller-Rabin. | |
| static final int | MECH_KEYGEN_PROV_PRIME = 0x00000002 |
| Use proven prime number generation according to Maurer. | |
| static final int | MECH_DPGEN_DP_FIPS186_4 = 0x00000100 |
| Create DSA domain parameters conform to FIPS 186-4. | |
| static final int | MECH_KEYGEN_ANSI_PRIME = 0x00000004 |
| Use prime number generation according to ANSI. | |
| static final int | MECH_KEYGEN_FIPS186_4_PRIME = 0x00000006 |
| Create prime numbers according to FIPS-186-4. | |
| static final int | MECH_KEYGEN_COMP = 0x00000002 |
| Public key in compressed form. | |
| static final int | MECH_KEYGEN_UNCOMP = 0x00000004 |
| Public key in uncompressed form. | |
| static final int | MECH_KEYGEN_HYBRID = 0x00000006 |
| Public key in hybrid form. | |
| static final int | FLAG_OVERWRITE = 0x00000001 |
| Overwrite key if already existing. | |
| static final int | FLAG_EXTERNAL = 0x00000002 |
| Don't store key on CryptoServer but return MBK encrypted key blob to be stored externally. | |
| static final int | FLAG_VOLATILE = 0x00000004 |
| Volatile key storage (until next restart of CryptoServer) | |
| static final int | FLAG_HASH_PART = 0x00000020 |
| Don't finalize hash, return hash digest info instead. | |
| static final int | FLAG_HASH_DATA = 0x00000040 |
| Given data has to be hash. | |
| static final int | FLAG_ENCRYPT_SECRET = 0x00000080 |
| Encrypt shared secret with MBK. | |
| static final int | FLAG_CRYPT_INIT = 0x00000100 |
| Initialize En/Decryption Operation (RFU) | |
| static final int | FLAG_CRYPT_FINAL = 0x00000200 |
| Finalize En/Decryption Operation. | |
| static CryptoServerLog | CxiLog = new CryptoServerLog("cxi.log", CryptoServerLog.LogLevel.Warning, 0x100000) |
| Static instance of CryptoServerLog that provides unified logging. More... | |
This class implements an interface to the firmware module CXI running on Utimaco's Hardware Security Module "CryptoServer".
Depending on the Constructor, that has been called to create the instance, CryptoServerCXI can represent the connection to a single, dedicated CryptoServer or to a cluster of CryptoServers.
The following code illustrates how to magage keys with the CryptoServerCXI class:
The following code illustrates how to use cryptographic functions:
1.9.5