Key-related Calls
Key-related classes are:
NaeKeySpec
NaeRijndaelKey
NaeRSAKey
NaeTripleDesKey
NaeFpe
NaeKeyManagement
NaeAesGcm
NaeKeySpec
All NAE key classes implement this interface.
Properties
Properties | Description |
---|---|
int KeySize | (read & write) Retrieves the key size. |
bool IsExportable | (read & write) True if the key can be exported. |
bool IsDeletable | (read & write) True if the key can be deleted. |
bool IsVersioned | (read only) True if the key is a versioned key. |
string CryptoAlgName | (read only) Name of the Cryptographic algorithm to which the key belongs to. |
string KeyName | (read only) Key name. |
NaeRijndaelKey
This class implements the AES algorithm. This class extends System.Security.Cryptography.Rijndael
and CADP.NetCore.Crypto.INaeSymmetricKey
.
Constructors
Constructor | Description |
---|---|
NaeRijndaelKey (NaeSession naeSession, string keyName) | Creates a new instance of an AES key object that accesses the key keyName on the NAE Server. |
NaeRijndaelKey (NaeSession naeSession) | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey(). |
Properties
Properties | Description |
---|---|
string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
string KeyName | (read) Key name. |
byte [] Key | (read) Retrieves the key bytes. Throws an NaeException if the Key is not exportable. Any attempt to set this property will throw a NotImplementedException. |
int Feedback | Not supported. |
bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
Methods
Method | Description |
---|---|
void GenerateKey(string KeyName); | Creates a new key on the NAE Server. |
ICryptoTransform CreateDecryptor(); | Same as superclass, but might throw an NaeException. |
ICryptoTransform CreateDecryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
ICryptoTransform CreateDecryptor (byte[] KeyBytes, byte[] IV) | Not supported; use CreateDecryptor() or CreateDecryptor (IV) instead. |
ICryptoTransform CreateEncryptor(); | Same as superclass, but might throw an NAEException. |
ICryptoTransform CreateEncryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
ICryptoTransform CreateEncryptor (byte[] KeyBytes, byte[] IV) | Not supported; use CreateEncryptor() or CreateEncryptor (IV) instead. |
Note
When using AES keys with no padding, the plaintext must be greater than 0 bytes.
NaeRSAKey
This class implements the RSA algorithm. This class extends System.Security.Cryptography.RSA and System.Security.Cryptography.NAEKey.
Constructors
Constructor | Description |
---|---|
NaeRsaKey(NaeSession naeSession, string keyName); | Creates a new instance of an RSA key object that accesses the KeyName key on the NAE Server. |
NaeRsaKey(NaeSession naeSession); | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey. |
Properties
Properties | Description |
---|---|
string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
string KeyName (read) | Key name. |
bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the CipherTrust Manager. |
bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
Methods
Method | Description |
---|---|
void GenerateKey(string KeyName); | Creates a new key on the CipherTrust Manager. |
byte[] SignData(byte[] inputdata, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) | Returns signed bytes for a byte input, string algorithm name, and RSA signature padding. |
bool VerifyData(byte[] inputdata, byte[] signedData, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) | Verifies the signed bytes with the byte input data, string algorithm name, and RSA signature padding. |
byte[] Encrypt(byte[] data, RSAEncryptionPadding padding) | Returns the encrypted bytes for a byte input and RSA Encryption padding. |
byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) | Returns the decrypted bytes for encrypted bytes input and RSA Encryption padding. |
MaximumAllowedInputSize for Crypto Operation using different padding schemes
Padding | MaximumAllowedInputSize for Crypto Operation |
---|---|
Pkcs1 (default) | InputDataLength <= ( (RSAKeySize/8) – 11 ) |
OaepSHA1 | InputDataLength <= ( (RSAKeySize/8) – 42 ) |
OaepSHA256 OaepSHA384 OaepSHA512 | InputDataLength <= ( (RSAKeySize/8) – (2*HashLength/8) - 2 ) |
NaeTripleDesKey
This class implements the 3DES algorithm. This class extends System.Security.Cryptography.TripleDES.
Constructors
Constructor | Description |
---|---|
NaeTripleDesKey(NaeSession naeSession, string keyName); | Creates a new instance of a 3DES key object that accesses the key named KeyName on the NAE Server. |
NaeTripleDesKey(NaeSession naeSession); | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey(). |
Properties
Properties | Description |
---|---|
string CryptoAlgName | (read) Key Algorithm. |
bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
string KeyName | (read) Key name. |
byte[] | IV CBC mode requires an 8 byte IV. IV is not allowed in ECB mode. |
PaddingMode | Padding PKCS7Padding (default) NoPadding |
CipherMode Mode | ECB (default) CBC |
bool IsVersioned | (read) True if the key is versioned. |
byte[] Key | (read) Retrieves the key bytes. Throws an NaeException if the key is not exportable. Any attempt to set this property will throw a NotImplementedException. |
int KeySize | Supported key sizes are 168 (default) and 112 bits. Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits. A key size of 112 bits refers to two–key triple DES. The sequence of operations in two–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key1 A key size of 168 bits refers to three–key triple DES. The sequence of operations in three–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key3 |
String CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
Methods
Method | Description |
---|---|
void GenerateKey(string keyName); | Creates a new key named KeyName on the NAE Server. |
ICryptoTransform CreateDecryptor(); | Same as superclass, but might throw an NaeException. |
ICryptoTransform CreateDecryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
ICryptoTransform CreateDecryptor (byte[] KeyBytes, byte[] IV); | Not supported; use CreateDecryptor() or CreateDecryptor(byte [] IV) instead. |
ICryptoTransform CreateEncryptor(); | Same as superclass, but might throw an NaeException. |
ICryptoTransform CreateEncryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
ICryptoTransform CreateEncryptor (byte[] KeyBytes, byte[] IV); | Not supported; use CreateEncryptor() or CreateEncryptor(byte [] IV) instead. |
Note
When using DESede keys with no padding, the data you encrypt must be greater than 0 bytes.
NaeFpe
This class implements the FPE algorithm.
Constructors
Constructor | Description |
---|---|
NaeFpe(NaeSession naeSession, string keyName, Cardinality cardinality, UserSpec userSpec = null); | Creates a new instance of an FPE key object, of cardinality 10 or 26, that accesses the key named KeyName and provides the tweak data and tweak algo via UserSpec. |
public NaeFpe(NaeSession naeSession, string keyName, AlgorithmName algoName, UserSpec userSpec = null, string charSetRange = null, Encoding encoding = null, VersionKeyHeaderSupported versionKeyHeaderSupported = VersionKeyHeaderSupported.Internal_Header_Supported); | Creates a new instance of an FPE key object, of cardinality based on algorithmName parameter, that accesses the key named KeyName and provides the tweak data and tweak algo via UserSpec. Provide the charset range in the String format for Unicode. Provide encoding for FPE/FF1v2, only UTF-8 is supported currently. Provide the VersionKeyHeaderSupported value in case of versioned key support. Note: This is the recommended method. |
Properties
Properties | Description |
---|---|
NaeSession naeSession | Authenticated session. |
string CryptoAlgName | (read) Key Algorithm. |
string keyName | (read) Key name. |
Cardinality cardinality | Cardinality is set only for AES Algorithms. These algorithms are picked automatically. Valid values are CARD10, CARD26, CARD62, and UNICODE. |
UserSpec userSpec = null | User specification including TweakAlgo and TweakData. |
AlgorithmName algoName | The Algorithm name can be passed as one of the values from FPE_AES_CARD10, FPE_AES_CARD26, FPE_AES_CARD62, FPE_AES_UNICODE, FPE_FF1v2_CARD10, FPE_FF1v2_CARD26, FPE_FF1v2_CARD62, and FPE_FF1v2_UNICODE. |
string charSetRange = null | Charset Range for Unicode only. For example, "0700-074F,0000-007F,0590-05FF,00C00". |
Encoding encoding = null | This property is only required for FF1v2. Currently, only UTF-8 encoding is supported. Default value is UTF-8. |
versionKeyHeaderSupported = VersionKeyHeaderSupported.Internal_Header_Supported | The key version header can be passed as one of the values: Internal_Header_Supported or External_Header_Supported . |
Methods
Method | Description |
---|---|
ICryptoTransform CreateDecryptor() | Creates a new ICryptoTransform for decrypting data. |
ICryptoTransform CreateEncryptor() | Creates a new ICryptoTransform for encrypting data. |
NaeKeyManagement
This class provides key management operations.
Constructors
Constructor | Description |
---|---|
public NaeKeyManagement (NaeSession naeSession); | Create a new instance of NaeKeyManagement object. |
Methods
Methods | Description |
---|---|
void DeleteKey(string keyName) | Deletes a key. |
byte[] ExportKey(string keyName, KeyType type = KeyType.None) | Exports the keyBytes of a Key in byte []. |
VersionedKey[] ExportKey(string keyName, bool allVersions, KeyType type = KeyType.None) | Exports all versions of a versioned key. |
void GenerateKey(string keyName, int keySize, string algorithmName, bool exportable, bool deletable) | Generates a key of specified algorithm on NAE server. |
INaeKey GetKey(string keyName) | Retrieves the key from the server. You must cast INaeKey into the appropriate key type. |
byte[] ExportWrappedKey(string keyName, byte[] wrapPublicKey, KeyWrapFormat wrapFormat) | Exports the symmetric key wrapped with RSA key bytes. |
bool GetKeyAttributes (string keyName, Dictionary | Retrieves all System and Custom attributes of a key. |
NaeAesGcm
This class provides AES/GCM operations.
Constructors
Constructor | Description |
---|---|
NaeAesGcm(NaeSession naeSession) | Creates a new key object with no key name. This object can be used for GenerateKey method. |
NaeAesGcm(NaeSession naeSession,string keyName, int tagLen) | Creates a new instance of an AES key object that accesses the KeyName key on the NAE Server. |
Methods
Methods | Description |
---|---|
byte[] Encrypt(byte[] nonce, byte[] plainText, out byte[] tag,byte[] aad = null) | Encrypts the plaintext into the ciphertext destination buffer and generates the authentication tag into a separate buffer. |
byte[] Decrypt(byte[] nonce, byte [] cipherText, byte[] tag, byte[] aad = null) | Decrypts the ciphertext into the provided destination buffer if the authentication tag can be validated. |
GenerateKey(string keyName) | Creates a new key on the CipherTrust Manager. |
Dispose() | Disposes an NaeAesGcm object. |
Properties
Property | Description |
---|---|
bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
IsVersioned | (read) True if the key is versioned key. |
string KeyName | (read) Key name. |
int KeySize | (read & write) Only can be set if the key doesn't exist on the NAE Server. |
int TagLen | (read & write) Only can be set at the time of object creation. |