public class LunaAPI
extends java.lang.Object
In general these methods are intended only for use only by SafeNet defined classes. These methods may change at any time and you are encouraged to make use of other interfaces. If you find you absolutely need to use a method here then request that method be wrapped via another more appropriate proprietary class like, say, LunaSLotManager, or LunaTokenObject.
Modifier and Type | Class and Description |
---|---|
static class |
LunaAPI.CKD
Encapsulates the PKCS KDF values.
|
static class |
LunaAPI.CKDHP
Encapsulates the PKCS DH primitive values.
|
static class |
LunaAPI.CKES
Encapsulates the PKCS encryption scheme values.
|
static class |
LunaAPI.CKMS
Encapsulates the PKCS HMAC values.
|
Constructor and Description |
---|
LunaAPI() |
Modifier and Type | Method and Description |
---|---|
int |
AssignAlias(int sessionHandle,
int keyHandle,
java.lang.String label,
byte[] idAttr)
Create a new object which is a clone of the old, but is persistent and has the given alias.
|
byte[] |
BIP32ExportPublicKey(int sessionHandle,
int hKey)
Exports the Hierarchical Deterministic public key in Base58-encoded format.
|
int |
BIP32ImportPublicKey(int sessionHandle,
byte[] key)
Imports the Base58-encoded Hierarchical Deterministic public key.
|
int |
CheckSessionState(int sessionHandle)
Returns the PKCS11 state of the session.
|
int |
checkTokenPresenceForReconnect(int slot)
Checks if a token is present on the given slot to determine if reconnect is required
|
int |
Cipher(int cipherMode,
int sessionHandle,
byte[] input,
int inputOffset,
int inputLen,
byte[] output,
int outputOffset)
Single part encryption or decryption operation.
|
int |
CipherFinal(int cipherMode,
int sessionHandle,
byte[] output,
int outputOffset)
Finishes an encryption or decryption operation.
|
void |
CipherInit(int cipherMode,
int sessionHandle,
long mechType,
int keyHandle,
byte[] params)
Starts an encryption or decryption operation with the given secret key.
|
int |
CipherUpdate(int cipherMode,
int sessionHandle,
byte[] input,
int inputOffset,
int inputLen,
byte[] output,
int outputOffset)
Updates an encryption or decryption operation.
|
void |
CloseSession(int sessionHandle)
Closes the given session
|
static LunaNamedCurve |
CurveLookup(int curveId)
Translate a string representation of a named curve to the Curve ID.
|
static LunaNamedCurve |
CurveLookup(java.lang.String name)
Translate a string representation of a named curve to the Curve ID.
|
void |
DeleteObject(int sessionHandle,
int ObjectHandle)
Delete the given object
|
void |
DeleteObjects(int sessionHandle,
int[] ObjectHandles)
Delete the given objects
|
byte[] |
DeriveKeyAndWrapEcDh(int sessionHandle,
int baseKeyHandle,
byte[] publicValue,
byte[] sharedValue,
long algorithm,
boolean extractable,
int keyLength,
long kdf,
boolean cofactor,
int hWrappingKey,
long mechType,
byte[] mechParams)
Derives (ECDH) a secret key and wraps the secret key.
|
int[] |
DeriveKeyBIP32Child(int sessionHandle,
int baseKeyHandle,
int[] path,
int pathLen,
LunaPkcs11Attributes attributes)
Derives child keypair using CKM_BIP32 derivation mechanism.
|
int[] |
DeriveKeyBIP32Master(int sessionHandle,
int baseKeyHandle,
LunaPkcs11Attributes attributes)
Derives master keypair using CKM_BIP32 derivation mechanism.
|
int |
DeriveKeyDh(int sessionHandle,
int baseKeyHandle,
byte[] publicValue,
long algorithm,
boolean extractable,
boolean derive,
int keyLength)
Derives a secret key using Diffie-Hellman.
|
int |
DeriveKeyEcDh(int sessionHandle,
int baseKeyHandle,
byte[] publicValue,
byte[] sharedValue,
long algorithm,
boolean extractable,
boolean derive,
int keyLength,
long kdf,
boolean cofactor)
Derives a secret key using EC Diffie-Hellman Keys generated are session objects which will only exist for the
duration of the given session.
|
int |
DeriveKeyHash(int sessionHandle,
long mechType,
int baseKeyHandle,
long algorithm,
boolean extractable,
boolean derive,
int keyLength)
Derives a secret key using hash derivation.
|
int |
DeriveKeyPRFKDF(int sessionHandle,
int baseKeyHandle,
long algorithm,
byte[] label,
byte[] context,
long prfType,
long counter,
long encodingScheme,
boolean extractable,
boolean derive,
int keyLength)
Derives a secret key using CKM_NIST_PRF_KDF derivation mechanism.
|
byte[] |
DigestFinal(int sessionHandle)
Complete a digest and retrieve the result
|
void |
DigestInit(int sessionHandle,
long mechType)
Initialize a digest operation on the token
|
void |
DigestUpdate(int sessionHandle,
byte[] input,
int offset,
int len)
Add data to an initalized digest
|
static void |
EncodeInteger(byte[] buffer,
int offset,
int integer)
Converts the given integer into a 32-bit big-endian byte array, and copies that value into the given buffer.
|
void |
Finalize()
Connects to the cryptoki library and invokes C_Finalize Used internally
|
void |
ForceAllHSMSessionsToClose(int slot)
Forces all sessions open against the given slot to close.
|
int[] |
GenerateDhKeyPair(int sessionHandle,
byte[] p,
byte[] g,
int l,
LunaPkcs11Attributes attributes)
Generate a PKCS DH key pair with the given domain parameters.
|
int[] |
GenerateDhX942KeyPair(int sessionHandle,
byte[] p,
byte[] g,
byte[] q,
LunaPkcs11Attributes attributes)
Generate a X9.42 DH key pair with the given domain parameters.
|
int[] |
GenerateDsaKeyPair(int sessionHandle,
byte[] p,
byte[] q,
byte[] g,
LunaPkcs11Attributes attributes)
Generate a DSA key pair with the given domain parameters.
|
byte[] |
GenerateDsaParams(int sessionHandle,
int pBits,
int qBits)
Generate a DSA key with P and Q parameters of the given length.
|
int[] |
GenerateECKeyPair(int sessionHandle,
byte[] oid,
long mech,
LunaPkcs11Attributes attributes)
Generate an ECDSA key pair with the given curve.
|
int |
GeneratePBEKey(int sessionHandle,
long mechType,
byte[] iv,
char[] password,
byte[] salt,
int iterationCount,
boolean extractable,
boolean derive)
Generate a fixed size PBE key with the given password, salt and iteration count.
|
int |
GeneratePBKDF2Key(int sessionHandle,
long prfType,
long keyType,
int keySize,
char[] password,
byte[] salt,
int iterationCount,
boolean extractable,
boolean derive)
Generate a fixed size PBKDF2 key with the given password, salt and iteration count.
|
void |
GenerateRandom(int sessionHandle,
byte[] buffer)
Returns random bytes in the given array
|
int[] |
GenerateRsaKeyPair(int sessionHandle,
int keySize,
byte[] publicExponent,
long mechType,
LunaPkcs11Attributes attributes)
Generate an RSA key pair with a modulus of the given size.
|
int |
GenerateSecretKey(int sessionHandle,
int keySize,
long mechType,
LunaCKAttribute[] template,
LunaPkcs11Attributes attributes)
Generate a secret key with the given size.
|
long |
GetHSMPolicySetting(int slot,
long capability)
Returns the given policy setting for the given HSM slot.
|
long[] |
GetInitialAttributes(int sessionHandle,
int keyHandle)
Returns some attributes common to all objects, as an array of longs.
|
java.lang.String |
GetKeyAlias(int sessionHandle,
int keyHandle)
Return the alias of the object with the specified handle.
|
int[] |
GetKeyList(int sessionHandle)
Return a list of key handles of all persistent keys
|
byte[] |
GetLargeAttribute(int sessionHandle,
int keyHandle,
long attribute)
Return the attribute value for the given key
|
int |
GetNumberOfSlots()
Returns the number of available PKCS slots
|
long[] |
GetObjectClassAndType(int sessionHandle,
int keyHandle)
Get the key class and type respectively for the given handle.
|
int[] |
GetSlotList()
Returns a list of the available PKCS slot numbers.
|
long[] |
GetTokenCVFirmwareVersion(int slot)
Queries the token in the given slot for the CV firmware version
|
long[] |
GetTokenFirmwareVersion(int slot)
Queries the token in the given slot for the firmware version
|
java.lang.String |
GetTokenLabel(int slot)
Queries the token in the given slot and returns the label of the token
|
java.lang.String |
GetTokenModelName(int slot)
Queries the token in the given slot and returns the model name of the token
|
java.lang.String |
GetTokenSerialNumber(int slot)
Queries the token in the given slot for the serial number
|
int |
ImportEdwardsPrivateKey(int sessionHandle,
byte[] curveParams,
byte[] key,
boolean derive,
boolean extract)
Import the Edwards EC private key.
|
int |
ImportEdwardsPublicKey(int sessionHandle,
byte[] curveParams,
byte[] key)
Import the Edwards EC public key.
|
void |
Initialize()
Connects to the cryptoki library and invokes C_Initialize Used internally
|
static int |
intFromHsm(byte[] buffer)
Reads a 32-bit CK_ULONG returned from the HSM.
|
int |
IsTokenPresent(int slot)
Checks if a token is present on the given slot
|
int |
LocateCertByAlias(int sessionHandle,
java.lang.String label)
Search the token for a certificate with the given alias and return its handle.
|
int |
LocateKeyByAlias(int sessionHandle,
java.lang.String label)
Search the token for a key or certificate with the given alias and return its handle.
|
int |
LocateKeyByFingerprint(int sessionHandle,
byte[] fingerprint,
int fingerprintSize)
Search the token for a key or certificate with the given fingerprint and return its handle.
|
int |
LocateKeyOnlyByAlias(int sessionHandle,
java.lang.String label)
Search the token for a key with the given alias and return its handle.
|
int |
LocateObjectByOUID(int sessionHandle,
byte[] ouid)
Search the token for a key or certificate with the given ouid and return its handle.
|
long |
LogExternal(int slot,
int sessionHandle,
java.lang.String logMsg)
Send the string for logging on the Luna
|
void |
Login(int sessionHandle,
long userType,
java.lang.String password)
Login to the given session.
|
void |
Logout(int sessionHandle)
Logs out of the given session
|
static long |
longFromHsm(byte[] buffer)
Reads a 64-bit CK_ULONG returned from the HSM.
|
static byte[] |
longToBytes(long value)
Converts a Java big-endian long value into a byte array corresponding to a 4-byte ULONG on the HSM.
|
long[] |
nativeGetHAStatus(int slot)
Performs a getHAStatus call on the given slot.
|
int |
OpenSession(int slot)
Used to open a session on the given slot
|
void |
PKAAssignKey(int sessionHandle,
int hKey)
Assign a key (e.g.
|
void |
PKAAuthorizeKey(int sessionHandle,
int hKey,
byte[] authData)
Authorize a key for PKA(Per Key Authentication).
|
void |
PKAIncrementFailedAuthCount(int sessionHandle,
int hKey)
Increment the failed authentication count for a key.
|
void |
PKAResetAuthorizationData(int sessionHandle,
int hKey,
byte[] authData)
Clobber authentication data with provided data.
|
void |
PKASetAuthorizationData(int sessionHandle,
int hKey,
byte[] oldAuthData,
byte[] newAuthData)
Change authentication data for a key.
|
void |
SeedRandom(int sessionHandle,
byte[] seed)
Provide the given bytes as seed material for random number generation
|
long |
SetAlias(int sessionHandle,
int keyHandle,
java.lang.String alias)
Return the alias of the object with the specified handle.
|
void |
SetAppIDs(int majorId,
int minorId)
Set the application major and minor app IDs
|
long |
SetBooleanAttribute(int sessionHandle,
int keyHandle,
long attribute,
boolean value)
Set the attribute value for the given key
|
long |
SetLargeAttribute(int sessionHandle,
int keyHandle,
long attribute,
byte[] value)
Set the attribute value for the given key
|
void |
SetPIN(int sessionHandle,
java.lang.String oldPin,
java.lang.String newPin)
Set the PIN.
|
long |
SetSmallAttribute(int sessionHandle,
int keyHandle,
long attribute,
long value)
Sets the attribute value for the given key
|
void |
SetTokenObjectType(int aIntokenObjectType)
set the flag for token(1) or session(0) objects
|
long |
SetUsageCount(int sessionHandle,
int keyHandle,
long value)
Set the usage count for the given key
|
int |
Sign(int sessionHandle,
byte[] inbuf,
int inOffset,
int inLen,
byte[] outbuf,
int outOffset,
int outLen)
Do a single-part sign operation.
|
int |
SignFinal(int sessionHandle,
byte[] outbuf,
int offset,
int len)
Finish a signature operation.
|
void |
SignInit(int sessionHandle,
long mechType,
int keyHandle,
byte[] params)
Start a signature operation with the given private key.
|
void |
SignUpdate(int sessionHandle,
byte[] b,
int off,
int len)
Update a multi-part signature operation with data.
|
byte[] |
SIMExtract(int hSession,
int[] objectHandles,
int authSecretCount,
int authSubsetCount,
long authForm,
int[] authSecretSizes,
byte[] authSecretList)
Performs an extract operation using SIM
|
int[] |
SIMInsert(int hSession,
int authSecretCount,
long authForm,
int[] authSecretSizes,
byte[] authSecretList,
byte[] blob)
Inserts a key that was extracting using a SIM Extract operation
|
int |
StoreCertificate(int sessionHandle,
byte[] derSubject,
byte[] derIssuer,
byte[] derSN,
byte[] berEncodedValue)
Store the given attributes as a certificate object and return its handle.
|
int |
StoreDhPublicKey(int sessionHandle,
byte[] Y,
byte[] P,
byte[] G,
int l)
Creates a DH public key from the given parameters
|
int |
StoreDsaPublicKey(int sessionHandle,
byte[] Y,
byte[] P,
byte[] Q,
byte[] G,
LunaPkcs11Attributes attributes)
Creates a DSA public key from the given parameters
|
int |
StoreECDsaPublicKey(int sessionHandle,
byte[] parameters,
byte[] point,
LunaPkcs11Attributes attributes)
Creates an ECDSA public key from the given parameters
|
int |
StoreRsaPublicKey(int sessionHandle,
byte[] modulus,
byte[] publicExponent,
LunaPkcs11Attributes attributes)
Creates an rsa public key from the given parameters
|
int |
TotalOpenSessionCount(int slot)
Gets the total number of sessions open against the specified slot The number returned is accross all appliations
which have open sessions The number returned combines read-only and read-write sessions.
|
int |
UnwrapKey(int hSession,
int hUnwrappingKey,
long mechType,
byte[] mechParams,
byte[] wrappedKey,
long wrappedKeyAlgorithm,
long wrappedKeyType,
boolean extractable,
boolean derive)
Use the given key and mechanism to unwrap the given blob of data as a key of the given type
|
int |
Verify(int sessionHandle,
byte[] inbuf,
int inOffset,
int inLen,
byte[] outbuf,
int outOffset,
int outLen)
Do a single-part verify operation.
|
int |
VerifyFinal(int sessionHandle,
byte[] sigBytes,
int offset,
int length)
Finish a verify operation.
|
void |
VerifyInit(int sessionHandle,
long mechType,
int keyHandle,
byte[] params)
Start a verify operation with the given public key.
|
void |
VerifyUpdate(int sessionHandle,
byte[] b,
int off,
int len)
Update a multi-part verify operation with data.
|
byte[] |
WrapKey(int hSession,
int hWrappingKey,
long mechType,
byte[] mechParams,
int hKeyToWrap)
Use the given key and mechanism to wrap the other given key and return the wrapped key as an array of bytes
|
public static final long CKM_RSA_PKCS_KEY_PAIR_GEN
public static final long CKM_RSA_STORE_PUB_KEY
public static final long CKM_RSA_PKCS
public static final long CKM_RSA_X_509
public static final long CKM_MD2_RSA_PKCS
public static final long CKM_MD5_RSA_PKCS
public static final long CKM_SHA1_RSA_PKCS
public static final long CKM_RSA_PKCS_OAEP
public static final long CKM_RSA_X9_31_KEY_PAIR_GEN
public static final long CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN
public static final long CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN
public static final long CKM_RSA_X9_31
public static final long CKM_SHA1_RSA_X9_31
public static final long CKM_SHA224_RSA_X9_31
public static final long CKM_SHA256_RSA_X9_31
public static final long CKM_SHA384_RSA_X9_31
public static final long CKM_SHA512_RSA_X9_31
public static final long CKM_SHA1_RSA_X9_31_NON_FIPS
public static final long CKM_SHA224_RSA_X9_31_NON_FIPS
public static final long CKM_SHA256_RSA_X9_31_NON_FIPS
public static final long CKM_SHA384_RSA_X9_31_NON_FIPS
public static final long CKM_SHA512_RSA_X9_31_NON_FIPS
public static final long CKM_RSA_X9_31_NON_FIPS
public static final long CKM_RSA_PKCS_PSS
public static final long CKM_SHA1_RSA_PKCS_PSS
public static final long CKM_DSA
public static final long CKM_DSA_SHA1
public static final long CKM_SHA256_RSA_PKCS
public static final long CKM_SHA384_RSA_PKCS
public static final long CKM_SHA512_RSA_PKCS
public static final long CKM_SHA256_RSA_PKCS_PSS
public static final long CKM_SHA384_RSA_PKCS_PSS
public static final long CKM_SHA512_RSA_PKCS_PSS
public static final long CKM_SHA224_RSA_PKCS
public static final long CKM_SHA224_RSA_PKCS_PSS
public static final long CKM_RC2_KEY_GEN
public static final long CKM_RC2_ECB
public static final long CKM_RC2_CBC
public static final long CKM_RC2_CBC_PAD
public static final long CKM_RC4_KEY_GEN
public static final long CKM_RC4
public static final long CKM_DES_KEY_GEN
public static final long CKM_DES_ECB
public static final long CKM_DES_CBC
public static final long CKM_DES_CBC_PAD
public static final long CKM_DES2_KEY_GEN
public static final long CKM_DES3_KEY_GEN
public static final long CKM_DES3_ECB
public static final long CKM_DES3_CBC
public static final long CKM_DES3_CBC_PAD
public static final long CKM_DES3_CTR
public static final long CKM_DES3_CMAC
public static final long CKM_MD2
public static final long CKM_MD5
public static final long CKM_MD5_HMAC
public static final long CKM_SHA_1
public static final long CKM_SHA_1_HMAC
public static final long CKM_SHA224
public static final long CKM_SHA224_HMAC
public static final long CKM_SHA224_HMAC_GENERAL
public static final long CKM_SHA256
public static final long CKM_SHA256_HMAC
public static final long CKM_SHA384
public static final long CKM_SHA384_HMAC
public static final long CKM_SHA512
public static final long CKM_SHA512_HMAC
public static final long CKM_RIPEMD160
public static final long CKM_RIPEMD160_HMAC
public static final long CKM_RC5_KEY_GEN
public static final long CKM_RC5_ECB
public static final long CKM_RC5_CBC
public static final long CKM_RC5_CBC_PAD
public static final long CKM_GENERIC_SECRET_KEY_GEN
public static final long CKM_SHA1_KEY_DERIVATION
public static final long CKM_SHA224_KEY_DERIVATION
public static final long CKM_PBE_MD2_DES_CBC
public static final long CKM_PBE_MD5_DES_CBC
public static final long CKM_PBE_SHA1_DES3_EDE_CBC
public static final long CKM_ARIA_KEY_GEN
public static final long CKM_ARIA_ECB
public static final long CKM_ARIA_CBC
public static final long CKM_ARIA_CBC_PAD
public static final long CKM_AES_KEY_GEN
public static final long CKM_AES_ECB
public static final long CKM_AES_CBC
public static final long CKM_AES_CBC_PAD
public static final long CKM_AES_CTR
public static final long CKM_AES_CFB8_OLD
public static final long CKM_AES_CFB8
public static final long CKM_AES_CFB128_OLD
public static final long CKM_AES_CFB128
public static final long CKM_AES_OFB_OLD
public static final long CKM_AES_OFB
public static final long CKM_AES_GCM
public static final long CKM_AES_GMAC_OLD
public static final long CKM_AES_GMAC
public static final long CKM_AES_CMAC
public static final long CKM_ARIA_CFB8
public static final long CKM_ARIA_CFB128
public static final long CKM_ARIA_OFB
public static final long CKM_ARIA_CTR
public static final long CKM_ECDSA_KEY_PAIR_GEN_W_EXTRA_BITS
public static final long CKM_ECDSA_GBCS_SHA256
public static final long CKM_ECDSA_KEY_PAIR_GEN
public static final long CKM_EC_KEY_PAIR_GEN
public static final long CKM_EC_STORE_PUB_KEY
public static final long CKM_ECDSA
public static final long CKM_ECDSA_SHA1
public static final long CKM_ECDH1_DERIVE
public static final long CKM_ECDH1_COFACTOR_DERIVE
public static final long CKM_ECMQV_DERIVE
public static final long CKM_ECIES
public static final long CKM_NIST_PRF_KDF
public static final long CKM_DSA_KEY_PAIR_GEN
public static final long CKM_DSA_STORE_PUB_KEY
public static final long CKM_DH_PKCS_KEY_PAIR_GEN
public static final long CKM_X9_42_DH_KEY_PAIR_GEN
public static final long CKM_EC_EDWARDS_KEY_PAIR_GEN_OLD
public static final long CKM_EC_EDWARDS_KEY_PAIR_GEN
public static final long CKM_EC_MONTGOMERY_KEY_PAIR_GEN_OLD
public static final long CKM_EC_MONTGOMERY_KEY_PAIR_GEN
public static final long CKM_EDDSA_NACL
public static final long CKM_EDDSA_OLD
public static final long CKM_EDDSA
public static final long CKM_SHA1_EDDSA_NACL
public static final long CKM_SHA224_EDDSA_NACL
public static final long CKM_SHA256_EDDSA_NACL
public static final long CKM_SHA384_EDDSA_NACL
public static final long CKM_SHA512_EDDSA_NACL
public static final long CKM_SHA1_EDDSA
public static final long CKM_SHA224_EDDSA
public static final long CKM_SHA256_EDDSA
public static final long CKM_SHA384_EDDSA
public static final long CKM_SHA512_EDDSA
public static final long CKM_SM3
public static final long CKM_SM3_HMAC
public static final long CKM_SM3_HMAC_GENERAL
public static final long CKM_SM3_KEY_DERIVATION
public static final long CKM_AES_KW
public static final long CKM_AES_KWP
public static final long CKM_BIP32_MASTER_DERIVE
public static final long CKM_BIP32_CHILD_DERIVE
public static final long CKM_SHA3_256
public static final long CKM_SHA3_256_HMAC
public static final long CKM_SHA3_256_HMAC_GENERAL
public static final long CKM_SHA3_224
public static final long CKM_SHA3_224_HMAC
public static final long CKM_SHA3_224_HMAC_GENERAL
public static final long CKM_SHA3_384
public static final long CKM_SHA3_384_HMAC
public static final long CKM_SHA3_384_HMAC_GENERAL
public static final long CKM_SHA3_512
public static final long CKM_SHA3_512_HMAC
public static final long CKM_SHA3_512_HMAC_GENERAL
public static final long CKM_SHAKE_128
public static final long CKM_SHAKE_256
public static final long CKM_KECCAK_224
public static final long CKM_KECCAK_256
public static final long CKM_KECCAK_384
public static final long CKM_KECCAK_512
public static final long CKM_SHA3_256_RSA_PKCS
public static final long CKM_SHA3_384_RSA_PKCS
public static final long CKM_SHA3_512_RSA_PKCS
public static final long CKM_SHA3_256_RSA_PKCS_PSS
public static final long CKM_SHA3_384_RSA_PKCS_PSS
public static final long CKM_SHA3_512_RSA_PKCS_PSS
public static final long CKM_SHA3_224_RSA_PKCS
public static final long CKM_SHA3_224_RSA_PKCS_PSS
public static final long CKM_ECDSA_SHA3_224
public static final long CKM_ECDSA_SHA3_256
public static final long CKM_ECDSA_SHA3_384
public static final long CKM_ECDSA_SHA3_512
public static final long CKM_DSA_SHA3_224
public static final long CKM_DSA_SHA3_256
public static final long CKM_DSA_SHA3_384
public static final long CKM_DSA_SHA3_512
public static final long CKM_SHA3_256_KEY_DERIVE
public static final long CKM_SHA3_224_KEY_DERIVE
public static final long CKM_SHA3_384_KEY_DERIVE
public static final long CKM_SHA3_512_KEY_DERIVE
public static final long CKM_SHAKE_128_KEY_DERIVE
public static final long CKM_SHAKE_256_KEY_DERIVE
public static final long CKM_SHA3_224_EDDSA
public static final long CKM_SHA3_256_EDDSA
public static final long CKM_SHA3_384_EDDSA
public static final long CKM_SHA3_512_EDDSA
public static final long CKP_PKCS5_PBKD2_HMAC_SHA1
public static final long CKP_PKCS5_PBKD2_HMAC_SM3
public static final long CKD_NULL
public static final long CKD_SHA1_KDF
public static final long CKD_SHA224_KDF
public static final long CKD_SHA256_KDF
public static final long CKD_SHA384_KDF
public static final long CKD_SHA512_KDF
public static final long CKD_CPDIVERSIFY_KDF
public static final long CKD_SHA3_224_KDF
public static final long CKD_SHA3_256_KDF
public static final long CKD_SHA3_384_KDF
public static final long CKD_SHA3_512_KDF
public static final long CKD_SHA1_KDF_SP800
public static final long CKD_SHA224_KDF_SP800
public static final long CKD_SHA256_KDF_SP800
public static final long CKD_SHA384_KDF_SP800
public static final long CKD_SHA512_KDF_SP800
public static final long CKD_SHA3_224_KDF_SP800
public static final long CKD_SHA3_256_KDF_SP800
public static final long CKD_SHA3_384_KDF_SP800
public static final long CKD_SHA3_512_KDF_SP800
public static final long CKD_BLAKE2B_160_KDF
public static final long CKD_BLAKE2B_256_KDF
public static final long CKD_BLAKE2B_384_KDF
public static final long CKD_BLAKE2B_512_KDF
public static final long CKD_RIPEMD160_KDF
public static final long CKD_SHA1_NIST_KDF
public static final long CKD_SHA224_NIST_KDF
public static final long CKD_SHA256_NIST_KDF
public static final long CKD_SHA384_NIST_KDF
public static final long CKD_SHA512_NIST_KDF
public static final long CKD_RIPEMD160_NIST_KDF
public static final long CKD_SHA1_SES_KDF
public static final long CKD_SHA224_SES_KDF
public static final long CKD_SHA256_SES_KDF
public static final long CKD_SHA384_SES_KDF
public static final long CKD_SHA512_SES_KDF
public static final long CKD_RIPEMD160_SES_KDF
public static final long CKD_SHA3_224_NIST_KDF
public static final long CKD_SHA3_256_NIST_KDF
public static final long CKD_SHA3_384_NIST_KDF
public static final long CKD_SHA3_512_NIST_KDF
public static final long CKD_SHA3_224_SES_KDF
public static final long CKD_SHA3_256_SES_KDF
public static final long CKD_SHA3_384_SES_KDF
public static final long CKD_SHA3_512_SES_KDF
public static final long CKES_XOR
public static final long CKES_DES3_CBC_PAD
public static final long CKES_AES_CBC_PAD
public static final long CKES_DES3_CBC
public static final long CKES_AES_CBC
public static final long CKDHP_STANDARD
public static final long CKDHP_ECDH1_COFACTOR
public static final long CKDHP_MODIFIED
public static final long CKDHP_ECDH1
public static final long CKMS_HMAC_SHA1
public static final long CKMS_HMAC_SHA224
public static final long CKMS_HMAC_SHA256
public static final long CKMS_HMAC_SHA384
public static final long CKMS_HMAC_SHA512
public static final long CKMS_HMAC_RIPEMD160
public static final long CKMS_SHA1
public static final long CKMS_SHA224
public static final long CKMS_SHA256
public static final long CKMS_SHA384
public static final long CKMS_SHA512
public static final long CKMS_RIPEMD160
public static final long CKO_DATA
public static final long CKO_CERTIFICATE
public static final long CKO_PUBLIC_KEY
public static final long CKO_PRIVATE_KEY
public static final long CKO_SECRET_KEY
public static final long CKK_RSA
public static final long CKK_DSA
public static final long CKK_DH
public static final long CKK_X9_42_DH
public static final long CKK_ECDSA
public static final long CKK_EC
public static final long CKK_EC_EDWARDS_OLD
public static final long CKK_EC_EDWARDS
public static final long CKK_EC_MONTGOMERY_OLD
public static final long CKK_EC_MONTGOMERY
public static final long CKK_BIP32
public static final long CKK_GENERIC_SECRET
public static final long CKK_RC2
public static final long CKK_RC4
public static final long CKK_DES
public static final long CKK_DES2
public static final long CKK_DES3
public static final long CKK_RC5
public static final long CKK_AES
public static final long CKK_ARIA
public static final long CKA_CLASS
public static final long CKA_TOKEN
public static final long CKA_PRIVATE
public static final long CKA_LABEL
public static final long CKA_VALUE
public static final long CKA_KEY_TYPE
public static final long CKA_ID
public static final long CKA_MODULUS
public static final long CKA_MODULUS_BITS
public static final long CKA_PUBLIC_EXPONENT
public static final long CKA_PRIVATE_EXPONENT
public static final long CKA_PRIME_1
public static final long CKA_PRIME_2
public static final long CKA_EXPONENT_1
public static final long CKA_EXPONENT_2
public static final long CKA_COEFFICIENT
public static final long CKA_PRIME
public static final long CKA_SUBPRIME
public static final long CKA_BASE
public static final long CKA_VALUE_BITS
public static final long CKA_VALUE_LEN
public static final long CKA_EXTRACTABLE
public static final long CKA_ECDSA_PARAMS
public static final long CKA_EC_PARAMS
public static final long CKA_EC_POINT
public static final long CKA_SENSITIVE
public static final long CKA_WRAP
public static final long CKA_UNWRAP
public static final long CKA_ENCRYPT
public static final long CKA_DECRYPT
public static final long CKA_SIGN
public static final long CKA_VERIFY
public static final long CKA_DERIVE
public static final long CKA_MODIFIABLE
public static final long CKA_FINGERPRINT
public static final long CKA_USAGE_COUNT
public static final long CKA_USAGE_LIMIT
public static final long CKA_BYTES_REMAINING
public static final long CKA_OUID
public static final long CKA_AUTH_DATA
public static final long CKA_ASSIGNED
public static final long CKA_FAILED_KEY_AUTH_COUNT
public static final long CKA_BIP32_CHAIN_CODE
public static final long CKA_BIP32_VERSION_BYTES
public static final long CKA_BIP32_CHILD_INDEX
public static final long CKA_BIP32_CHILD_DEPTH
public static final long CKA_BIP32_ID
public static final long CKA_BIP32_FINGERPRINT
public static final long CKA_BIP32_PARENT_FINGERPRINT
public static final long PVT_KEY_LENGTH
public static final int CKR_OK
public static final int CKR_SLOT_ID_INVALID
public static final int CKR_GENERAL_ERROR
public static final int CKR_ARGUMENTS_BAD
public static final int CKR_ATTRIBUTE_READ_ONLY
public static final int CKR_ATTRIBUTE_TYPE_INVALID
public static final int CKR_ATTRIBUTE_VALUE_INVALID
public static final int CKR_DATA_INVALID
public static final int CKR_DEVICE_ERROR
public static final int CKR_DEVICE_MEMORY
public static final int CKR_DEVICE_REMOVED
public static final int CKR_ENCRYPTED_DATA_INVALID
public static final int CKR_FUNCTION_NOT_SUPPORTED
public static final int CKR_KEY_SIZE_RANGE
public static final int CKR_MECHANISM_INVALID
public static final int CKR_MECHANISM_PARAM_INVALID
public static final int CKR_SESSION_CLOSED
public static final int CKR_SESSION_HANDLE_INVALID
public static final int CKR_TOKEN_NOT_PRESENT
public static final int CKR_TEMPLATE_INCOMPLETE
public static final int CKR_TEMPLATE_INCONSISTENT
public static final int CKR_BUFFER_TOO_SMALL
public static final int CKR_USER_NOT_AUTHORIZED
public static final int CKR_BIP32_CHILD_INDEX_INVALID
public static final int CKR_BIP32_INVALID_HARDENED_DERIVATION
public static final int CKR_BIP32_MASTER_SEED_LEN_INVALID
public static final int CKR_BIP32_MASTER_SEED_INVALID
public static final int CKR_BIP32_INVALID_KEY_PATH_LEN
public static final int CKR_KEY_NOT_ACTIVE
public static final long CKU_SO
public static final long CKU_SECURITY_OFFICER
public static final long CKU_USER
public static final long CKU_CRYPTO_OFFICER
public static final long CKU_CO
public static final long CKU_LIMITED_USER
public static final long CKU_CRYPTO_USER
public static final long CKU_AUDIT
public static final long CKU_LIMITED_CRYPTO_OFFICER
public static final long CKA_SIM_NO_AUTHORIZATION
public static final long CKA_SIM_PASSWORD
public static final long CKA_SIM_CHALLENGE
public static final long CKA_SIM_SECURE_PORT
public static final long CKA_SIM_PORTABLE_NO_AUTHORIZATION
public static final long CKA_SIM_PORTABLE_PASSWORD
public static final long CKA_SIM_PORTABLE_CHALLENGE
public static final long CKA_SIM_PORTABLE_SECURE_PORT
public static final long HSM_CONFIG_NONFIPS_ALGORITHMS
public static final long CKF_BIP32_HARDENED
public static final long CKG_BIP32_VERSION_MAINNET_PUB
public static final long CKG_BIP32_VERSION_MAINNET_PRIV
public static final long CKG_BIP32_VERSION_TESTNET_PUB
public static final long CKG_BIP32_VERSION_TESTNET_PRIV
public static final long CKG_BIP32_EXTERNAL_CHAIN
public static final long CKG_BIP32_INTERNAL_CHAIN
public static final long CKG_BIP32_MAX_SERIALIZED_LEN
public static final long CKG_BIP44_PURPOSE
public static final long CKG_BIP44_COIN_TYPE_BTC
public static final long CKG_BIP44_COIN_TYPE_BTC_TESTNET
public static final long CKG_MGF1_SHA1
public static final long CKG_MGF1_SHA224
public static final long CKG_MGF1_SHA256
public static final long CKG_MGF1_SHA384
public static final long CKG_MGF1_SHA512
public static final long CKG_MGF1_SHA3_224
public static final long CKG_MGF1_SHA3_256
public static final long CKG_MGF1_SHA3_384
public static final long CKG_MGF1_SHA3_512
public static final long CKZ_DATA_SPECIFIED
public static final int CKS_RO_PUBLIC_SESSION
public static final int CKS_RO_USER_FUNCTIONS
public static final int CKS_RW_PUBLIC_SESSION
public static final int CKS_RW_USER_FUNCTIONS
public static final int CKS_RW_SO_FUNCTIONS
public static final int CK_NIST_PRF_KDF_DES3_CMAC
public static final int CK_NIST_PRF_KDF_AES_CMAC
public static final int CK_PRF_KDF_ARIA_CMAC
public static final int CK_PRF_KDF_SEED_CMAC
public static final int CK_PRF_KDF_HMAC_SHA1
public static final int CK_PRF_KDF_HMAC_SHA224
public static final int CK_KDF_HMAC_SHA256
public static final int CK_KDF_HMAC_SHA384
public static final int CK_KDF_HMAC_SHA512
public static final int CK_KDF_HMAC_RIPEMD160
public static final int CK_NIST_PRF_KDF_HMAC_SHA3_224
public static final int CK_NIST_PRF_KDF_HMAC_SHA3_256
public static final int CK_NIST_PRF_KDF_HMAC_SHA3_384
public static final int CK_NIST_PRF_KDF_HMAC_SHA3_512
public static final int LUNA_PRF_KDF_ENCODING_SCHEME_1
public static final int LUNA_PRF_KDF_ENCODING_SCHEME_2
public static LunaNamedCurve CurveLookup(java.lang.String name)
name
- The string representation of the named curve. This can be in OID or common name formatLunaException
- If the curve was not foundpublic static LunaNamedCurve CurveLookup(int curveId)
curveId
- The internal id of the named curveLunaException
- If the curve was not foundpublic void Initialize() throws java.util.MissingResourceException, LunaCryptokiException
java.util.MissingResourceException
- exceptionLunaCryptokiException
public void Finalize()
public int GetNumberOfSlots() throws LunaException
LunaException
- exceptionpublic int[] GetSlotList() throws LunaException
LunaException
- exceptionpublic void SetTokenObjectType(int aIntokenObjectType)
aIntokenObjectType
- 1 for token object , 0 for session objectpublic int IsTokenPresent(int slot) throws LunaException
slot
- the slot number to checkLunaException
- exceptionpublic int checkTokenPresenceForReconnect(int slot)
slot
- the slot number to checkLunaException
- exceptionpublic java.lang.String GetTokenLabel(int slot) throws LunaException
slot
- The slot number to queryLunaException
- exceptionpublic java.lang.String GetTokenModelName(int slot) throws LunaException
slot
- The slot number to queryLunaException
- exceptionpublic java.lang.String GetTokenSerialNumber(int slot) throws LunaException
slot
- The slot number to queryLunaException
- exceptionpublic long[] GetTokenFirmwareVersion(int slot) throws LunaException
slot
- The slot number to queryLunaException
- exceptionpublic long[] GetTokenCVFirmwareVersion(int slot) throws LunaException
slot
- The slot number to queryLunaException
- exceptionpublic int OpenSession(int slot) throws LunaException
slot
- The slot id to open a session againstLunaException
- Thrown if a session could not be openedpublic int CheckSessionState(int sessionHandle) throws LunaException
sessionHandle
- A session handleLunaException
- exceptionpublic void Login(int sessionHandle, long userType, java.lang.String password) throws LunaException
sessionHandle
- Session handle to use for the loginuserType
- The usertype for the login sessionpassword
- The password for the login. This value is ignored if the token requires the PEDLunaException
- exceptionpublic void SetPIN(int sessionHandle, java.lang.String oldPin, java.lang.String newPin) throws LunaException
sessionHandle
- Session handle to useoldPin
- the old PINnewPin
- the new PINLunaException
- exceptionpublic void Logout(int sessionHandle)
sessionHandle
- The handle of the session to log outpublic void CloseSession(int sessionHandle)
sessionHandle
- The handle of the session to closepublic int[] GenerateRsaKeyPair(int sessionHandle, int keySize, byte[] publicExponent, long mechType, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The session to use for key creationkeySize
- A key sizepublicExponent
- Public exponent for the key pairmechType
- Mechanism type for generation. e.g. LunaAPI.CKM_RSA_PKCS_KEY_PAIR_GENattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int[] GenerateDsaKeyPair(int sessionHandle, byte[] p, byte[] q, byte[] g, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle of the session to usep
- Prime value for the key pair generationq
- Subprime value for the key pair generationg
- Base value for the key pair generationattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic byte[] GenerateDsaParams(int sessionHandle, int pBits, int qBits) throws LunaException
sessionHandle
- The handle of the session to usepBits
- Length of the prime to use in the key generationqBits
- Length of the subprime to use in the key generationLunaException
- exceptionpublic int[] GenerateECKeyPair(int sessionHandle, byte[] oid, long mech, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle of the session to useoid
- The OID of the curve to usemech
- The mechanism to use (CKM_ECDSA_KEY_PAIR_GEN_W_EXTRA_BITS or CKM_ECDSA_KEY_PAIR_GEN)attributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int[] GenerateDhKeyPair(int sessionHandle, byte[] p, byte[] g, int l, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle of the session to usep
- The Prime value for the key pair generationg
- The Generator value for the key pair generationl
- Bit length of Pattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int[] GenerateDhX942KeyPair(int sessionHandle, byte[] p, byte[] g, byte[] q, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle of the session to usep
- The Prime value for the key pair generationg
- The Generator value for the key pair generationq
- The Subprime value for the key pair generationattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int DeriveKeyDh(int sessionHandle, int baseKeyHandle, byte[] publicValue, long algorithm, boolean extractable, boolean derive, int keyLength) throws LunaException
sessionHandle
- Handle to a sessionbaseKeyHandle
- Handle to the base keypublicValue
- Public Valuealgorithm
- Algorithm to useextractable
- Specifies if the key is extractablederive
- A boolean value specifying if the key has its derive flag setkeyLength
- The length of the secret key to deriveLunaException
- exceptionpublic int DeriveKeyEcDh(int sessionHandle, int baseKeyHandle, byte[] publicValue, byte[] sharedValue, long algorithm, boolean extractable, boolean derive, int keyLength, long kdf, boolean cofactor) throws LunaException
sessionHandle
- Handle to a sessionbaseKeyHandle
- Handle to the base keypublicValue
- Public value to use in the KDFsharedValue
- Shared secret value to use in the KDFalgorithm
- Algorithm to useextractable
- Specifies if the key is extractablederive
- A boolean value specifying if the key has its derive flag setkeyLength
- The length of the secret key to derivekdf
- The PKCS KDF mechanism to usecofactor
- True if cofactor deriviation is to be usedLunaException
- exceptionpublic byte[] DeriveKeyAndWrapEcDh(int sessionHandle, int baseKeyHandle, byte[] publicValue, byte[] sharedValue, long algorithm, boolean extractable, int keyLength, long kdf, boolean cofactor, int hWrappingKey, long mechType, byte[] mechParams) throws LunaException
sessionHandle
- Handle to a sessionbaseKeyHandle
- Handle to the base keypublicValue
- Public value to use in the KDFsharedValue
- Shared secret value to use in the KDFalgorithm
- Algorithm to useextractable
- Specifies if the key is extractablekeyLength
- The length of the secret key to derivekdf
- The PKCS KDF mechanism to usecofactor
- True if cofactor deriviation is to be usedhWrappingKey
- Handle of the wrapping keymechType
- The Cryptoki code for the mechanism to use during the wrap operationmechParams
- Parameters for the specified mechanismLunaException
- exceptionpublic int StoreRsaPublicKey(int sessionHandle, byte[] modulus, byte[] publicExponent, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle to an open sessionmodulus
- The modulus of keypublicExponent
- The public exponent of the keyattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int StoreECDsaPublicKey(int sessionHandle, byte[] parameters, byte[] point, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle to an open sessionparameters
- Parameters for the keypoint
- The public pointattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int StoreDsaPublicKey(int sessionHandle, byte[] Y, byte[] P, byte[] Q, byte[] G, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle to an open sessionY
- The value(Y) component of the keyP
- The prime(P) component of the keyQ
- The subprime(Q) component of the keyG
- The base(G) component of the keyattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int StoreDhPublicKey(int sessionHandle, byte[] Y, byte[] P, byte[] G, int l) throws LunaException
sessionHandle
- The handle to an open sessionY
- The Value component of the keyP
- The Prime component of the keyG
- The Generator component of the keyl
- The length of the value component of the keyLunaException
- exceptionpublic int GenerateSecretKey(int sessionHandle, int keySize, long mechType, LunaCKAttribute[] template, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- The handle to an open sessionkeySize
- The size of the key to generatemechType
- The mechanism to use for generating the keytemplate
- the derive template for this keyattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int GeneratePBEKey(int sessionHandle, long mechType, byte[] iv, char[] password, byte[] salt, int iterationCount, boolean extractable, boolean derive) throws LunaException
sessionHandle
- The handle of an open sessionmechType
- The mechanism to use for key generationiv
- The IV parameter for key generationpassword
- The password to use for key generationsalt
- The salt value for key generationiterationCount
- The number of iterations to use for the generationextractable
- Specifies if the key should be extractablederive
- A boolean value specifying if the key has its derive flag setLunaException
- exceptionpublic int StoreCertificate(int sessionHandle, byte[] derSubject, byte[] derIssuer, byte[] derSN, byte[] berEncodedValue) throws LunaException
sessionHandle
- Handle of the session to usederSubject
- DER encoded subjectderIssuer
- DER encoded IssuerderSN
- DER encoded serial numberberEncodedValue
- DER encoded valueLunaException
- exceptionpublic long[] GetInitialAttributes(int sessionHandle, int keyHandle)
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the token objectpublic byte[] GetLargeAttribute(int sessionHandle, int keyHandle, long attribute) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the keyattribute
- Which attribute to returnLunaException
- exceptionpublic long SetLargeAttribute(int sessionHandle, int keyHandle, long attribute, byte[] value) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the keyattribute
- Identifier of attributevalue
- The value to assign to the attributeLunaException
- exceptionpublic long SetSmallAttribute(int sessionHandle, int keyHandle, long attribute, long value) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the keyattribute
- Identifier of attributevalue
- The value to assign to the attributeLunaException
- exceptionpublic long SetBooleanAttribute(int sessionHandle, int keyHandle, long attribute, boolean value) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the keyattribute
- Identifier of attributevalue
- The value to assign to the attributeLunaException
- exceptionpublic long SetUsageCount(int sessionHandle, int keyHandle, long value) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the keyvalue
- The new usage count to assignLunaException
- exceptionpublic long LogExternal(int slot, int sessionHandle, java.lang.String logMsg) throws LunaException
slot
- slot ID on LunasessionHandle
- Handle of the session to uselogMsg
- string to log on the applianceLunaException
- exceptionpublic int AssignAlias(int sessionHandle, int keyHandle, java.lang.String label, byte[] idAttr) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the key to make persistentlabel
- The label to assign to the persistent keyidAttr
- Data to add to the idAttributeLunaException
- exceptionpublic int LocateKeyByAlias(int sessionHandle, java.lang.String label) throws LunaException
sessionHandle
- Handle of the session to uselabel
- Label to search forLunaException
- exceptionpublic int LocateCertByAlias(int sessionHandle, java.lang.String label) throws LunaException
sessionHandle
- Handle of the session to uselabel
- Label to search forLunaException
- exceptionpublic int LocateKeyByFingerprint(int sessionHandle, byte[] fingerprint, int fingerprintSize) throws LunaException
sessionHandle
- The handle of the session to usefingerprint
- The fingerprint to search forfingerprintSize
- The size of the fingerprintLunaException
- exceptionpublic int LocateObjectByOUID(int sessionHandle, byte[] ouid) throws LunaException
sessionHandle
- The handle of the session to useouid
- The ouid to use in the searchLunaException
- exceptionpublic int LocateKeyOnlyByAlias(int sessionHandle, java.lang.String label) throws LunaException
sessionHandle
- Handle of the session to uselabel
- The label to search forLunaException
- exceptionpublic long[] GetObjectClassAndType(int sessionHandle, int keyHandle) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the object to queryLunaException
- exceptionpublic int[] GetKeyList(int sessionHandle) throws LunaException
sessionHandle
- Handle of the session to useLunaException
- exceptionpublic java.lang.String GetKeyAlias(int sessionHandle, int keyHandle) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the object to queryLunaException
- exceptionpublic long SetAlias(int sessionHandle, int keyHandle, java.lang.String alias) throws LunaException
sessionHandle
- Handle of the session to usekeyHandle
- Handle of the object to queryalias
- The alias of the objectLunaException
- exceptionpublic void DeleteObject(int sessionHandle, int ObjectHandle)
sessionHandle
- Handle of the session to useObjectHandle
- Handle of the object to deletepublic void DeleteObjects(int sessionHandle, int[] ObjectHandles)
sessionHandle
- Handle of the session to useObjectHandles
- Handles of the objects to deletepublic void SignInit(int sessionHandle, long mechType, int keyHandle, byte[] params) throws LunaException
mechType
parameter contains the Cryptoki
mechanism code for the signature mechanism to usesessionHandle
- Handle of the session to usemechType
- Cryptoki mechanism code for the signature mechanism requiredkeyHandle
- Handle of the key to use for signingparams
- Extra parameters for the chosen mechanismLunaException
- exceptionpublic int Sign(int sessionHandle, byte[] inbuf, int inOffset, int inLen, byte[] outbuf, int outOffset, int outLen) throws LunaException
sessionHandle
- Handle of the session to use. This must be the same as the session handle used in the SignInit operationinbuf
- The raw bytes to signinOffset
- The offset into inbuf
to use for this signatureinLen
- The length to the data to signoutbuf
- The output bufferoutOffset
- The offset into outbuf
to use for this signatureoutLen
- The length of the output buffer to useLunaException
- exceptionpublic void SignUpdate(int sessionHandle, byte[] b, int off, int len) throws LunaException
sessionHandle
- Handle of the session to use. This must be the same as the session handle used in the SignInit operationb
- The raw bytes to signoff
- The offset to use for this signature updatelen
- The length to use for this signature updateLunaException
- exceptionpublic int SignFinal(int sessionHandle, byte[] outbuf, int offset, int len) throws LunaException
sessionHandle
- Handle of the session to use. This must be the same as the session handle used in the SignInit operationoutbuf
- The output bufferoffset
- The offset for this signature calllen
- The length to use for this signature callLunaException
- exceptionpublic void VerifyInit(int sessionHandle, long mechType, int keyHandle, byte[] params) throws LunaException
sessionHandle
- Handle of the session to usemechType
- The Cryptoki mechanism code to usekeyHandle
- Handle of the keyparams
- Parameters for the signature mechanismLunaException
- exceptionpublic int Verify(int sessionHandle, byte[] inbuf, int inOffset, int inLen, byte[] outbuf, int outOffset, int outLen) throws LunaException
sessionHandle
- Handle of the session to use. This must be the same as the session handle used in the VerifyInit operationinbuf
- The data to verify signinOffset
- The offset into inbuf
to use for this verifyinLen
- The length to the data to verifyoutbuf
- The signature bufferoutOffset
- The offset into outbuf
to use for this verifyoutLen
- The length of the signature buffer to useLunaException
- exceptionpublic void VerifyUpdate(int sessionHandle, byte[] b, int off, int len) throws LunaException
sessionHandle
- Handle of the session to use. This must be the same as the session handle used in the VerifyInit operationb
- Byte array to verifyoff
- Offset of the bytes to verifylen
- Length of bytes to verifyLunaException
- exceptionpublic int VerifyFinal(int sessionHandle, byte[] sigBytes, int offset, int length) throws LunaException
sessionHandle
- Handle of the session to use. This must be the same as the session handle used in the VerifyInit operationsigBytes
- Signature bytesoffset
- Offset to use for verify operationlength
- Length to use for verify operationLunaException
- exceptionpublic void CipherInit(int cipherMode, int sessionHandle, long mechType, int keyHandle, byte[] params) throws LunaException
cipherMode
- 0 for decrypt or 1 for encryptsessionHandle
- Handle to the session to usemechType
- The cryptoki mechanism code for the cipher mechanism to usekeyHandle
- Handle to the key to useparams
- Parameters for the chosen cipherLunaException
- exceptionpublic int Cipher(int cipherMode, int sessionHandle, byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws LunaException
cipherMode
- 0 for decrypt or 1 for encryptsessionHandle
- Handle to the session to useinput
- Input bytes for cipher operationinputOffset
- Input offset for cipher operationinputLen
- Input length for cipher operationoutput
- Output bytes for cipher operationoutputOffset
- Output offset for cipher operationLunaException
- exceptionpublic int CipherUpdate(int cipherMode, int sessionHandle, byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws LunaException
cipherMode
- 0 for decrypt, 1 for encryptsessionHandle
- Handle of the session to use This must be the same as was used previouslyinput
- Input bytes for the cipher operationinputOffset
- Input offset for the cipher operationinputLen
- Input length for the cipher operationoutput
- Output bytes for the cipher operationoutputOffset
- Output offset for the cipher operationLunaException
- exceptionpublic int CipherFinal(int cipherMode, int sessionHandle, byte[] output, int outputOffset) throws LunaException
cipherMode
- 0 for decrypt, 1 for encryptsessionHandle
- Handle of the session to useoutput
- Output bytes for the cipher operationoutputOffset
- Output offset for the cipher operationLunaException
- exceptionpublic void DigestInit(int sessionHandle, long mechType) throws LunaException
sessionHandle
- Handle to the session to usemechType
- The Cryptoki mechanism to use fo the digest operationLunaException
- exceptionpublic void DigestUpdate(int sessionHandle, byte[] input, int offset, int len) throws LunaException
sessionHandle
- Handle to the session to use This must be the same as the previously used handleinput
- Bytes to add to the digestoffset
- Offset of bytes to use for the digestlen
- Length of data to use for the digestLunaException
- exceptionpublic byte[] DigestFinal(int sessionHandle) throws LunaException
sessionHandle
- Handle to the session to useLunaException
- exceptionpublic void GenerateRandom(int sessionHandle, byte[] buffer) throws LunaException
sessionHandle
- Handle of the session to usebuffer
- Buffer to store the random bytesLunaException
- exceptionpublic void SeedRandom(int sessionHandle, byte[] seed) throws LunaException
sessionHandle
- Handle of the session to useseed
- Bytes to use for seeding the random number generatorLunaException
- exceptionpublic byte[] WrapKey(int hSession, int hWrappingKey, long mechType, byte[] mechParams, int hKeyToWrap)
hSession
- Handle of the session to usehWrappingKey
- Handle of the wrapping keymechType
- The Cryptoki code for the mechanism to use during the wrap operationmechParams
- Parameters for the specified mechanismhKeyToWrap
- Handle to the key to wrappublic int UnwrapKey(int hSession, int hUnwrappingKey, long mechType, byte[] mechParams, byte[] wrappedKey, long wrappedKeyAlgorithm, long wrappedKeyType, boolean extractable, boolean derive)
hSession
- Handle to the session to usehUnwrappingKey
- Handle of the key to use for unwrappingmechType
- Cryptoki code for the mechanism to use for unwrappingmechParams
- Parameters for the chosen mechanismwrappedKey
- The wrapped keywrappedKeyAlgorithm
- The Cryptoki code for the Algorithm (eg: CKM_RSA) of the wrapped keywrappedKeyType
- The Cryptoki code for the type (eg: CKO_PRIVATE_KEY) of the wrapped keyextractable
- Specifies if the unwrapped key is extractablederive
- A boolean value specifying if the key has its derive flag setpublic int[] SIMInsert(int hSession, int authSecretCount, long authForm, int[] authSecretSizes, byte[] authSecretList, byte[] blob)
hSession
- Handle to the session to useauthSecretCount
- The number of secrets (M value)authForm
- Cryptoki code for the authorization form. eg: CKA_SIM_PORTABLE_PASSWORDauthSecretSizes
- Array containing the sizes of the elements in the secret listauthSecretList
- Array contining the secret listblob
- The SIM blobpublic byte[] SIMExtract(int hSession, int[] objectHandles, int authSecretCount, int authSubsetCount, long authForm, int[] authSecretSizes, byte[] authSecretList)
hSession
- Handle to the session to useobjectHandles
- Array of handles to objects to extractauthSecretCount
- The number of secrets (N value)authSubsetCount
- The number of secrets required (M value)authForm
- Cryptoki code for the authorization form to use. eg: CKA_SIM_PASSWORDauthSecretSizes
- Array of secret sizesauthSecretList
- Array of secretspublic long GetHSMPolicySetting(int slot, long capability) throws LunaException
slot
- Slot number to querycapability
- Capability to queryLunaException
- exceptionpublic static void EncodeInteger(byte[] buffer, int offset, int integer)
buffer
- Buffer to place the encoded integer inoffset
- Offset of the buffer to place the encoded integerinteger
- The integer to encodepublic static int intFromHsm(byte[] buffer)
buffer
- The integer to decodepublic static long longFromHsm(byte[] buffer)
buffer
- The CK_ULONG to decodepublic static byte[] longToBytes(long value)
value
- The Java long to encodepublic void SetAppIDs(int majorId, int minorId) throws LunaException
majorId
- The Application ID Major componentminorId
- The Application ID Minor componentLunaException
- exceptionpublic long[] nativeGetHAStatus(int slot) throws LunaException
slot
- The slot to query. This should be an HA slot.LunaException
- exceptionpublic void ForceAllHSMSessionsToClose(int slot) throws LunaException
This is a brute force method which *WILL* be destructive to all applications currently using the specified slot.
slot
- The slot to perform the operation against.LunaException
- exceptionpublic int TotalOpenSessionCount(int slot) throws LunaException
slot
- The slot to query.LunaException
- exceptionpublic int DeriveKeyHash(int sessionHandle, long mechType, int baseKeyHandle, long algorithm, boolean extractable, boolean derive, int keyLength) throws LunaException
sessionHandle
- Handle to a sessionmechType
- Mechanism type for generation. e.g. LunaAPI.CKM_SHA1_KEY_DERIVATIONbaseKeyHandle
- Handle to the base keyalgorithm
- Algorithm to useextractable
- Specifies if the key is extractablederive
- A boolean value specifying if the key has its derive flag setkeyLength
- The length of the secret key to deriveLunaException
- exceptionpublic int DeriveKeyPRFKDF(int sessionHandle, int baseKeyHandle, long algorithm, byte[] label, byte[] context, long prfType, long counter, long encodingScheme, boolean extractable, boolean derive, int keyLength) throws LunaException
sessionHandle
- Handle to a sessionbaseKeyHandle
- Handle to the base keyalgorithm
- Algorithm to uselabel
- PRF KDF labelcontext
- PRF KDF contextprfType
- PRF KDF contextcounter
- PRF KDF counterencodingScheme
- PRF KDF encodingSchemeextractable
- Specifies if the key is extractablederive
- A boolean value specifying if the key has its derive flag setkeyLength
- The length of the secret key to deriveLunaException
- exceptionpublic int GeneratePBKDF2Key(int sessionHandle, long prfType, long keyType, int keySize, char[] password, byte[] salt, int iterationCount, boolean extractable, boolean derive) throws LunaException
sessionHandle
- The handle of an open sessionprfType
- The type of pseudo-random function.keyType
- The type of key to generatekeySize
- The key size in bytespassword
- The password to use for key generationsalt
- The salt value for key generationiterationCount
- The number of iterations to use for the generationextractable
- Specifies if the key should be extractablederive
- A boolean value specifying if the key has its derive flag setLunaException
- exceptionpublic int[] DeriveKeyBIP32Master(int sessionHandle, int baseKeyHandle, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- Handle to a sessionbaseKeyHandle
- Handle to the base keyattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int[] DeriveKeyBIP32Child(int sessionHandle, int baseKeyHandle, int[] path, int pathLen, LunaPkcs11Attributes attributes) throws LunaException
sessionHandle
- Handle to a sessionbaseKeyHandle
- Handle to the base keypath
- Key pathpathLen
- Key path depthattributes
- A LunaPkcs11Attributes specifying the PKCS11 attributesLunaException
- exceptionpublic int BIP32ImportPublicKey(int sessionHandle, byte[] key) throws LunaException
sessionHandle
- Handle to a sessionkey
- The public key to importLunaException
- exceptionpublic byte[] BIP32ExportPublicKey(int sessionHandle, int hKey) throws LunaException
sessionHandle
- Handle to a sessionhKey
- Handle to public key to exportLunaException
- exceptionpublic int ImportEdwardsPrivateKey(int sessionHandle, byte[] curveParams, byte[] key, boolean derive, boolean extract) throws LunaException
sessionHandle
- Handle to a sessioncurveParams
- The curve parameters. Generally, an ASN.1 encoded OID.key
- The private key to importderive
- Specifies if subkeys can be derived from the private keyextract
- Flag indicating if the private key can be extracted (wrapped) from the hsmLunaException
- exceptionpublic int ImportEdwardsPublicKey(int sessionHandle, byte[] curveParams, byte[] key) throws LunaException
sessionHandle
- Handle to a sessioncurveParams
- The curve parameters. Generally, an ASN.1 encoded OID.key
- The public key to importLunaException
- exceptionpublic void PKAAuthorizeKey(int sessionHandle, int hKey, byte[] authData)
sessionHandle
- handle to open sessionhKey
- key handle to authorizeauthData
- data with which to authorize the keyLunaException
- exceptionpublic void PKASetAuthorizationData(int sessionHandle, int hKey, byte[] oldAuthData, byte[] newAuthData)
sessionHandle
- handle to open sessionhKey
- key handle to authorizeoldAuthData
- old data with which to authenticate the keynewAuthData
- new data with which to set the authentication dataLunaException
- exceptionpublic void PKAResetAuthorizationData(int sessionHandle, int hKey, byte[] authData)
sessionHandle
- handle to open sessionhKey
- key handle to authorizeauthData
- old data with which to authenticate the keyLunaException
- exceptionpublic void PKAAssignKey(int sessionHandle, int hKey)
sessionHandle
- handle to open sessionhKey
- key handle to authorizeLunaException
- exceptionpublic void PKAIncrementFailedAuthCount(int sessionHandle, int hKey)
sessionHandle
- handle to open sessionhKey
- key handle to authorizeLunaException
- exceptionCopyright 2014-2018 SafeNet. All rights reserved.