Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks for CAPI

Create an NAE Session

search

Please Note:

Create an NAE Session

Initializing an NAE Session

To load the properties file, first you need to call the I_C_Initialize function before creating an NAE session.

I_C_Initialize(I_T_InitializationSource source, const I_T_CHAR * path);

Here, the source contains the initialization information.

The initialization can be done from the sources such as initialization file (Init_File) or an environment variable (Init_Environment).

The path refers to the source path. When source is Init_File, this is absolute path of the properties file. When source is Init_Environment, this is the environment variable that contains the path.

Creating an NAE Session

You can create either a global or an authenticated NAE session with the CipherTrust Manager.

Creating a Global NAE Session with CipherTrust Manager

You can connect to the server by creating a session object with arguments. This creates an unauthenticated (global) session, which gives the client application the ability to create and access global keys. Whether your client can use global sessions is determined by the CipherTrust Manager settings. If password authentication is required, then global sessions are effectively disallowed. To create a new session:

I_C_OpenSession(I_O_Session * session, I_T_AuthType authType, const I_T_CHAR * username, const I_T_CHAR * authToken);

Here,

  • I_O_Session * session - session to be created.

  • I_T_AuthType authType - authentication type of the session.

  • const I_T_CHAR * username - user name to be used for the session.

  • const I_T_CHAR * authToken - user's authentication information, such as a password.

If KMIP is configured (by configuring the KMIP_IP parameter in the properties file), then using I_C_OpenSession with I_T_Auth_Password parameter throws an error. This takes place because the Credential Base Object is not supported. In this scenario, you can use the I_T_AuthNoPassword parameter.

Session in Persistent Mode

To create a new session with a persistent cache passphrase:

I_C_OpenSessionPersistentCachePassphrase(I_O_Session * session, I_T_AuthType authType, const I_T_CHAR * username, const I_T_CHAR * authToken, const I_T_BYTE * passphrase, const I_T_UINT passphraseLength);

  • I_O_Session * session - session to be created.

  • I_T_AuthType authType - authentication type of the session.

  • const I_T_CHAR * username - user name to be used for the session.

  • const I_T_CHAR * authToken - user's authentication information, such as a password

  • const I_T_BYTE * passphrase - pointer to the passphrase.

  • const I_T_UINT passphraseLength - length of the passphrase.

Creating an Authenticated NAE Session with CipherTrust Manager

To create an authenticated NAE session, pass username and password to the session object either as string or char array.
If the username and password are valid, the client application gets authenticated and has the ability to:

  • create keys

  • access keys owned by the user

  • access keys available to any groups to which the user belongs to

The Username can be specified in the following formats:

  • Username - user in the root domain. For example, joe.

    I_C_OpenSession(&sess,I_T_Auth_Password,"joe",pass);

  • Domain||Username - user in a specific domain. For example, thales||joe.

    I_C_OpenSession(&sess,I_T_Auth_Password,"thales||joe",pass);

On this page