Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Tasks for CAPI

Create an NAE Session

search

Please Note:

printsuggest an edit

Create an NAE Session

copy link to clipboardInitializing an NAE Session

To load the properties file, first you need to call the I_C_Initialize function before creating an NAE session.

I_C_Initialize(I_T_InitializationSource source, const I_T_CHAR * path);

Here, the source contains the initialization information.

The initialization can be done from the sources such as initialization file (Init_File) or an environment variable (Init_Environment).

The path refers to the source path. When source is Init_File, this is absolute path of the properties file. When source is Init_Environment, this is the environment variable that contains the path.

copy link to clipboardCreating an NAE Session

You can create either a global or an authenticated NAE session with the CipherTrust Manager.

copy link to clipboardCreating a Global NAE Session with CipherTrust Manager

You can connect to the server by creating a session object with arguments. This creates an unauthenticated (global) session, which gives the client application the ability to create and access global keys. Whether your client can use global sessions is determined by the CipherTrust Manager settings. If password authentication is required, then global sessions are effectively disallowed. To create a new session:

I_C_OpenSession(I_O_Session * session, I_T_AuthType authType, const I_T_CHAR * username, const I_T_CHAR * authToken);

Here,

  • I_O_Session * session - session to be created.

  • I_T_AuthType authType - authentication type of the session.

  • const I_T_CHAR * username - user name to be used for the session.

  • const I_T_CHAR * authToken - user's authentication information, such as a password.

If KMIP is configured (by configuring the KMIP_IP parameter in the properties file), then using I_C_OpenSession with I_T_Auth_Password parameter throws an error. This takes place because the Credential Base Object is not supported. In this scenario, you can use the I_T_AuthNoPassword parameter.

copy link to clipboardSession in Persistent Mode

To create a new session with a persistent cache passphrase:

I_C_OpenSessionPersistentCachePassphrase(I_O_Session * session, I_T_AuthType authType, const I_T_CHAR * username, const I_T_CHAR * authToken, const I_T_BYTE * passphrase, const I_T_UINT passphraseLength);

  • I_O_Session * session - session to be created.

  • I_T_AuthType authType - authentication type of the session.

  • const I_T_CHAR * username - user name to be used for the session.

  • const I_T_CHAR * authToken - user's authentication information, such as a password

  • const I_T_BYTE * passphrase - pointer to the passphrase.

  • const I_T_UINT passphraseLength - length of the passphrase.

copy link to clipboardCreating an Authenticated NAE Session with CipherTrust Manager

To create an authenticated NAE session, pass username and password to the session object either as string or char array.
If the username and password are valid, the client application gets authenticated and has the ability to:

  • create keys

  • access keys owned by the user

  • access keys available to any groups to which the user belongs to

The Username can be specified in the following formats:

  • Username - user in the root domain. For example, joe.

    I_C_OpenSession(&sess,I_T_Auth_Password,"joe",pass);

  • Domain||Username - user in a specific domain. For example, thales||joe.

    I_C_OpenSession(&sess,I_T_Auth_Password,"thales||joe",pass);

On this page