Your suggested change has been received. Thank you.

User Guide
Release Notes
API Reference

All

All
CipherTrust Manager
CipherTrust Application Data Protection (CADP)
CipherTrust Application Key Management (CAKM)
CipherTrust Batch Data Transformation (BDT)
CipherTrust Cloud Key Management (CCKM)
CipherTrust Data Discovery and Classification (DDC)
CipherTrust Data Protection Gateway (DPG)
CipherTrust Database Protection (CDP)
CipherTrust Intelligent Protection (CIP)
CipherTrust Integrations
CipherTrust Migrations
CipherTrust RESTful Data Protection (CRDP)
CipherTrust Transparent Encryption (CTE)
CipherTrust Transparent Encryption Userspace (CTE-U)
CipherTrust Secrets Management (CSM)
CipherTrust Vaulted Tokenization (CT-V)
CipherTrust Vaultless Tokenization (CT-VL)
CTE-Linux
CTE-Windows
CTE-AIX
CTE-K8s
CTE-U
Crypto Command Center
Data Protection on Demand
Luna Cloud HSM
Luna Network HSM
Luna PCIe HSM
Luna USB HSM
OneWelcome Identity Platform
ProtectApp LUKS
ProtectServer 2 HSM
ProtectServer 3 HSM
SafeNet Trusted Access (STA)
SafeNet MobilePASS+
SafeNet MobilePASS+ for Android
SafeNet MobilePASS+ for Chrome
SafeNet MobilePASS+ for macOS
SafeNet MobilePASS+ for iOS
SafeNet MobilePASS+ for WatchOS
SafeNet MobilePASS+ for Windows
SafeNet Synchronization Agent
SafeNet Logging Agent
SafeNet Agent for FreeRADIUS
SafeNet Agent for NPS
SafeNet Agent for Windows Logon
SafeNet Authentication Service Private Cloud Edition (SAS PCE)
SafeNet Remote Logging Agent
SafeNet Keycloak Agent
SafeNet IDPrime Virtual (IDPV)
SafeNet FIDO Key Manager
SafeNet FIDO Key Manager for Android
SafeNet FIDO Key Manager for iOS
SafeNet FIDO Key Manager for Windows

NAE Key Management Operations

Deriving AES/HMAC symmetric key from any AES/HMAC symmetric key

Please Note:

User Guide
Quick Start
- Installation
  - Installing CADP for C on Linux
  - Installing CADP for C on Windows
  - Client Certificate Renewal in Linux/Windows
- Installed Directories
  - Installed Directory on Linux
  - Installed Directory on Windows
Tasks
- Tasks for CAPI
  - Setting up SSL/TLS on CipherTrust Manager and CADP for C
  - Create an NAE Session
  - Configuring CADP for C CAPI Properties File
  - Connecting to a Server through Single Properties File
  - Connecting to a Server through Multiple Properties File
  - Connecting to a Server through NAE and KMIP Session in a Single configuration
  - Adding CipherTrust Manager Servers
  - Adding Syslog Server
  - Enabling Connection Pooling
  - Securing Passphrase
  - Enabling Asymmetric Key Caching
  - Enabling Symmetric Key Caching
  - Setting Logging Parameters
  - Working with Certificates
    - Importing a Certificate
    - Exporting a Certificate
    - Creating a CA Chain using OpenSSL and Uploading on the CipherTrust Manager
    - Exporting a CA Chain
    - Deleting a Certificate
    - Creating a Certificate Signing Request
    - Signing a CSR with an existing local certificate authority
  - NAE Key Management Operations
    - Creating versioned key
    - Creating a new version of a key
    - Destroying versioned key
    - Creating a CipherSpec for a versioned key
    - Exporting a public versioned key
    - Exporting a symmetric versioned key
    - Getting key attributes of a versioned key
    - Modifying the state of a versioned key
    - Calculating the size of ciphertext created by versioned keys
    - Calculating the size of the ciphertext header for a versioned key
    - Deleting the EVP context created using I_C_Crypt_Fast
    - Deriving AES/HMAC symmetric key from any AES/HMAC symmetric key
    - Wrapping AES Key
    - Search key names by multiple attributes
- Tasks for PKCS#11
  - Configuring CADP for C PKCS11 Properties File
  - Configuring Registry Editor on Windows for CADP for C PKCS11
  - Initializing CADP PKCS#11 Library
  - Adding CipherTrust Manager Servers
  - Creating a Key
  - Enabling Connection Pooling
  - Enabling Symmetric Key Caching
  - Enabling Asymmetric Key Caching
  - Setting Logging Parameters
  - Securing Passphrase
  - Migrating VAE to CADP for C
- Modifying the CADP for C Basic Configuration File
Advanced Topics
- Configuration
  - Logging Parameters
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Caching Parameters
  - SSL Configuration Parameters
  - Miscellaneous Parameters
- Symmetric/Asymmetric Caching
  - Symmetric/Asymmetric Caching, CADP for C CAPI
  - Symmetric/Asymmetric Caching, CADP for C PKCS#11
- Connection Pooling
- Load Balancing Group
- Multi-tier Load Balancing Group
- Persistent Key Caching
- Key Management, CADP for C PKCS#11
- Supported Cryptographic Operations
  - Supported Cryptographic Operations for CAPI
  - Supported Cryptographic Operations for PKCS#11
- Format Preserving Encryption for CAPI
- Format Preserving Encryption for PKCS#11
- KMIP Key Management in C
- Utilities
  - CryptoDataUtility
  - SelfSignedCertificate
  - RSAEncryptionUtility
- Pkcs11Interop Library for .Net Core
- Upgrade
  - Upgrade from CADP CAPI to CADP for C
  - Recompiling with CADP for C Library
  - For Already Existing CAPI Sample Executables
  - Upgrade from VAE to CADP for C
- Uninstall

CADP for C
User Guide
Tasks
Tasks for CAPI
NAE Key Management Operations
Deriving AES/HMAC symmetric key from any AES/HMAC symmetric key
- Version 8.17.0

Deriving AES/HMAC symmetric key from any AES/HMAC symmetric key

To derive AES/HMAC symmetric key from AES/HMAC

An AES/HMAC symmetric key can be derived from another AES/HMAC symmetric key, also called as Master Key. The derived key is generated in the CipherTrust Manager based on the HMAC based key derivation function popularly known as HKDF (HMAC based key derivation function).

Important Notes

I_C_CreateKey is the API used for both normal key generation as well as for key derivation using HKDF. If HKDF related properties are not set then this API creates a normal key.
Master Key name HKDF(IKMKeyName) is mandatory. If derivation algorithm is not mentioned then default algorithm will be used by the CipherTrust Manager.
Versioned keys are not supported. For more details , refer to the CADP for C CAPI API Guide.

On this page

To derive AES/HMAC symmetric key from AES/HMAC

CADP for C

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Support Contacts
- Text Conventions
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Print

Suggest An Edit

Download this Page

Download Project

Copy Link

Copy Link