Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks for PKCS#11

Creating a Key

search

Please Note:

Creating a Key

The process of creating a key in CADP for C PKCS#11 starts with creating a PKCS#11 instance. Thereafter, the following steps are programmatically executed:

  1. A PKCS#11 session is created.

  2. A new PKCS#11 session is activated.

  3. A key object is created with the required attributes within CADP for C PKCS#11.

Note

In this document, CADP for C PKCS#11 is also referred to as CADP PKCS#11.

Each of the functions described in this section are provided in the pkcs11_sample_helper.c file. This file contains the shared functions that are used within the available CADP PKCS#11 samples provided within the GitHub site: CipherTrust Application Protection GitHub site.

Also, the APIs described in this section are included in the CADP PKCS#11 library.

To create a key in CADP PKCS#11:

  1. Initialize the CADP PKCS#11 library. 

    rc = initPKCS11Library(Path to PKCS#11 library);    //from pkcs11_sample_helper.c

    The initPKCS11Library function loads the DLL and then obtains the function list from the DLL. This function uses the C_Initialize API to initialize the CADP PKCS#11 library.

  2. Initialize the slot list. 

    rc = initSlotList();    //from pkcs11_sample_helper.c

    The initSlotList function obtains a list of the available slots within the CipherTrust Manager. This function uses C_GetSlotList and C_GetMechanismList APIs.

  3. Open a session within the CipherTrust Manager and login as a user.

    rc = openSessionAndLogin(pin, slotId);  // from pkcs11_sample_helper.c

    The openSessionAndLogin function opens a session within the CipherTrust Manager and then logs in the session as a user. This function uses the C_OpenSession and C_Login APIs.

    For more information on PIN, refer Opening a Session section.

  4. Create a key in CADP PKCS#11:

    a. For a version key:

    rc = createKey(keyLabel, keyAlias, genAction, lifespan, key_size);  //from pkcs11_sample_helper.c

    The createKey function creates a template for the key from the parameters provided and then generates the key. This function uses the C_GenerateKey API.

    b. For a non-version key:

    rc = createKeyS(keyLabel, key_size); // from pkcs11_sample_helper.c

    The createKeyS function creates a template for the key from the parameters provided and then generates the key. This function uses the C_GenerateKey API.

For more information about the APIs mentioned in this section, refer to the CADP for C PKCS#11 API Guide.

On this page