Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Tasks for PKCS#11

Creating a Key

search

Please Note:

printsuggest an edit

Creating a Key

The process of creating a key in CADP for C PKCS#11 starts with creating a PKCS#11 instance. Thereafter, the following steps are programmatically executed:

  1. A PKCS#11 session is created.

  2. A new PKCS#11 session is activated.

  3. A key object is created with the required attributes within CADP for C PKCS#11.

Note

In this document, CADP for C PKCS#11 is also referred to as CADP PKCS#11.

Each of the functions described in this section are provided in the pkcs11_sample_helper.c file. This file contains the shared functions that are used within the available CADP PKCS#11 samples provided within the GitHub site: CipherTrust Application Protection GitHub site.

Also, the APIs described in this section are included in the CADP PKCS#11 library.

To create a key in CADP PKCS#11:

  1. Initialize the CADP PKCS#11 library. 

    rc = initPKCS11Library(Path to PKCS#11 library);    //from pkcs11_sample_helper.c

    The initPKCS11Library function loads the DLL and then obtains the function list from the DLL. This function uses the C_Initialize API to initialize the CADP PKCS#11 library.

  2. Initialize the slot list. 

    rc = initSlotList();    //from pkcs11_sample_helper.c

    The initSlotList function obtains a list of the available slots within the CipherTrust Manager. This function uses C_GetSlotList and C_GetMechanismList APIs.

  3. Open a session within the CipherTrust Manager and login as a user.

    rc = openSessionAndLogin(pin, slotId);  // from pkcs11_sample_helper.c

    The openSessionAndLogin function opens a session within the CipherTrust Manager and then logs in the session as a user. This function uses the C_OpenSession and C_Login APIs.

    For more information on PIN, refer Opening a Session section.

  4. Create a key in CADP PKCS#11:

    a. For a version key:

    rc = createKey(keyLabel, keyAlias, genAction, lifespan, key_size);  //from pkcs11_sample_helper.c

    The createKey function creates a template for the key from the parameters provided and then generates the key. This function uses the C_GenerateKey API.

    b. For a non-version key:

    rc = createKeyS(keyLabel, key_size); // from pkcs11_sample_helper.c

    The createKeyS function creates a template for the key from the parameters provided and then generates the key. This function uses the C_GenerateKey API.

For more information about the APIs mentioned in this section, refer to the CADP for C PKCS#11 API Guide.

On this page