Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Session Management Tasks

Create Authenticated Session with Access to Persistent Key Cache

search

Please Note:

You are not viewing the most recent version of this page. 8.17.1 is the latest version available.

print

Create Authenticated Session with Access to Persistent Key Cache

To create an authenticated session that can use the persistent key cache, the getSession() call must include either the cache passphrase or an object that implements NAEKeyCachePassphrase interface.

copy link to clipboardAccess persistent cache using passphrase

The passphrase is a char array set by the client application when the CADP for Java Provider creates the persistent key cache. The passphrase is obfuscated and stored as part of the NAESession object. Whenever a key is stored in or retrieved from the key cache, the CADP for Java Provider validates the session’s passphrase. If the passphrase is invalid, the key cache can't be accessed. The passphrase can either be a combination of username and password or a client certificate.

copy link to clipboardAccess persistent cache with username and password

NAESession session = NAESession.getSession("user", "pswd".toCharArray(), "passphrase".toCharArray());
NAEKey key = NAEKey.getSecretKey("user1key", session);

copy link to clipboardAccess persistent cache with client certificate

NAEClientCertificate clientCert = new NAEClientCertificate ("Cert","CertPswd".toCharArray());
NAESession session = NAESession.getSession("user1","password1".toCharArray(), clientCert, "passphrase".toCharArray());

Authenticated session created through the client certificate and not passing the username and password parameters can also create/access the persistent key cache. However, the persistent key cache will be created with the common name of the client certificate used. This feature is not applicable for sessions authenticated using Etoken.

copy link to clipboardAccess persistent cache with NAEKeyCachePassphrase interface

The NAEKeyCachePassphrase interface allows you to create your own class that includes the passphrase character array. For example, to use password of length greater than 16, create a class that implements the NAEKeyCachePassphrase interface.

class MyNAEKeyCachePassphrase implements NAEKeyCachePassphrase {
@Override
public char[] getPassphrase(NAESessionInterface session)
    {
        /**
        * Passphrase length greater than 16.
        */
        string passPhrase= "Test@123456789Testabcdefgh%%"
        return passPhrase.toCharArray();
    }
}

There are two methods available for getSession when using NAEKeyCachePassphrase:

Method 1:

NAEKeyCachePassphrase passphraseCallback = new MyNAEKeyCachePassphrase();
NAESession session = NAESession.getSession("user", "pswd".toCharArray(), passphraseCallback);

Method 2:

NAESession session = NAESession.getSession("user1", "password1".toCharArray(), clientCert, passphraseCallback;

On this page