Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Key Operations

Create Key and Assign Custom Attributes

search

Please Note:

Create Key and Assign Custom Attributes

Custom attributes enable you to assign your own unique attributes to a key. Attribute names can contain alphanumeric characters, hyphens, underscores, and periods. You cannot include whitespace in the name. In addition, the first character of the name must be a letter. Maximum length is 255 characters. Attribute values can contain any printable ASCII characters and spaces, tab, \n, and \r. Maximum length is 4095 characters.

The following attribute types are supported. The default attribute type is String.

  • AttributeType.Integer

  • AttributeType.Boolean

  • AttributeType.Interval

  • AttributeType.Enumeration

  • AttributeType.DateTime

  • AttributeType.String

  • AttributeType.BigInteger

  • AttributeType.ByteString

  • AttributeType.LongInteger

You can only modify the attribute value, attribute type can't be modified.

Note

The following information and advice apply to keys and custom attributes for both NAE_XML and KMIP, except where noted.

  1. Create an NAESession object. Pass the NAE username and password as arguments. You may also need to pass a client certificate, depending on your SSL settings.

  2. Create a CustomAttributes object. Pass the first custom attribute name and value as arguments. To add additional attributes, call the addAttribute method of the CustomAttributes object.

The CustomAttributes object also has getAttribute, getAttributes, and removeAttribute methods. For more information on this object and its methods, refer to the javadoc included with the CADP for Java Provider.

  1. Create an NAEParameterSpec. Pass the keyname and NAESession object as arguments.

  2. Obtain an instance of KeyGenerator. Pass the key algorithm as an argument.

  3. Call the generateKey method of the KeyGenerator object to create the key.

Code samples

The following code sample generates an AES key named mykey owned by user1 that contains two custom attributes: first_attribute and second_attribute.

NAESession session = NAESession.getSession
("user1" ,"password1".toCharArray());
CustomAttributes custatts = new CustomAttributes("first_attribute", "abcd");custatts.addAttribute("second_attribute", "efgh");
NAEParameterSpec spec = new NAEParameterSpec("mykey", true, true, 256, custatts,session);
KeyGenerator keygen = KeyGenerator.getInstance("AES", "IngrianProvider");keygen.init(spec);
SecretKey aesKey = keygen.generateKey();

Note

For EC keys, pass the ECCParameterSpec instead of NAEParameterSpec.

To modify the value of existing custom attribute of the key, use the following code snippet.

CustomAttributes cas=new CustomAttributes();
cas.addAttribute(key,updatedValue);
nkey.modifyCustomAttributes(false, null, cas);

To add custom attribute with a specific attribute type to key, use the following code snippet.

CustomAttributes attrs=new CustomAttributes();
attrs.addAttribute(key, value, AttributeType.String);
NAEParameterSpec spec=new NAEParameterSpec.Builder(keyname).deletable(true).exportable
(true).versioned(false).keylength(256).withSession(session).customAttributes(attrs).build();
KeyGenerator keygen = KeyGenerator.getInstance("AES", "IngrianProvider");
keygen.init(spec);
keygen.generateKey();
nkey=NAEKey.getSecretKey(keyname, session);

To modify the value of an existing custom attributes with type of the key, use the following code snippet.

CustomAttributes cas=new CustomAttributes();
cas.addAttribute(key,updatedValue,AttributeType.String);
nkey.modifyCustomAttributes(false, null, cas);

To retrieve custom attribute of key along with type, use the following code snippet.

NAEKey nkey = NAEKey.getSecretKey(keyName, session);
CustomAttributes customAttributes=nkey.getCustomAttributes();
List<KeyCustomAttribute> listofKeyCustomAttributes=customAttributes.getCustomAttributesForKey();
for(KeyCustomAttribute keyCustomAttr:listofKeyCustomAttributes) System.out.println(keyCustomAttr.getName()+" "+keyCustomAttr.getValue()+" "+keyCustomAttr.getType ());

KMIP key generation

KMIP key attributes are different than those created in an NAESession. Custom KMIP attributes are even more different. This snippet creates three attributes to be assigned to a managed object. Two of them are standard attributes that are enumeration values in the KMIPAttribute object: ApplicationNamespace is assigned the value server keys, and CryptographicUsageMask is assigned the integer value Sign. The third attribute is a custom attribute named x-int. It is a KMIP Custom attribute, not a standard KMIP attribute. A KMIP Custom attribute is a name that is specified by a String and begins with x-. In this example, the index 0 of the attribute is assigned the integer value 1.

KMIPAttributes addingAttributes = new KMIPAttributes();
addingAttributes.add( KMIPAttribute.ApplicationNamespace, "serverkeys");
addingAttributes.add( KMIPAttribute.CryptographicUsageMask,CryptographicUsageMask.UsageMask.Sign );
/* A custom KMIP integer attribute at index 0 with the value 1 */
addingAttributes.add( "x-int1", 0, 1);

On this page