Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Key Operations

Create Key and Assign Permissions

search

Please Note:

Create Key and Assign Permissions

  1. Create an NAEPermission array. Size the array so that it can hold all of the groups that will have permission to use this key.

  2. Create a new NAEPermission object for each group.

  3. Assign permissions for each group by calling the setEncrypt, setDecrypt, setMAC, setMACV, setSign, setSignV, setUsePrivate, and setUsePublic methods as needed. By default, the NAEPermission constructor sets all permission to false.

  4. Assign the permissions for each group to the NAEPermission array.

  5. Create an NAEParameterSpec. Pass the keyname, NAESession object, and NAEPermission array as parameters.

  6. Obtain an instance of KeyGenerator. Pass the key algorithm as an argument.

  7. Call the generateKey method of the KeyGenerator object to create the key.

Note

Permissions do not apply to KMIP Sessions.

Code samples

The following code sample gives encryption permission to Group1 and assigns those permissions to a new AES key named foo. Note that the permissions are configured first and then assigned when the key is created.

NAEPermission[] permissions = new NAEPermission[1];
NAEPermission permission_group1 = new NAEPermission("Group1");
permission_group1.setEncrypt(true);
permissions[0] = permission_group1;
NAESession session = NAESession.getSession ("user1" ,"password1".toCharArray());    
NAEParameterSpec spec = new NAEParameterSpec("foo", true, true, 256, session,permissions);
KeyGenerator keygen = KeyGenerator.getInstance("AES", "IngrianProvider");
keygen.init(spec);
SecretKey aesKey = keygen.generateKey();

Note

For EC keys, pass the ECCParameterSpec instead of NAEParameterSpec.

The following code sample gives encryption permission to Group1 and encryption and decryption permissions to Group2. Notice the size of the NAEPermission array, the additional NAEPermission object, and the calls to the setEncrypt and setDecrypt methods.

NAEPermission[] permissions = new NAEPermission[2];
NAEPermission permission_group1 = new NAEPermission("Group1");
NAEPermission permission_group2 = new NAEPermission("Group2");
permission_group1.setEncrypt(true);
permission_group2.setEncrypt(true);
permission_group2.setDecrypt(true);
permissions[0] = permission_group1;
permissions[1] = permission_group2;

On this page