Key-related Calls
Key-related classes are:
NaeKeySpec
NaeRijndaelKey
NaeRSAKey
NaeTripleDesKey
NaeFpe
NaeKeyManagement
NaeAesGcm
NaeKeySpec
All NAE key classes implement this interface.
Properties
| Properties | Description |
|---|---|
| int KeySize | (read & write) Retrieves the key size. |
| bool IsExportable | (read & write) True if the key can be exported. |
| bool IsDeletable | (read & write) True if the key can be deleted. |
| bool IsVersioned | (read only) True if the key is a versioned key. |
| string CryptoAlgName | (read only) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName | (read only) Key name. |
NaeRijndaelKey
This class implements the AES algorithm. This class extends System.Security.Cryptography.Rijndael and CADP.NetCore.Crypto.INaeSymmetricKey.
Constructors
| Constructor | Description |
|---|---|
| NaeRijndaelKey (NaeSession naeSession, string keyName) | Creates a new instance of an AES key object that accesses the key keyName on the NAE Server. |
| NaeRijndaelKey (NaeSession naeSession) | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey(). |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName | (read) Key name. |
| byte [] Key | (read) Retrieves the key bytes. Throws an NaeException if the Key is not exportable. Any attempt to set this property will throw a NotImplementedException. |
| int Feedback | Not supported. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
Methods
| Method | Description |
|---|---|
| void GenerateKey(string KeyName); | Creates a new key on the NAE Server. |
| ICryptoTransform CreateDecryptor(); | Same as superclass, but might throw an NaeException. |
| ICryptoTransform CreateDecryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateDecryptor (byte[] KeyBytes, byte[] IV) | Not supported; use CreateDecryptor() or CreateDecryptor (IV) instead. |
| ICryptoTransform CreateEncryptor(); | Same as superclass, but might throw an NAEException. |
| ICryptoTransform CreateEncryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateEncryptor (byte[] KeyBytes, byte[] IV) | Not supported; use CreateEncryptor() or CreateEncryptor (IV) instead. |
Note
When using AES keys with no padding, the plaintext must be greater than 0 bytes.
NaeRSAKey
This class implements the RSA algorithm. This class extends System.Security.Cryptography.RSA and System.Security.Cryptography.NAEKey.
Constructors
| Constructor | Description |
|---|---|
| NaeRsaKey(NaeSession naeSession, string keyName); | Creates a new instance of an RSA key object that accesses the KeyName key on the NAE Server. |
| NaeRsaKey(NaeSession naeSession); | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey. |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName (read) | Key name. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the CipherTrust Manager. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
Methods
| Method | Description |
|---|---|
| void GenerateKey(string KeyName); | Creates a new key on the CipherTrust Manager. |
| byte[] SignData(byte[] inputdata, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) | Returns signed bytes for a byte input, string algorithm name, and RSA signature padding. |
| bool VerifyData(byte[] inputdata, byte[] signedData, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) | Verifies the signed bytes with the byte input data, string algorithm name, and RSA signature padding. |
| byte[] Encrypt(byte[] data, RSAEncryptionPadding padding) | Returns the encrypted bytes for a byte input and RSA Encryption padding. |
| byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) | Returns the decrypted bytes for encrypted bytes input and RSA Encryption padding. |
MaximumAllowedInputSize for Crypto Operation using different padding schemes
| Padding | MaximumAllowedInputSize for Crypto Operation |
|---|---|
| Pkcs1 (default) | InputDataLength <= ( (RSAKeySize/8) – 11 ) |
| OaepSHA1 | InputDataLength <= ( (RSAKeySize/8) – 42 ) |
| OaepSHA256 OaepSHA384 OaepSHA512 | InputDataLength <= ( (RSAKeySize/8) – (2*HashLength/8) - 2 ) |
NaeTripleDesKey
This class implements the 3DES algorithm. This class extends System.Security.Cryptography.TripleDES.
Constructors
| Constructor | Description |
|---|---|
| NaeTripleDesKey(NaeSession naeSession, string keyName); | Creates a new instance of a 3DES key object that accesses the key named KeyName on the NAE Server. |
| NaeTripleDesKey(NaeSession naeSession); | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey(). |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Key Algorithm. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
| string KeyName | (read) Key name. |
| byte[] | IV CBC mode requires an 8 byte IV. IV is not allowed in ECB mode. |
| PaddingMode | Padding PKCS7Padding (default) NoPadding |
| CipherMode Mode | ECB (default) CBC |
| bool IsVersioned | (read) True if the key is versioned. |
| byte[] Key | (read) Retrieves the key bytes. Throws an NaeException if the key is not exportable. Any attempt to set this property will throw a NotImplementedException. |
| int KeySize | Supported key sizes are 168 (default) and 112 bits. Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits. A key size of 112 bits refers to two–key triple DES. The sequence of operations in two–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key1 A key size of 168 bits refers to three–key triple DES. The sequence of operations in three–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key3 |
| String CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
Methods
| Method | Description |
|---|---|
| void GenerateKey(string keyName); | Creates a new key named KeyName on the NAE Server. |
| ICryptoTransform CreateDecryptor(); | Same as superclass, but might throw an NaeException. |
| ICryptoTransform CreateDecryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateDecryptor (byte[] KeyBytes, byte[] IV); | Not supported; use CreateDecryptor() or CreateDecryptor(byte [] IV) instead. |
| ICryptoTransform CreateEncryptor(); | Same as superclass, but might throw an NaeException. |
| ICryptoTransform CreateEncryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateEncryptor (byte[] KeyBytes, byte[] IV); | Not supported; use CreateEncryptor() or CreateEncryptor(byte [] IV) instead. |
Note
When using DESede keys with no padding, the data you encrypt must be greater than 0 bytes.
NaeFpe
This class implements the FPE algorithm.
Constructors
| Constructor | Description |
|---|---|
| NaeFpe(NaeSession naeSession, string keyName, Cardinality cardinality, UserSpec userSpec = null); | Creates a new instance of an FPE key object, of cardinality 10 or 26, that accesses the key named KeyName and provides the tweak data and tweak algo via UserSpec. |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Key Algorithm |
| string keyName | (read) Key name. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the CipherTrust Manager. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
| byte IV | Supported IV |
| byte Key | Supported Key |
Methods
| Method | Description |
|---|---|
| ICryptoTransform CreateDecryptor() | Creates a new ICryptoTransform for decrypting data. |
| ICryptoTransform CreateEncryptor() | Creates a new ICryptoTransform for encrypting data. |
NaeKeyManagement
This class provides key management operations.
Constructors
| Constructor | Description |
|---|---|
| public NaeKeyManagement (NaeSession naeSession); | Create a new instance of NaeKeyManagement object. |
Methods
| Methods | Description |
|---|---|
| void DeleteKey(string keyName) | Deletes a key. |
| byte[] ExportKey(string keyName, KeyType type = KeyType.None) | Exports the keyBytes of a Key in byte []. |
| VersionedKey[] ExportKey(string keyName, bool allVersions, KeyType type = KeyType.None) | Exports all versions of a versioned key. |
| void GenerateKey(string keyName, int keySize, string algorithmName, bool exportable, bool deletable) | Generates a key of specified algorithm on NAE server. |
| INaeKey GetKey(string keyName) | Retrieves the key from the server. You must cast INaeKey into the appropriate key type. |
| byte[] ExportWrappedKey(string keyName, byte[] wrapPublicKey, KeyWrapFormat wrapFormat) | Exports the symmetric key wrapped with RSA key bytes. |
| bool GetKeyAttributes (string keyName, Dictionary | Retrieves all System and Custom attributes of a key. |
NaeAesGcm
This class provides AES/GCM operations.
Constructors
| Constructor | Description |
|---|---|
| NaeAesGcm(NaeSession naeSession) | Creates a new key object with no key name. This object can be used for GenerateKey method. |
| NaeAesGcm(NaeSession naeSession,string keyName, int tagLen) | Creates a new instance of an AES key object that accesses the KeyName key on the NAE Server. |
Methods
| Methods | Description |
|---|---|
| byte[] Encrypt(byte[] nonce, byte[] plainText, out byte[] tag,byte[] aad = null) | Encrypts the plaintext into the ciphertext destination buffer and generates the authentication tag into a separate buffer. |
| byte[] Decrypt(byte[] nonce, byte [] cipherText, byte[] tag, byte[] aad = null) | Decrypts the ciphertext into the provided destination buffer if the authentication tag can be validated. |
| GenerateKey(string keyName) | Creates a new key on the CipherTrust Manager. |
| Dispose() | Disposes an NaeAesGcm object. |
Properties
| Property | Description |
|---|---|
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
| IsVersioned | (read) True if the key is versioned key. |
| string KeyName | (read) Key name. |
| int KeySize | (read & write) Only can be set if the key doesn't exist on the NAE Server. |
| int TagLen | (read & write) Only can be set at the time of object creation. |
