Your suggested change has been received. Thank you.

User Guide
Release Notes

All

All
CipherTrust Manager
CipherTrust Application Data Protection (CADP)
CipherTrust Application Key Management (CAKM)
CipherTrust Batch Data Transformation (BDT)
CipherTrust Cloud Key Management (CCKM)
CipherTrust Data Discovery and Classification (DDC)
CipherTrust Data Protection Gateway (DPG)
CipherTrust Database Protection (CDP)
CipherTrust Intelligent Protection (CIP)
CipherTrust Integrations
CipherTrust Migrations
CipherTrust RESTful Data Protection (CRDP)
CipherTrust Transparent Encryption (CTE)
CipherTrust Transparent Encryption Userspace (CTE-U)
CipherTrust Secrets Management (CSM)
CipherTrust Vaulted Tokenization (CT-V)
CipherTrust Vaultless Tokenization (CT-VL)
CTE-Linux
CTE-Windows
CTE-AIX
CTE-K8s
CTE-U
Crypto Command Center
Data Protection on Demand
Luna Cloud HSM
Luna Network HSM
Luna PCIe HSM
Luna USB HSM
OneWelcome Identity Platform
ProtectApp LUKS
ProtectServer 2 HSM
ProtectServer 3 HSM
SafeNet Trusted Access (STA)
SafeNet MobilePASS+
SafeNet MobilePASS+ for Android
SafeNet MobilePASS+ for Chrome
SafeNet MobilePASS+ for macOS
SafeNet MobilePASS+ for iOS
SafeNet MobilePASS+ for WatchOS
SafeNet MobilePASS+ for Windows
SafeNet Synchronization Agent
SafeNet Logging Agent
SafeNet Agent for FreeRADIUS
SafeNet Agent for NPS
SafeNet Agent for Windows Logon
SafeNet Authentication Service Private Cloud Edition (SAS PCE)
SafeNet Remote Logging Agent
SafeNet Keycloak Agent
SafeNet IDPrime Virtual (IDPV)
SafeNet FIDO Key Manager
SafeNet FIDO Key Manager for Android
SafeNet FIDO Key Manager for iOS
SafeNet FIDO Key Manager for Windows

Advanced Topics

Key Permissions on Groups

Please Note:

User Guide
Quick Start
Tasks
- Upgrade from PA/CAP to CADP
- Create an NAE Session
- Setting up SSL with CipherTrust Manager
- Add Multiple CipherTrust Manager Servers
- Key Operations
  - Creating a Key
  - Creating a New Version of the Versioned Key
  - Using a Versioned Key to Decrypt, SignV, and MACV
  - Getting an Instance of a Key Object
  - Alternative Method to Get an Instance of a Key Object
  - Deleting a Key using the Key Name
  - Exporting a Key
  - Exporting a Wrapped Key
  - Setting a Key Mode and Padding
  - Getting Attributes of a Key
  - Exporting Versioned Key
  - Fetching Key Version using ID
- Generate and Verify MAC
- Encrypt a String Using an AES Key
- Decrypt a String Using an AES Key
- Encrypt a String Using an RSA Key
- Decrypt a String Using an RSA Key
- Encrypting/Decrypting a File
- Sign and SignVerify Data using an EC Key
- Sign and SignVerify Data using an RSA Key
- Enable Connection Pooling
- Enable Symmetric Key Caching
- Enable Asymmetric Key Caching
- Set Logging Parameters
- Change the Default Value of Connection Timeout
- Setting Transaction ID in Logs
- Logging to Syslog Server
Advanced Topics
- Configuration
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Caching Parameters
  - Logging Parameters
  - Syslog Advanced Configuration Parameters
  - SSL Configuration Parameters
  - Miscellaneous Configuration Parameters
- Connection Pooling
- Load Balancing Group
- Multi-tier Load Balancing Group
- Symmetric/Asymmetric Key Caching
- Persistent Key Caching
- Supported Services & Operations
- Supported Algorithms
- NAE Supported Functions
  - Supporting Calls
  - Connection Calls
  - Key-related Calls
  - MAC/Hash-related Calls
  - Security Considerations
- Format Preserving Encryption
- FPE/AES/Unicode Cardinality Block-Size Table
- API Definitions
- Key Permissions on Groups
- CryptoDataUtility
Troubleshooting

CADP for .NET Core
User Guide
Advanced Topics
Key Permissions on Groups

Key Permissions on Groups

CADP for .NET Core allows you to perform crypto operations based on the key permissions set on the groups on the CipherTrust Manager.

Supported operations

User groups can be granted permissions to perform the following operations with a particular key:

Encrypt
Decrypt
Sign
Verify

Steps to perform on CipherTrust Manager

Create a user on the CipherTrust Manager.
Assign the created user to the user-defined or system-defined group. For details, refer to Assign a User to a Group.
Create a key and set key permissions. Key permissions act at the group level. User groups can be granted permissions to perform the supported operations.

Crypto operations on client application

After fetching the key, the client application allows or restricts any crypto operations using that key based on the permissions granted to the groups on that key.

If a user tries to perform any operation other than the allowed one using that key, the access denied error appears.

On this page

Supported operations
Steps to perform on CipherTrust Manager
Crypto operations on client application

CADP for .NET Core

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Support Contacts
- Text Conventions
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Print

Suggest An Edit

Download this Page

Download Project

Copy Link

Copy Link

Copy Link