Key-related Calls
Key-related classes are:
NaeKeySpec
All NAE key classes implement this interface.
Properties
| Properties | Description |
|---|---|
| int KeySize | (read & write) Retrieves the key size. |
| bool IsExportable | (read & write) True if the key can be exported. |
| bool IsDeletable | (read & write) True if the key can be deleted. |
| bool IsVersioned | (read only) True if the key is a versioned key. |
| string CryptoAlgName | (read only) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName | (read only) Key name. |
NaeRijndaelKey
This class implements the AES algorithm. This class extends System.Security.Cryptography.Rijndael and CADP.NetCore.Crypto.INaeSymmetricKey.
Constructors
| Constructor | Description |
|---|---|
| NaeRijndaelKey (NaeSession naeSession, string keyName) | Creates a new instance of an AES key object that accesses the key keyName on the NAE Server. |
| NaeRijndaelKey (NaeSession naeSession) | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey(). |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName | (read) Key name. |
| byte [] Key | (read) Retrieves the key bytes. Throws an NaeException if the Key is not exportable. Any attempt to set this property will throw a NotImplementedException. |
| int Feedback | Not supported. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
Methods
| Method | Description |
|---|---|
| void GenerateKey (string KeyName); | Creates a new key on the NAE Server. |
| ICryptoTransform CreateDecryptor (); | Same as superclass, but might throw an NaeException. |
| ICryptoTransform CreateDecryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateDecryptor (byte[] KeyBytes, byte[] IV) | Not supported; use CreateDecryptor() or CreateDecryptor (IV) instead. |
| ICryptoTransform CreateEncryptor (); | Same as superclass, but might throw an NAEException. |
| ICryptoTransform CreateEncryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateEncryptor (byte[] KeyBytes, byte[] IV) | Not supported; use CreateEncryptor() or CreateEncryptor (IV) instead. |
| byte[] GetDefaultIV (string keyName) | Returns byte array for the default IV of a key. |
Note
When using AES keys with no padding, the plaintext must be greater than 0 bytes.
NaeRSAKey
This class implements the RSA algorithm. This class extends System.Security.Cryptography.RSA and System.Security.Cryptography.NAEKey.
Constructors
| Constructor | Description |
|---|---|
| NaeRsaKey(NaeSession naeSession, string keyName); | Creates a new instance of an RSA key object that accesses the KeyName key on the NAE Server. |
| NaeRsaKey(NaeSession naeSession); | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey. |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName (read) | Key name. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the CipherTrust Manager. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
Methods
| Method | Description |
|---|---|
| void GenerateKey(string KeyName); | Creates a new key on the CipherTrust Manager. |
| byte[] SignData(byte[] inputdata, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) | Returns signed bytes for a byte input, string algorithm name, and RSA signature padding. |
| bool VerifyData(byte[] inputdata, byte[] signedData, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) | Verifies the signed bytes with the byte input data, string algorithm name, and RSA signature padding. |
| byte[] Encrypt(byte[] data, RSAEncryptionPadding padding) | Returns the encrypted bytes for a byte input and RSA Encryption padding. |
| byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) | Returns the decrypted bytes for encrypted bytes input and RSA Encryption padding. |
MaximumAllowedInputSize for Crypto Operation using different padding schemes
| Padding | MaximumAllowedInputSize for Crypto Operation |
|---|---|
| Pkcs1 (default) | InputDataLength <= ( (RSAKeySize/8) – 11 ) |
| OaepSHA1 | InputDataLength <= ( (RSAKeySize/8) – 42 ) |
| OaepSHA256 OaepSHA384 OaepSHA512 | InputDataLength <= ( (RSAKeySize/8) – (2*HashLength/8) - 2 ) |
NaeTripleDesKey
This class implements the 3DES algorithm. This class extends System.Security.Cryptography.TripleDES.
Constructors
| Constructor | Description |
|---|---|
| NaeTripleDesKey(NaeSession naeSession, string keyName); | Creates a new instance of a 3DES key object that accesses the key named KeyName on the NAE Server. |
| NaeTripleDesKey(NaeSession naeSession); | Creates a new key object with no key bytes. This key can then be created on the NAE Server using GenerateKey(). |
Properties
| Properties | Description |
|---|---|
| string CryptoAlgName | (read) Key Algorithm. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
| string KeyName | (read) Key name. |
| byte[] | IV CBC mode requires an 8 byte IV. IV is not allowed in ECB mode. |
| PaddingMode | Padding PKCS7Padding (default) NoPadding |
| CipherMode Mode | ECB (default) CBC |
| bool IsVersioned | (read) True if the key is versioned. |
| byte[] Key | (read) Retrieves the key bytes. Throws an NaeException if the key is not exportable. Any attempt to set this property will throw a NotImplementedException. |
| int KeySize | Supported key sizes are 168 (default) and 112 bits. Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits. A key size of 112 bits refers to two–key triple DES. The sequence of operations in two–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key1 A key size of 168 bits refers to three–key triple DES. The sequence of operations in three–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key3 |
| String CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
Methods
| Method | Description |
|---|---|
| void GenerateKey(string keyName); | Creates a new key named KeyName on the NAE Server. |
| ICryptoTransform CreateDecryptor(); | Same as superclass, but might throw an NaeException. |
| ICryptoTransform CreateDecryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateDecryptor (byte[] KeyBytes, byte[] IV); | Not supported; use CreateDecryptor() or CreateDecryptor(byte [] IV) instead. |
| ICryptoTransform CreateEncryptor(); | Same as superclass, but might throw an NaeException. |
| ICryptoTransform CreateEncryptor (byte[] IV); | Creates a new ICryptoTransform using the current key and the specified IV. Does not modify the IV property of the instance. |
| ICryptoTransform CreateEncryptor (byte[] KeyBytes, byte[] IV); | Not supported; use CreateEncryptor() or CreateEncryptor(byte [] IV) instead. |
Note
When using DESede keys with no padding, the data you encrypt must be greater than 0 bytes.
NaeFpe
This class implements the FPE algorithm.
Constructors
| Constructor | Description |
|---|---|
| NaeFpe(NaeSession naeSession, string keyName, Cardinality cardinality, UserSpec userSpec = null); | Creates a new instance of an FPE key object, of cardinality 10 or 26, that accesses the key named KeyName and provides the tweak data and tweak algo via UserSpec. |
| public NaeFpe(NaeSession naeSession, string keyName, AlgorithmName algoName, UserSpec userSpec = null, string charSetRange = null, Encoding encoding = null, VersionKeyHeaderSupported versionKeyHeaderSupported = VersionKeyHeaderSupported.Internal_Header_Supported); | Creates a new instance of an FPE key object, of cardinality based on algorithmName parameter, that accesses the key named KeyName and provides the tweak data and tweak algo via UserSpec. Provide the charset range in the String format for Unicode. Currently we support UTF-8, UTF-16LE, UTF-16BE, and UTF-32LE encodings. The default encoding is UTF-8. Provide the VersionKeyHeaderSupported value in case of versioned key support. Note: This is the recommended method. |
Properties
| Properties | Description |
|---|---|
| NaeSession naeSession | Authenticated session. |
| string CryptoAlgName | (read) Key Algorithm. |
| string keyName | (read) Key name. |
| Cardinality cardinality | Cardinality is set only for AES Algorithms. These algorithms are picked automatically. Valid values are CARD10, CARD26, CARD62, and UNICODE. |
| UserSpec userSpec = null | User specification including TweakAlgo and TweakData. |
| AlgorithmName algoName | One of the following options can be passed as AlgorithmName: FPE_AES — NaeFpe.AlgorithmName.FPE_AES_CARD10 — NaeFpe.AlgorithmName.FPE_AES_CARD26 — NaeFpe.AlgorithmName.FPE_AES_CARD62 — NaeFpe.AlgorithmName.FPE_AES_UNICODE FPE_FF1v2 — NaeFpe.AlgorithmName.FPE_FF1v2_CARD10 — NaeFpe.AlgorithmName.FPE_FF1v2_CARD26 — NaeFpe.AlgorithmName.FPE_FF1v2_CARD62 — NaeFpe.AlgorithmName.FPE_FF1v2_UNICODE FPE_FF3 — NaeFpe.AlgorithmName.FPE_FF3_CARD10 — NaeFpe.AlgorithmName.FPE_FF3_CARD26 — NaeFpe.AlgorithmName.FPE_FF3_CARD62 — NaeFpe.AlgorithmName.FPE_FF3_UNICODE FPE_FF3_1 — NaeFpe.AlgorithmName.FPE_FF3_1_CARD10 — NaeFpe.AlgorithmName.FPE_FF3_1_CARD26 — NaeFpe.AlgorithmName.FPE_FF3_1_CARD62 — NaeFpe.AlgorithmName.FPE_FF3_1_UNICODE |
| string charSetRange = null | Charset Range for Unicode only. For example, "0700-074F,0000-007F,0590-05FF,00C00". |
| Encoding encoding = null | This property is only required for FF1v2. Currently we support UTF-8, UTF-16LE, UTF-16BE, and UTF-32LE encodings. Default value is UTF-8. |
| versionKeyHeaderSupported = VersionKeyHeaderSupported.Internal_Header_Supported | The key version header can be passed as one of the values: Internal_Header_Supported or External_Header_Supported. |
Methods
| Method | Description |
|---|---|
| ICryptoTransform CreateDecryptor() | Creates a new ICryptoTransform for decrypting data. |
| ICryptoTransform CreateEncryptor() | Creates a new ICryptoTransform for encrypting data. |
NaeKeyManagement
This class provides key management operations.
Constructors
| Constructor | Description |
|---|---|
| public NaeKeyManagement (NaeSession naeSession); | Create a new instance of NaeKeyManagement object. |
Methods
| Methods | Description |
|---|---|
| void DeleteKey(string keyName) | Deletes a key. |
| byte[] ExportKey(string keyName, KeyType type = KeyType.None) | Exports the keyBytes of a Key in byte []. |
| VersionedKey[] ExportKey(string keyName, bool allVersions, KeyType type = KeyType.None) | Exports all versions of a versioned key. |
| void GenerateKey(string keyName, int keySize, string algorithmName, bool exportable, bool deletable) | Generates a key of specified algorithm on NAE server. |
| INaeKey GetKey(string keyName) | Retrieves the key from the server. You must cast INaeKey into the appropriate key type. |
| byte[] ExportWrappedKey(string keyName, byte[] wrapPublicKey, KeyWrapFormat wrapFormat) | Exports the symmetric key wrapped with RSA key bytes. |
| bool GetKeyAttributes (string keyName, Dictionary | Retrieves all System and Custom attributes of a key. |
| VersionInfo GetKeyVersionById(string idValue, KeyIdType idType) | Retrieves key name, key version, and corresponding header bytes using ID. For non-versioned keys, the returned version will be -1 with Null header bytes. |
NaeAesGcm
This class provides AES/GCM operations.
Constructors
| Constructor | Description |
|---|---|
| NaeAesGcm(NaeSession naeSession) | Creates a new key object with no key name. This object can be used for GenerateKey method. |
| NaeAesGcm(NaeSession naeSession,string keyName, int tagLen) | Creates a new instance of an AES key object that accesses the KeyName key on the NAE Server. |
Methods
| Methods | Description |
|---|---|
| byte[] Encrypt(byte[] nonce, byte[] plainText, out byte[] tag,byte[] aad = null) | Encrypts the plaintext into the ciphertext destination buffer and generates the authentication tag into a separate buffer. |
| byte[] Decrypt(byte[] nonce, byte [] cipherText, byte[] tag, byte[] aad = null) | Decrypts the ciphertext into the provided destination buffer if the authentication tag can be validated. |
| GenerateKey(string keyName) | Creates a new key on the CipherTrust Manager. |
| Dispose() | Disposes an NaeAesGcm object. |
Properties
| Property | Description |
|---|---|
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key does not exist on the NAE Server. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key does not exist on the NAE Server. |
| IsVersioned | (read) True if the key is versioned key. |
| string KeyName | (read) Key name. |
| int KeySize | (read & write) Only can be set if the key doesn't exist on the NAE Server. |
| int TagLen | (read & write) Only can be set at the time of object creation. |
NaeECIESKey
This class implements the EC algorithm. This class extends System.Security.Cryptography.ECDSA and System.Security.Cryptography.NAEKey.
Constructors
| Constructor | Description |
|---|---|
| NaeECIESKey(NaeSession naeSession, SupportedCurves _curveDetails) | Creates a new instance of an EC key object using provided curve details (Curve id and key size). |
| NaeECIESKey(NaeSession naeSession, string keyName, KeyInfo keyInfo) | Creates a new instance of an EC key object that accesses the KeyName and keyInfo on the NAE Server. |
Methods
| Methods | Description |
|---|---|
| void GenerateKey(string KeyName); | Creates a new key on the CipherTrust Manager. |
| byte[] SignData(byte[] inputdata, HashAlgorithmName hashAlgorithm) | Returns signed bytes for provided byte input and Hash algorithm. |
| bool VerifyData(byte[] inputdata, int offset, int count, byte[] signedData, HashAlgorithmName hashAlgorithm) | Verifies the signed bytes with the byte input data and Hash algorithm for provided offset and count values. |
Properties
| Property | Description |
|---|---|
| string CryptoAlgName | (read) Name of the Cryptographic algorithm to which the key belongs to. |
| string KeyName | (read) Key name. |
| bool IsDeletable | (read & write) True if the key can be deleted. Can only be set if the key doesn't exist on the CipherTrust Manager. |
| bool IsExportable | (read & write) True if the key can be exported. Can only be set if the key doesn't exist on the NAE Server. |
