User Guide
Quick Start
Tasks
- Upgrade from PA/CAP to CADP
- Create an NAE Session
- Setting up SSL with CipherTrust Manager
- Add Multiple CipherTrust Manager Servers
- Key Operations
  - Creating a Key
  - Creating a New Version of the Versioned Key
  - Using a Versioned Key to Decrypt, SignV, and MACV
  - Getting an Instance of a Key Object
  - Alternative Method to Get an Instance of a Key Object
  - Deleting a Key using the Key Name
  - Exporting a Key
  - Exporting a Wrapped Key
  - Setting a Key Mode and Padding
  - Getting Attributes of a Key
  - Exporting Versioned Key
  - Fetching Key Version using ID
- Generate and Verify MAC
- Encrypt a String Using an AES Key
- Decrypt a String Using an AES Key
- Encrypt a String Using an RSA Key
- Decrypt a String Using an RSA Key
- Encrypting/Decrypting a File
- Sign and SignVerify Data using an EC Key
- Sign and SignVerify Data using an RSA Key
- Enable Connection Pooling
- Enable Symmetric Key Caching
- Enable Asymmetric Key Caching
- Set Logging Parameters
- Change the Default Value of Connection Timeout
- Setting Transaction ID in Logs
- Logging to Syslog Server
Advanced Topics
- Configuration
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Caching Parameters
  - Logging Parameters
  - Syslog Advanced Configuration Parameters
  - SSL Configuration Parameters
  - Miscellaneous Configuration Parameters
- Connection Pooling
- Load Balancing Group
- Multi-tier Load Balancing Group
- Symmetric/Asymmetric Key Caching
- Persistent Key Caching
- Supported Services & Operations
- Supported Algorithms
- NAE Supported Functions
  - Supporting Calls
  - Connection Calls
  - Key-related Calls
  - MAC/Hash-related Calls
  - Security Considerations
- Format Preserving Encryption
- FPE/AES/Unicode Cardinality Block-Size Table
- API Definitions
- Key Permissions on Groups
- CryptoDataUtility
Troubleshooting

Using a Versioned Key to Decrypt, SignV, and MACV

When data is encrypted, signed, or MACed using a versioned key, the resulting ciphertext contains information in its header indicating which version of the key was used. This header is 3 bytes long. During decryption or verification process, the CipherTrust Manager parses this information and applies the correct key version.

To get version 1 of the key, run:

SymmetricAlgorithm symmetricAlgorithmKeyVersion1 = (NaeRijndaelKey)nkm.GetKey(keyname + "#1");

Note

If data requires a retired key version, you will get an exception.

Suggest A Change

Using a Versioned Key to Decrypt, SignV, and MACV

On this page