KMLIB Sample Applications

Three sample applications are provided with the product, together with a makefile to demonstrate how to build the samples. The sample applications are:

>Generate a DES key and an RSA key pair (Sample1.c)

>Export a DES key file for key backup (Sample2.c)

>Import a DES key to file for key recovery (Sample3.c)

Unix and Win32 versions are provided. The makefile will compile the three samples into executable files. Use the following commands to do this:

>Win32: nmake -f nt.mak

>Unix: gmake -f Makefile

NOTE   To avoid running into issues, move samples out of the installation directory before modifying, compiling, or running them.

Sample1.c

This sample shows how to generate 2 types of keys using KMLIB. These are:

>A DES3 secret key

>An RSA key pair

The following assumptions are made:

>slot 1 already exists in the HSM

>the SO and user pin are set to 9999 for slot 1

Use either the ctbrowse GUI utility (ctbrowse - Token Browser) or the following ctkmu utility command to check that the tokens have been created:

ctkmu l -s1

Sample2.c

This sample shows how to back up tokens using KMLIB. It uses the tokens created by Sample1.c to create the backup.

The tokens in the sample are backed up to a file named backup.bin.

The following assumptions are made:

>Wrap key secret_key_example exists in Slot 1. This is created when Sample1.c is run

>The User pin is set to 9999 for Slot 1

Sample3.c

This sample shows how to recover tokens using KMLIB. It restores the tokens from the backup file created by Sample2.c.

The following assumptions are made:

>Unwrap key secret_key_example exists in Slot 1. This is created when Sample1.c is run.

>Backup file backup.bin exists. This is created when Sample2.c is run

>The User pin is set to 9999 for Slot 1

So that it can be confirmed that the tokens have been restored from the backup file, delete public_key_example prior to running Sample 3.c.

Use the following ctkmu utility command to delete the file:

ctkmu d -s1 -n public_key_example

Use either the ctbrowse GUI utility (ctbrowse - Token Browser) or the following ctkmu utility command to check that the tokens have been restored:

ctkmu l -s1