Private Key object

The structure of an HSM Private Key object is:

  • Authentication: Default is false. The value is true if the associated public key is intended for authentication. Determined by the software environment.
  • CreatedOn: A ISO8601 time string indicating when the associated public key was created. Determined by the software environment.
  • Encipherment: Default is false. The value is true if the associated public key is intended for encipherment. Determined by the software environment.
  • EnvironmentType: Default is 0. The HSM environment type from which this private key originates:
    • 0 = Certificate environment. A single certificate and keypair.
    • 1 = GNU Privacy Guard (GPG) environment. Three keypairs (sign, encrypt, auth) and optional certificates.
    • 2 = .Net Strongname environment. No certificate; RSA only.
    • 3 = Cryptographic Service Provider (CSP). Two key pairs (sign and encrypt), certificates optional.
  • Handle: Default is 0. The handle the server uses to identify this object.
  • Id: The byte array of this object is Base64 encoded. Typically, the bytes of the Label.
  • KeyContext: The key context of the associated public key, or null.
  • KeyId: The identifier of the Certificate object. Typically, this is the GUID of the environment object.
  • Label: The label of the public key. Usually, this is the CodeSign Protect project and environment name.
  • ObjectType: 3. The object type of the HSM object:
    • 1 = X. 509 Certificate
    • 2 = Public key
    • 3 = Private key
    • 4 = Symmetric key
  • Private: Default is true. The value is true if the private key can not be exported in plain text.
  • Signing: Default is true. The value is true if the associated public key is intended for signing. Determined by the software environment.
  • Token: Default is true. The value is true if the certificate resides on-a cryptographic token such as a smart card or HSM. Currently always true.
  • KeyType: The key type of this key.
    • CryptokiKeyRSA = RSA
    • CryptokiKeyDSA= DSA
    • CryptokiKeyEC = ECDSA
    • CryptokiKeyEC_EDWARDS = EdDSA
  • Decrypt: Default is true. The value is true if the key may be used for decryption.
  • Exponent: If KeyType is CryptokiKeyRSA, the exponent of the public key is Base64 encoded.
  • Modulus: If KeyType is CryptokiKeyRSA, the modulus of the public key is Base64 encoded.
  • Curve: Appears if KeyType is CryptokiKeyEC or CryptokiKeyEC_EDWARDS, the name of the curve.
  • Params: Appears if KeyType is CryptokiKeyEC or CryptokiKeyEC_EDWARDS, the Base64 encode curve parameters.
  • Sign: Default is true. The value is true if the key may be used for signing.
  • Unwrap: Default is true. The value is true if the key may be used for unwrapping other keys.