Public Key object

The structure of an HSM Public Key object is:

  • Authentication: Default is false. The value is true if the associated private key is intended for authentication. Determined by the software environment.
  • CreatedOn: A ISO8601 time string indicating when the associated private key was created. Determined by the software environment.
  • Encipherment: Default is false. The value is true if the associated private key is intended for encipherment. Determined by the software environment.
  • EnvironmentType: Default is 0. The HSM environment type from which this public key originates:
    • 0 = Certificate environment. A single certificate and keypair.
    • 1 = GNU Privacy Guard (GPG) environment. Three keypairs (sign, encrypt, auth) and optional certificates.
    • 2 = .Net Strongname environment. No certificate; RSA only.
    • 3 = Cryptographic Service Provider (CSP). Two key pairs (sign and encrypt), certificates optional.
  • Handle: Default is 0. The handle the server uses to identify this object.
  • Id: The byte array of this object is Base64 encoded. Typically, the bytes of the Label.
  • KeyContext: If an HSM environment has more than one key, the purpose of the key, otherwise null.
  • KeyId: The identifier for the environment of this public key. Typically, this is the GUID of the environment object.
  • Label: The label of the public key. Usually, this is the CodeSign Protect project and environment name.
  • ObjectType: 2. The object type of the HSM object.
    • 1 = X. 509 Certificate
    • 2 = Public key
    • 3 = Private key
    • 4 = Symmetric key
  • Signing: Default is true. The value is true if the associated private key is intended for signing. Determined by the software environment.
  • Token: Default is true. The value is true if the certificate resides on-a cryptographic token such as a smart card or HSM. Currently always true.
  • KeyType: The cryptoki key:
    • CryptokiKeyRSA = RSA
    • CryptokiKeyDSA= DSA
    • CryptokiKeyEC= ECDSA
    • CryptokiKeyEC_EDWARDS = EdDSA
  • Bits: Default is 0. The size of the key.
  • Encrypt: Default is true. The value is true if the key may be used to encrypt.
  • Exponent: If KeyType is CryptokiKeyRSA the exponent of the public key is Base64 encoded.
  • Modulus: If KeyType is CryptokiKeyRSA, the modulus of the public key is Base64 encoded.
  • Curve: Appears if KeyType is CryptokiKeyEC or CryptokiKeyEC_EDWARDS, the name of the curve.
  • ECPoint: Appears if KeyType is CryptokiKeyEC or CryptokiKeyEC_EDWARDS, the public key, Base64 encoded.
  • Params: Appears if KeyType is CryptokiKeyEC or CryptokiKeyEC_EDWARDS, the Base64 encode curve parameters.
  • Verify: Default is true. The value is true if the key may be used for verification.
  • Wrap: Default is true. The value is true if the key may be used for wrapping other keys.