Key Management APIs
The Key Management APIs help you store and handle cryptographic keys. See Cryptographic services key management for key management information.
The Key Management APIs include:
- Clear Master Key (QC3CLRMK, Qc3ClearMasterKey) clears the specified master key version.
- Create Keystore (QC3CRTKS, Qc3CreateKeyStore) creates a database file for securely storing cryptographic key values for use with the cryptographic services set of APIs.
- Delete Key Record (QC3DLTKR, Qc3DeleteKeyRecord) deletes a key record from a keystore file.
- Export Key (QC3EXPKY, Qc3ExportKey) decrypts a key encrypted under a master key and re-encrypts it under the specified key-encrypting key.
- Extract Public Key (QC3EXTPB, Qc3ExtractPublicKey) extracts a public key from a BER encoded PKCS #8 string or from a key record containing a public or private PKA key.
- Generate ECC Key Pair (QC3GENECC, Qc3GenECCKeyPair) generates a random ECC key pair given a set of domain parameters to be used with elliptic curve cryptographic algorithms.
- Generate Elliptic Curve Diffie-Hellman Key Pair (QC3GENECDK, Qc3GenECDKeyPair) generates a Diffie-Hellman (D-H) private/public key pair needed for calculating a Diffie-Hellman shared secret key.
- Generate Key Record (QC3GENKR, Qc3GenKeyRecord) generates a random key or key pair and securely stores it in a keystore file.
- Import Key (QC3IMPKY, Qc3ImportKey) encrypts a key under the specified master key.
- Load Master Key Part (QC3LDMKP, Qc3LoadMasterKeyPart) loads a key part for the specified master key by hashing the specified passphrase and adding it into the new master key version.
- Retrieve Key Record Attributes (QC3RTVKA, Qc3RetrieveKeyRecordAtr) returns the key type and key size of a key stored in a keystore file. It also identifies the master key under which the stored key is encrypted and the master key's KVV.
- Retrieve Keystore File Attributes (QC3RTVFA, Qc3RetrieveKeyStoreFileAtr) returns for the specified keystore file the number of key records, the id of the master key used to encrypt the key values, the date and time the keystore file was created or last translated, and the translation status of the keys.
- Retrieve Keystore Records (QC3RTVKS, Qc3RetrieveKeyStoreRecords) returns a list of keystore records and their attributes for a keystore file.
- Set Master Key (QC3SETMK, Qc3SetMasterKey) sets the specified master key from the parts already loaded.
- Test Master Key (QC3TSTMK, Qc3TestMasterKey) returns the key verification value for the specified master key.
- Translate Key (QC3TRNKY, Qc3TranslateKey) translates the specified key string to another master key, or if the same master key is specified, to the current version of the master key.
- Translate Keystore (QC3TRNKS, Qc3TranslateKeyStore) translates keys stored in the specified keystore files to another master key, or if the same master key is specified, to the current version of the master key.
- Write Key Record (QC3WRTKR, Qc3WriteKeyRecord) securely stores the specified key value in a keystore file.
[ Back to top | Cryptographic Services APIs | APIs by category ]