SDKMS provides multiple interfaces to application developers. For C/C++ programmers, SDKMS provides a PKCS#11 interface through a library. For Java programmers, SDKMS can be accessed through the JCE interface. SDKMS can also be accessed through its RESTful interface, documented at https://www.fortanix.com/api/
We provide examples for using SDKMS in 3 languages – a C++ program using the PKCS#11 interface, a Java program using the JCE interface, and a Python program using the REST interface.
The example programs can be downloaded in full at the Downloads page.
C++
CK_FUNCTION_LIST_PTR initialize() {
CK_FUNCTION_LIST_PTR p11;
void *pDynLib;
pDynLib = dlopen("/opt/fortanix/pkcs11/sdkms-pkcs11.so", RTLD_NOW);
if (!pDynLib) {
cout << "Failed to load the PKCS#11 library" << endl;
return NULL;
}
cout << "Successfully initialized PKCS#11 library to use Fortanix SDKMS" << endl;
CK_C_GetFunctionList pGetFunctionList = (CK_C_GetFunctionList) dlsym(pDynLib, "C_GetFunctionList");
(*pGetFunctionList)(&p11);
return p11;
}
CK_RV login(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE_PTR phSession, string pin) {
CK_RV rv;
CK_SLOT_ID slotId = 1;
rv = p11->C_Initialize(NULL_PTR);
if (rv == CKR_OK) {
rv = p11->C_OpenSession(slotId, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, phSession);
if (rv == CKR_OK) rv = p11->C_Login(*phSession, CKU_USER, (CK_UTF8CHAR_PTR)pin.c_str(), pin.length());
}
if (rv != CKR_OK) {
cout << "Incorrect API Key. Error code = " << rv << endl;
} else {
cout << "Successfully logged in to Fortanix SDKMS" << endl << endl;
}
return rv;
}
C#
public void initialize() {
string apiKey = "";
Configuration.Default.BasePath = "https://sdkms.fortanix.com";
string decodedKey = Encoding.ASCII.GetString(Convert.FromBase64String(apiKey));
string[] tokens = decodedKey.Split(':');
Configuration.Default.Username = tokens[0];
Configuration.Default.Password = tokens[1];
// App Authentication
AuthenticationApi authenticationApi = new AuthenticationApi();
AuthResponse response = authenticationApi.Authorize();
Configuration.Default.AddApiKey("Authorization", response.AccessToken);
Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer");
}
Golang
func initialize() {
API_KEY = `YOUR_API_KEY`
API_END_POINT = `API_END_POINT`
config := &sdkms.Configuration{
BasePath: API_END_POINT,
}
client := sdkms.NewAPIClient(config)
decodeKey, _ := base64.StdEncoding.DecodeString(API_KEY)
parts := strings.Split(string(decodeKey), ":")
ctx := context.WithValue(context.Background(), sdkms.ContextBasicAuth, sdkms.BasicAuth{
UserName: parts[0],
Password: parts[1],
})
authResponse, _, _ := client.AuthenticationApi.Authorize(ctx)
ctx = context.WithValue(context.Background(), sdkms.ContextAccessToken, authResponse.AccessToken)
}
Java
private static Provider initialize() {
try {
final Path tmpFile = Files.createTempFile("pkcs11", ".cfg");
tmpFile.toFile().deleteOnExit();
final List lines = Arrays.asList("name = fortanix", "library = /opt/fortanix/pkcs11/sdkms-pkcs11.so");
Files.write(tmpFile, lines, Charset.defaultCharset(), StandardOpenOption.WRITE);
Provider provider = new sun.security.pkcs11.SunPKCS11(tmpFile.toString());
System.out.println("Successfully initialized JCE to use Fortanix SDKMS");
return provider;
} catch (Exception e) {
System.out.println("Could not initialize: " + e);
return null;
}
}
private static boolean login(Provider provider, String apiKey) {
try {
KeyStore ks = KeyStore.getInstance("PKCS11", provider);
ks.load(null, apiKey.toCharArray());
System.out.println("Successfully logged in to Fortanix SDKMS");
return true;
} catch (Exception e) {
System.out.println("Incorrect API Key: " + e);
return false;
}
}
Python
def initialize_api_client():
KEY = 'YOUR_API_KEY'
API_END_PONT = 'API_END_POINT'
api_keys = base64.b64decode(KEY).decode('ascii')
parts = api_keys.split(':')
if len(parts) != 2:
print 'Invalid API key provided'
exit(1)
config = sdkms.v1.Configuration()
config.host = API_END_POINT
config.username = parts[0]
config.password = parts[1]
client = sdkms.v1.ApiClient(configuration=config)
auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
try:
auth = auth_instance.authorize()
config.api_key['Authorization'] = auth.access_token
config.api_key_prefix['Authorization'] = 'Bearer'
return client
except ApiException as e:
print("Exception when calling AuthenticationApi->authorize: %s\n" % e)
return None