SDKMS provides multiple interfaces to application developers. For C/C++ programmers, SDKMS provides a PKCS#11 interface through a library. For Java programmers, SDKMS can be accessed through the JCE interface and through Java SDK. SmartKey can also be accessed through its RESTful interface, documented at https://www.fortanix.com/api/
We provide examples for using SDKMS in 7 languages – a C++ program using the PKCS#11 interface, a Java program using the JCE interface, and other programs using the REST interface through Java, Python, Golang, C#, PHP and Javascript SDKs
The example programs can be downloaded in full at the Downloads page.
C++
string encrypt(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, string plain) { CK_RV rv; CK_BYTE *iv; CK_ULONG iv_len; string iv_b64; CK_BYTE *cipher; CK_ULONG cipher_len; string cipher_b64; iv_len = (CK_ULONG) AES_KEYLENGTH/8; iv = (CK_BYTE *)malloc(iv_len * sizeof(CK_BYTE)); CK_MECHANISM mechanism = { CKM_AES_CBC_PAD, iv, iv_len }; Base64::Encode(string((char *)iv, iv_len), &iv_b64); rv = p11->C_EncryptInit(hSession, &mechanism, hKey); if (rv == CKR_OK) { rv = p11->C_Encrypt(hSession, (CK_BYTE_PTR) plain.c_str(), plain.length(), NULL, &cipher_len); if (rv == CKR_OK) { cipher = (CK_BYTE *)malloc(cipher_len * sizeof(CK_BYTE)); rv = p11->C_Encrypt(hSession, (CK_BYTE_PTR) plain.c_str(), plain.length(), cipher, &cipher_len); } } if (rv != CKR_OK) { cout << "Encryption failed. Error code = " << rv << endl; return string(); } Base64::Encode(string((char *)cipher, cipher_len), &cipher_b64); return iv_b64 + ":" + cipher_b64; }
C#
public void encrypt() { EncryptRequest encryptRequest = new EncryptRequest(Alg: ObjectType.AES, Mode: CryptMode.CBC, Plain: Encoding.ASCII.GetBytes("Hello World")); EncryptionAndDecryptionApi encryptionAndDecryptionApi = new EncryptionAndDecryptionApi(); EncryptResponse encResp = encryptionAndDecryptionApi.Encrypt(kid, encryptRequest); }
Golang
func encrypt() { encryptionRequest := sdkms.EncryptRequest{ Alg: &sdkms.AES, Plain: plain, Mode: &sdkms.CBC, } encryptionResponse, _, _ := client.EncryptionAndDecryptionApi.Encrypt(ctx, securityObjectResponse.Kid, encryptionRequest) }
Java
private static EncryptResponse encrypt() {
String data = "Hello World!";
byte[] plain = data.getBytes()
EncryptRequest encryptRequest = new EncryptRequest();
encryptRequest.alg(ObjectType.AES)
.plain(plain)
.mode(CryptMode.CBC);
try {
EncryptResponse encryptResponse =
encryptionAndDecryptionApi.encrypt(kid, encryptRequest);
return encryptResponse;
} catch (Exception e) {
System.out.println("Encryption failed: " + e);
return null;
}
}Python
def encrypt(): api_instance = sdkms.v1.EncryptionAndDecryptionApi(api_client=client) request = sdkms.v1.EncryptRequest(alg=ObjectType.AES, plain=plain, mode=CipherMode.CBC) try: encryption_response = api_instance.encrypt(kid, request) return encryption_response except ApiException as e: print("Exception when calling EncryptionAndDecryptionApi->encrypt: %s\n" % e) return None
PHP
public function encrypt() {
$cryptMode = new Swagger\Client\Model\CryptMode();
$encryptionRequestBody = array('alg' => $objType::AES, 'mode' => $cryptMode::CBC, 'plain' => $plain);
$encryptionRequest = new Swagger\Client\Model\EncryptRequest($encryptionRequestBody);
$encryptionAndDecryptionApi = new Swagger\Client\Api\EncryptionAndDecryptionApi($client);
$encryptionResponse = $encryptionAndDecryptionApi->encrypt($securityObjectResponse["kid"], $encryptionRequest);
} Javascript
var encryptCallback = function(error, data, response) {
if (error) {
console.error("Error: " + JSON.stringify(response));
} else {
console.log('Data encrypted successfully. result: ' + JSON.stringify(data));
}
};
var encryptApi = new FortanixSdkmsRestApi.EncryptionAndDecryptionApi()
var plain = btoa("Hello World!")
var encryptRequest = FortanixSdkmsRestApi.EncryptRequest.constructFromObject({"alg" :"AES", "plain": plain, "mode": "CBC"})
encryptApi.encrypt(data["kid"], encryptRequest, encryptCallback)