SDKMS provides multiple interfaces to application developers. For C/C++ programmers, SDKMS provides a PKCS#11 interface through a library. For Java programmers, SDKMS can be accessed through the JCE interface and through Java SDK. SmartKey can also be accessed through its RESTful interface, documented at https://www.fortanix.com/api/
We provide examples for using SDKMS in 7 languages – a C++ program using the PKCS#11 interface, a Java program using the JCE interface, and other programs using the REST interface through Java, Python, Golang, C#, PHP and Javascript SDKs
The example programs can be downloaded in full at the Downloads page.
C++
string decrypt(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, string iv_cipher) { CK_RV rv; CK_BYTE *plain; CK_ULONG plain_len; string iv; string cipher; Base64::Decode(iv_cipher.substr(0, iv_cipher.find(':')), &iv); CK_MECHANISM mechanism = { CKM_AES_CBC_PAD, (CK_BYTE_PTR) iv.c_str(), iv.length() }; rv = p11->C_DecryptInit(hSession, &mechanism, hKey); if (rv == CKR_OK) { Base64::Decode(iv_cipher.substr(iv_cipher.find(':')+1, iv_cipher.length() - iv_cipher.find(':') + 1), &cipher); rv = p11->C_Decrypt(hSession, (CK_BYTE_PTR) cipher.c_str(), cipher.length(), NULL, &plain_len); if (rv == CKR_OK) { plain = (CK_BYTE *)malloc(plain_len * sizeof(CK_BYTE)); rv = p11->C_Decrypt(hSession, (CK_BYTE_PTR) cipher.c_str(), cipher.length(), plain, &plain_len); } } if (rv != CKR_OK) { cout << "Decryption failed. Error code = " << rv << endl; return string(); } return string((char*)plain, plain_len); }
C#
public void decrypt() {
EncryptionAndDecryptionApi encryptionAndDecryptionApi = new EncryptionAndDecryptionApi();
DecryptRequest decReq = new DecryptRequest(Alg: ObjectType.AES, Mode: CryptMode.CBC, Cipher: cipher, Iv: encResp.Iv);
DecryptResponse decResp = encryptionAndDecryptionApi.Decrypt(key.Kid, decReq);
} Golang
func decrypt() { decryptionRequest := sdkms.DecryptRequest{ Alg: &sdkms.AES, Mode: &sdkms.CBC, Cipher: encryptionResponse.Cipher, Iv: encryptionResponse.Iv, } decryptionResponse, _, _ := client.EncryptionAndDecryptionApi.Decrypt(ctx, securityObjectResponse.Kid, decryptionRequest) }
Java
private static DecryptResponse decrypt() { DecryptRequest decryptRequest = new DecryptRequest() .alg(ObjectType.AES) .mode(CryptMode.CBC) .cipher(encryptResponse.getCipher()) .iv(encryptResponse.getIv()); EncryptionAndDecryptionApi encryptionAndDecryptionApi = new EncryptionAndDecryptionApi(apiClient) try { DecryptResponse decryptResponse = encryptionAndDecryptionApi.decrypt(kid, decryptRequest) return decryptResponse; } catch (Exception e) { System.out.println("Decryption failed: " + e); return null; } }
Python
def decrypt(): api_instance = sdkms.v1.EncryptionAndDecryptionApi(api_client=client) decryption_request = sdkms.v1.DecryptRequest( alg=ObjectType.AES, mode=CipherMode.CBC, cipher=encryption_response.cipher, iv=encryption_response.iv) try: decryption_response = api_instance.decrypt(kid, decryption_request) except ApiException as e: print 'Exception when calling EncryptionAndDecryptionApi->decrypt: %s\n' % e)
PHP
public function decrypt() {
$decryptionRequestBody = array('alg' => $objType::AES, 'mode' => $cryptMode::CBC, 'cipher' => $encRes['cipher'], 'iv' => $encRes['iv']);
$decryptionRequest = new Swagger\Client\Model\DecryptRequest($decryptionRequestBody);
$encryptionAndDecryptionApi = new Swagger\Client\Api\EncryptionAndDecryptionApi($client);
$decryptionResponse = $encryptionAndDecryptionApi->decrypt($securityObjectResponse["kid"], $decryptionRequest); }Javascript
var decryptCallback = function(error, data, response) {
if (error) {
console.error("Error: " + JSON.stringify(response));
} else {
console.log('Cipher decrypted successfully. result: ' + JSON.stringify(data));
}
};
var encryptionAndDecryptionApi = new FortanixSdkmsRestApi.EncryptionAndDecryptionApi()
var decryptRequest = FortanixSdkmsRestApi.DecrypttRequest.constructFromObject({"alg": "AES", "mode": "CBC", "cipher": "cipher"})
encryptionAndDecryptionApi.decrypt(data["kid"], decryptRequest, decryptCallback)