nCipher Using KeySafe generated AES Key in java

Question

We have a AES Key generated from KeySafe Utility provided by nCipher. How can we use this Key to encrypt data? Can we Create a KeyStore from the KeySafe generated Key?

I have found sample by creating blank keystore and creating new key from java code and saving in the keystore, But could not find anything on the KeySafe. Generating new Key from the java code is not feasible for us.

Answer 1

nCipher keys have an app type that identifies which one of the supported APIs they were generated for. Keys for the JCE provider have app type jcecsp. KeySafe can't generate jcecsp keys, so you probably have one of type simple or pkcs11 or something. You have several options:

• If you have a pkcs11 key, you can use the SunPKCS11 Provider that comes with your JDK to access PKCS#11 slots as a KeyStore. Google for this provider and contact Thales Support for some hints on configuration language.
• If your key is not pkcs11 and you want to go the above route, you can retarget your key to pkcs11. I actually don't know if KeySafe can do this but the command-line utility generatekey can.
• You can use the Pure Java nCore and NFKM APIs to access your key directly regardless of app type. If you have the CipherTools SDK you'll find ample sample code.
• Once loaded by the native API, you can convert the loaded key Object to an JCE Key Object which you can store in an nCipher.sworld KeyStore. There is an Interop example in the CipherTools sample code that hints at how you might do this.
• If the actual key is not of value to you (meaning you're willing to generate another one to get started) use Java's KeyTool to generate your key directly in the context of an nCipher.sworld KeyStore through the nCipherKM Provider. The product manual shows how to correctly invoke KeyTool. You don't even need the SDK for this.

Contact Thales Support if you run into any issues.