- Newest
- Most votes
- Most comments
From the query, I understand that you would like to use the key handle to refer the keys in your JAVA application using Client SDK 5, which was possible using the Client SDK 3. Hence, you would like to understand if this is supported on Client SDK 5, and if supported then how to achieve the same.
Proceeding ahead, I would like to highlight that with Client SDK 5 the key handle changes all the time when compared to Client SDK 3 which stay consistent through the lifetime of the key. When migrating from SDK 3 to SDK 5 the below consideration needs to be followed in order to reference the key using the key handle.
Use the same key handles across different runs of an application: To successfully use key handles in Client SDK 5, you must obtain key handles each time you run an application. If you have existing applications that expect to use the same key handles across different runs, you must modify your code to obtain the key handle each time you run the application. This change is in compliance with the PKCS #11 2.40 specification.[1]
To explain it further, key handles are fixed with SDK 3, but they vary every session with SDK 5. The right way using SDK 5 is to search for the required key using some attribute such as key label or key ID. This will return one or more objects to the Java application, then you can use one of the key objects for your cryptographic operations. Additionally, in case you have several keys with the same label, then you will have to use the key ID instead (you can set the key ID when generating keys). Otherwise, you will have to generate new keys with unique labels. Providing few reference links below which may be useful to you.
References:
[1] Migrating from Client SDK 3 to Client SDK 5:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/migrate-sdk.html
[2] Code samples for the AWS CloudHSM software library for Java for Client SDK 5:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/java-samples_5.html
[3] Supported Java attributes for Client SDK 5:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/java-lib-attributes_5.html
[4] aws-cloudhsm-jce-examples:
Relevant content
- asked 7 months ago
- asked 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago