Fortanix DSM Client SDKs

Java

The Java SDK supports Java 8, 11, and 17.

Download

Click here to download the Unified JCE and Java SDK, and the Java SDK and JCE documentation.

Download using Maven

Click here to download the Unbundled JCE and Java SDK, and the Java SDK and JCE documentation.

Check this Java SDK guide for more details.

<dependency>
<groupId>com.fortanix</groupId>
<artifactId>sdkms-client</artifactId>
<version>4.35.2513</version>
</dependency>

Alternatively, add the following dependency to the build.gradle file:

compile "com.fortanix:sdkms-client:4.35.2513"

 

Supported Features

OPERATIONS ALGORITHM KEY SIZE, CURVE, OR MODE
Create or Import

Supported algorithms for importing a key:

  • AES, DES, DES3 as HEX
  • EC, RSA as PEM
  • Cert
  • Pfx
  • Secret

Supported key sizes or curves:

  • AES - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521, Gost256A, Ed25519, X25519, X448
  • DSA -
    • When key_size = 2048, the allowed values are 224 or 256 bits.
    • When key_size = 3072, the allowed value is 256 bits.
  • HMAC - between 112 and 8192 bits
  • BLS - Minimal public key size, minimal signature size
  • FPE - Custom, General, Identification Numbers (USA), Military Service Numbers

Encrypt or Decrypt,

Batch Encrypt or Batch Decrypt

  • AES
  • DES
  • DES3
  • RSA

Supported modes:

  • AES - CBC, CBC (no padding), CFB, CTR, GCM, GCM (no padding), CCM, OFB, KW, KWP, FPE
  • DES, DES3 - ECB, CBC, CBC (no padding)
  • RSA - OAEP_MGF1_SHA224, OAEP_MGF1_SHA384, OAEP_MGF1_SHA512, OAEP_MGF1_SHA1, OAEP_MGF1_SHA256, PKCS1_V15

Sign or Verify

Batch Sign or Batch Verify

  • EC, RSA

Supported modes:

  • RSA - PKCS#1 v1.5, OAEP, OAEPPADDING, PSS
    • With hash algorithms (sign/verify): SHA-1, RIPEMD-160, SHA-224, SHA-256, SHA-384, SHA-512, SSL3, Blake2b256,Blake2b384, Blake2b512, Blake2s256, SHA3_224, SHA3_256, SHA3_384, SHA3_512, Streebog256, Streebog512
Multipart Encrypt or Multipart Decrypt
  • AES

Supported modes:

CBC, CBCNOPAD, CTR, and GCM

Key Rotation or Revoke Key
  • AES, DES, DES3, RSA, EC, ARIA, DSA, SEED, KCDSA, EC-KCDSA, LMS

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
  • EC-KCDSA - NIST P-192, NIST P-224, NIST P-256, NIST P-384, NIST P-521, SecP192K1, SecP224K1, SecP256K1
  • LMS - SHA-256 M32 H5/H10/H15/H20/H25
  • SEED - 128 bits
Message Digest  

Supported hash algorithms:

SHA1, SHA256, SHA384, and SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512

Wrap Key
  • AES, DES, HMAC, RSA, EC, ARIA, SEED

Symmetric keys, HMAC keys, opaque objects, and secret objects may be wrapped with symmetric or asymmetric keys.

Asymmetric keys may be wrapped with symmetric keys. But wrapping an asymmetric key with another asymmetric key is not supported.

Derive Key
  • AES, DES, DES3, HMAC, ARIA, SEED

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 168 bits
  • HMAC - between 1024 and 8192 bits
  • SEED - 128 bits
Agree Key
  • AES, EC

Supported key sizes or curves:

  • AES - 128,192, or 256 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
Export Key
  • AES, DES, DES3, RSA, EC, ARIA, DSA, SEED, KCDSA, EC-KCDSA, LMS, HMAC

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • HMAC - between 1024 and 8192 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
  • EC-KCDSA - NIST P-192, NIST P-224, NIST P-256, NIST P-384, NIST P-521, SecP192K1, SecP224K1, SecP256K1
  • LMS - SHA-256 M32 H5/H10/H15/H20/H25
  • SEED - 128 bits
  • HMAC - between 1024 and 8192 bits
Approval Requests All the crypto algorithms

 

Export or Import Key components
  • AES

Supported key size:

  • AES  -
    • Key Size - 128,192, or 256 bits
    • Mode - CBC, OFB, CFB, CTR

Batch Mac or Mac verify,

Mac Generate or Mac Verify

 

Digest algorithms:

  • SHA-1, RIPEMD-160, SHA-224, SHA-256, SHA-384, SHA-512, SSL3, Blake2b256,Blake2b384, Blake2b512, Blake2s256, SHA3_224, SHA3_256, SHA3_384, SHA3_512, Streebog256, Streebog512
Tokenization AES

Custom, General, Identification Numbers (USA), Military Service Numbers

HMG  

Supported kinds of HMGs:

AWSKMS, AWSCLOUDHSM, AZUREKEYVAULT, NCIPHER, SAFENET, FORTANIXFIPSCLUSTER, FORTANIX

Python

The Python SDK supports both Python 2 and 3.

NOTE 
For Python version 3.9 and above, you must use Cryptography library version 37.0.0.

Download

PIP

Alternatively, install via PIP

pip install sdkms

Supported Features

OPERATIONS ALGORITHM KEY SIZE, CURVE, OR MODE
Create or Import

Supported algorithms for importing a key:

  • AES, DES, DES3 as HEX
  • EC, RSA as PEM
  • Cert
  • Pfx
  • Secret

Supported key sizes or curves:

  • AES - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521, Gost256A, Ed25519, X25519, X448
  • DSA -
    • When key_size = 2048, the allowed values are 224 or 256 bits.
    • When key_size = 3072, the allowed value is 256 bits.
  • HMAC - between 112 and 8192 bits
  • BLS - Minimal public key size, minimal signature size
  • FPE - Custom, General, Identification Numbers (USA), Military Service Numbers

Encrypt or Decrypt,

Batch Encrypt or Batch Decrypt

  • AES
  • DES
  • DES3
  • RSA

Supported modes:

  • AES - CBC, CBC (no padding), CFB, CTR, GCM, GCM (no padding), CCM, OFB, KW, KWP, FPE
  • DES, DES3 - ECB, CBC, CBC (no padding)
  • RSA - OAEP_MGF1_SHA224, OAEP_MGF1_SHA384, OAEP_MGF1_SHA512, OAEP_MGF1_SHA1, OAEP_MGF1_SHA256, PKCS1_V15

Sign or Verify

Batch Sign or Batch Verify

  • EC, RSA

Supported modes:

  • RSA - PKCS#1 v1.5, OAEP, OAEPPADDING, PSS
    • With hash algorithms (sign/verify): SHA-1, RIPEMD-160, SHA-224, SHA-256, SHA-384, SHA-512, SSL3, Blake2b256,Blake2b384, Blake2b512, Blake2s256, SHA3_224, SHA3_256, SHA3_384, SHA3_512, Streebog256, Streebog512
Multipart Encrypt or Multipart Decrypt
  • AES

Supported modes:

CBC, CBCNOPAD, CTR, and GCM

Key Rotation or Revoke Key
  • AES, DES, DES3, RSA, EC, ARIA, DSA, SEED, KCDSA, EC-KCDSA, LMS

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
  • EC-KCDSA - NIST P-192, NIST P-224, NIST P-256, NIST P-384, NIST P-521, SecP192K1, SecP224K1, SecP256K1
  • LMS - SHA-256 M32 H5/H10/H15/H20/H25
  • SEED - 128 bits
Message Digest  

Supported hash algorithms:

SHA1, SHA256, SHA384, and SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512

Wrap Key
  • AES, DES, HMAC, RSA, EC, ARIA, SEED

Symmetric keys, HMAC keys, opaque objects, and secret objects may be wrapped with symmetric or asymmetric keys.

Asymmetric keys may be wrapped with symmetric keys. But wrapping an asymmetric key with another asymmetric key is not supported.

Derive Key
  • AES, DES, DES3, HMAC, ARIA, SEED

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 168 bits
  • HMAC - between 1024 and 8192 bits
  • SEED - 128 bits
Agree Key
  • AES, EC

Supported key sizes or curves:

  • AES - 128,192, or 256 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
Export Key
  • AES, DES, DES3, RSA, EC, ARIA, DSA, SEED, KCDSA, EC-KCDSA, LMS, HMAC

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • HMAC - between 1024 and 8192 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
  • EC-KCDSA - NIST P-192, NIST P-224, NIST P-256, NIST P-384, NIST P-521, SecP192K1, SecP224K1, SecP256K1
  • LMS - SHA-256 M32 H5/H10/H15/H20/H25
  • SEED - 128 bits
  • HMAC - between 1024 and 8192 bits
Approval Requests All the crypto algorithms

 

Export or Import Key components
  • AES

Supported key size:

  • AES  -
    • Key Size - 128,192, or 256 bits
    • Mode - CBC, OFB, CFB, CTR

Batch Mac or Mac verify,

Mac Generate or Mac Verify

 

Digest algorithms:

  • SHA-1, RIPEMD-160, SHA-224, SHA-256, SHA-384, SHA-512, SSL3, Blake2b256,Blake2b384, Blake2b512, Blake2s256, SHA3_224, SHA3_256, SHA3_384, SHA3_512, Streebog256,Streebog512
Tokenization AES

Custom, General, Identification Numbers (USA), Military Service Numbers

HMG  

Supported kinds of HMGs:

AWSKMS, AWSCLOUDHSM, AZUREKEYVAULT, NCIPHER, SAFENET, FORTANIXFIPSCLUSTER, FORTANIX

Go

The Go SDK supports Go 1.18 and above.

New SDK

Supported Operating Systems (OS)

For details on the GO client OS compatibility matrix, refer to the Clients: Compatibility Matrix.

Supported Features

OPERATIONS ALGORITHM KEY SIZE, CURVE, OR MODE
Create or Import

Supported algorithms for importing a key:

  • AES, DES, DES3 as HEX
  • EC, RSA as PEM
  • Cert
  • Secret

Supported key sizes or curves:

  • AES - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521 , Gost256A, Ed25519, X25519, X448
  • HMAC - between 112 and 8192 bits

Encrypt or Decrypt

  • AES
  • DES
  • DES3
  • RSA

Supported modes:

  • AES - CBC, CBC (no padding), CFB, CTR, GCM, CCM, OFB, KW, KWP
  • DES, DES3 - ECB, CBC, CBC (no padding)
  • RSA - OAEP_MGF1_SHA224, OAEP_MGF1_SHA384, OAEP_MGF1_SHA512, OAEP_MGF1_SHA1, OAEP_MGF1_SHA256, PKCS1_V15

Sign or Verify

Batch Sign or Batch Verify

  • RSA

Supported modes:

  • RSA - PKCS#1 v1.5, OAEP, OAEPPADDING, PSS
    • With hash algorithms (sign/verify): SHA-1, RIPEMD-160, SHA-224, SHA-256, SHA-384, SHA-512, SSL3, Blake2b256,Blake2b384, Blake2b512, Blake2s256, SHA3_224, SHA3_256, SHA3_384, SHA3_512, Streebog256,Streebog512
Multipart Encrypt or Multipart Decrypt
  • AES

Supported modes:

CBC, CBCNOPAD, CTR, and GCM

Key Rotation or Revoke Key
  • AES, DES, DES3, RSA, EC, ARIA, SEED

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
  • SEED - 128 bits
Message Digest  

Supported hash algorithms:

SHA1, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512

Wrap Key
  • AES, DES, HMAC, RSA, EC, ARIA, SEED

Symmetric keys, HMAC keys, opaque objects, and secret objects may be wrapped with symmetric or asymmetric keys.

Asymmetric keys may be wrapped with symmetric keys. But wrapping an asymmetric key with another asymmetric key is not supported.

Derive Key
  • AES, DES, DES3, HMAC, ARIA, SEED, Secret

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 168 bits
  • HMAC - between 1024 and 8192 bits
  • SEED - 128 bits
  • Deriving AES and ARIA key -128, 192, and 256 bits size from Secret key with HKDF mechanism using DigestAlgorithmSha1, DigestAlgorithmSha224, DigestAlgorithmSha256, DigestAlgorithmSha384, DigestAlgorithmSha512
  • Deriving SEED key 128 bits size from Secret key with HKDF mechanism using DigestAlgorithmSha1, DigestAlgorithmSha224, DigestAlgorithmSha256, DigestAlgorithmSha384, DigestAlgorithmSha512
  • Deriving HMAC key from Secret key with HKDF mechanism using DigestAlgorithmSha1, DigestAlgorithmSha224, DigestAlgorithmSha256, DigestAlgorithmSha384, DigestAlgorithmSha512

For more details, refer to Example Code: Deriving Security Object

Agree Key
  • AES, EC

Supported key sizes or curves:

  • AES - 128,192, or 256 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
Export Key
  • AES, DES, DES3, RSA, EC, ARIA, SEED, HMAC

Supported key sizes or curves:

  • AES and ARIA - 128,192, or 256 bits
  • DES - 56 bits
  • DES3 - 112 or 168 bits
  • HMAC - between 1024 and 8192 bits
  • RSA - between 1024 and 8192 bits
  • EC - SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384, NistP521
  • SEED - 128 bits
  • HMAC - between 1024 and 8192 bits
Approval Requests All the crypto algorithms

 

Batch Mac or Mac verify,

Mac Generate or Mac Verify

 

Digest algorithms:

  • SHA-1, RIPEMD-160, SHA-224, SHA-256, SHA-384, SHA-512, SSL3, Blake2b256,Blake2b384, Blake2b512, Blake2s256, SHA3_224, SHA3_256, SHA3_384, SHA3_512, Streebog256,Streebog512

Old SDK

The go SDK supports go 1.9 and above.

C# .Net

The C# SDK supports .Net 2.1 and above.

Download

Javascript/Node.js

Javascript/Node.js

Download

PHP SDK

PHP SDK

Download

  •  PHP SDK

    SHA256 sum:
    47504c35d216238928a512f798623cbe3b6f3cbd92798f404531b7ec715c1349

Comments

Article is closed for comments.

Was this article helpful?
0 out of 1 found this helpful