KMFCryptoOperation - Scoped, Global
-
- UpdatedJan 30, 2025
- 9 minutes to read
- Yokohama
- API reference
The KMFCryptoOperation class provides methods for performing cryptographic operations using a Key Management Framework (KMF) cryptographic module or a Field Encryption encryption module.
To use this API, you must have already created and configured a KMF cryptographic module or a CLE encryption module. The module must have one or more cryptographic specifications and you must create or import its associated key. For details, see Cryptographic modules.
The KMFCryptoOperation object generated using this API represents a cryptographic operation, such as a Symmetric Encryption. Use the KMFCryptoOperations() method to create this object, the builder methods to set properties on the object, and the doOperation() method to execute the operation.
You can use this API in both scoped and global applications. You must always specify the
sn_kmf_ns
namespace when calling this API.
KMFCryptoOperation - KMFCryptoOperation(String cryptoModuleName, String operationName)
Creates a KMFCryptoOperation object for the specified module and operation.
This API leverages builder methods. Builder methods update properties on the KMFCryptoOperation object, such as changing the desired output format of the data. Not all builder methods are valid for all operations. The builder methods available for each operation are noted in the parameters table below.
Name | Type | Description |
---|---|---|
cryptoModuleName | String | Name of the Key Management Framework (KMF) cryptographic module or Field Encryption encryption module to use. You must create the module before calling this method. For details, see Cryptographic module overview. |
operationName | String | Name of the operation to perform. Valid values (not case-sensitive):
|
Example
This example instantiates a KMFCryptoOperation object for the module global.sj_cm to perform a Symmetric Encryption operation. You must include the namespace for both global and scoped applications.
Example
This example shows how to specify options to update the default output type and output format.
Example
This example shows how to perform an Asymmetric Encryption operation using an Integrated Encryption Scheme (EC-IES). Note that long values, such as signature, have been truncated and replaced with an ellipse for readability.
Example
This example shows how to perform an Asymmetric Decryption operation using EC-IES.
KMFCryptoOperation - doOperation(Object data)
Performs the cryptographic operation defined by the current KMFCryptoOperation object on the supplied data and returns the result.
Name | Type | Description |
---|---|---|
data | Object | Required except if the withSysId() builder method has previously been called on the associated KMFCryptoOperation object. Input data on which to perform the cryptographic operation. |
Type | Description |
---|---|
Depends on the operation type.
|
Data results after performing the operation specified in the associated KMFCryptoOperation object. |
Example
This example uses the doOperation() to create a MAC.
KMFCryptoOperation - withAdditionalInput(Object additionalInput)
Sets the additional input needed to perform the cryptographic operation.
For example, during a Message Authentication Code (MAC) verification, use this method to pass in the generated MAC tag. Similarly, during signature verification, use it to pass in the signature. You can also use this method to pass additional data, a KMFEncryptionPayload object, when performing an asymmetric operation with an integrated cipher, such as Elliptic Curve Integrated Encryption Scheme (EC-IES.)
Type | Description |
---|---|
None |
Example
This example uses withAdditionalInput() to add a string-based signature to the KMFCryptoOperation object.
Example
This example uses withAdditionalInput() to add a signature and ephemeral key to the KMFCryptoOperation object. Note that long values, such as those in the doOperation() call and payload description, have been truncated and replaced with an ellipse for readability.
KMFCryptoOperation - withAlgorithm(String algorithm)
Sets the algorithm associated with the key material to wrap.
Name | Type | Description |
---|---|---|
algorithm | String | Algorithm to use. Valid values:
|
Type | Description |
---|---|
None |
Example
This example uses withAlgorithm() to change the encryption algorithm used to EC.
KMFCryptoOperation - withInputFormat(String inputFormat)
Sets the data format for the input data on which the cryptographic operation will be performed. Uses the specified format when decoding the data.
Name | Type | Description |
---|---|---|
inputFormat | String | Format of the input data. Valid values:
Default: Value determined by the operation specified when the KMFCryptoOperation object was instantiated. For more information, see KMFCryptoOperation - KMFCryptoOperation(String cryptoModuleName, String operationName). |
Type | Description |
---|---|
None |
Example
This example uses withInputFormat() to change the input format to have no encoding.
Example
This example uses withInputFormat() to change the input format to KMF_GLIDE_ENCRYPTER_FORMATTED.
KMFCryptoOperation - withOutputFormat(String outputFormat)
Sets the data format of the output data that is returned by the cryptographic operation. Uses the specified format when encoding the data.
Name | Type | Description |
---|---|---|
outputFormat | String | Format of the output data. Valid values:
Default if this method is not called: Value determined by the operation specified when the KMFCryptoOperation object was instantiated. For more information, see KMFCryptoOperation - KMFCryptoOperation(String cryptoModuleName, String operationName). |
Type | Description |
---|---|
None |
Example
This example uses withOutputFormat() to set the output format of the decryption to KMFNone (default is KMFBase64.)
KMFCryptoOperation - withOutputType(String outputType)
Sets the data type for the output data returned after the cryptographic operation is performed.
Name | Type | Description |
---|---|---|
outputType | String | Type of output data. Not all output types are applicable to all operations. For an unsupported type, an exception is thrown. Valid values (not case-sensitive):
Note: When specifying an output of Payload, the output of
the doOperation() method is a KMFEncryptionPayload object.
For more information on the structure of this object, see withAdditionalInput(). Default: Value determined by the operation, specified when the KMFCryptoOperation object was instantiated. For more information, see KMFCryptoOperation - KMFCryptoOperation(String cryptoModuleName, String operationName). |
Type | Description |
---|---|
None |
Example
This example uses withOutputType() to set the output type for MAC_VERIFICATION to Boolean.
KMFCryptoOperation - withSysId(String sysId)
Sets the sys_id of the key to wrap on the KMFCryptoOperation object. Applicable to symmetric and asymmetric wrapping of keys.
Name | Type | Description |
---|---|---|
sysId | String | Sys_id of the key to wrap. Table: Module Key [sys_kmf_module_key] |
Type | Description |
---|---|
None |
Example
This example uses withSysId() to define the key to wrap.
On this page
- KMFCryptoOperation - KMFCryptoOperation(String cryptoModuleName, String operationName)
- KMFCryptoOperation - doOperation(Object data)
- KMFCryptoOperation - withAdditionalInput(Object additionalInput)
- KMFCryptoOperation - withAlgorithm(String algorithm)
- KMFCryptoOperation - withInputFormat(String inputFormat)
- KMFCryptoOperation - withOutputFormat(String outputFormat)
- KMFCryptoOperation - withOutputType(String outputType)
- KMFCryptoOperation - withSysId(String sysId)