Skip to main content

Veritran Docs

Create a PKI Crypto Profile (RSA and DSA)

In the SQL editor, create the crypto profile in the VT-NET database using StoreProcedure. This will create a new entry in the crypto_profile table.

PKI Crypto profile entries in the VT-NET database must contain the following parameters:

Parameter

Example value

Crypto profile code

RSA_TEST_PROFILE_CODE

Description

Unit Test OpenSSL - RSA

Algorithm

RSA

Key size

4096

Tip

This is an informative field.

Profile type

OPENSSL

Product code

P1

Profile encoding

VTFET_HEXA_STR

Key code

RSA_TEST_CERT_CODE

Tip

This code should match the CERTIFICATES table field CERT_CODE with a pkcs12 keystore for decryption, encryption or sign verification.

Additional data

{\"padding\":\"pkcs1\"}

Tip

The openssl.padding can be "pkcs7", "pkcs5", "veritran" or "zeros". The openssl.iv should be the initial vector on hexadecimal notation.

The following code snippet shows how to create a crypto profile entry in the database using the example values.

BEGIN  
 
        VTDB.INS_UPD_CRYPTO_PROFILES(' RSA_TEST_PROFILE_CODE ',' Unit Test OpenSSL - RSA ','RSA',’OPENSSL',2049,TO_CLOB('{"padding":"pkcs1"}'), 'MB','H',NULL,’RSAE’,'VERITRAN', NULL, 0);  
 
    END;  
 
    /

Important

For PKI/RSA certificate entries, the public and private keys need to be packaged in a pkcs12 keystore. If the keystore has stored both the public key and the private key, the crypto profile can be used to encrypt (with public key), decrypt (with private key), sign (with private key) and verify (with public key). If only the private key is present, only decrypt and sign are allowed. Refer to OpenSSL Commands for more information.