Create a PKI Crypto Profile (RSA and DSA)
In the SQL editor, create the crypto profile in the VT-NET database using StoreProcedure. This will create a new entry in the crypto_profile table.
PKI Crypto profile entries in the VT-NET database must contain the following parameters:
Parameter | Example value |
|---|---|
Crypto profile code |
|
Description |
|
Algorithm |
|
Key size |
TipThis is an informative field. |
Profile type |
|
Product code |
|
Profile encoding |
|
Key code |
TipThis code should match the CERTIFICATES table field CERT_CODE with a pkcs12 keystore for decryption, encryption or sign verification. |
Additional data |
TipThe openssl.padding can be "pkcs7", "pkcs5", "veritran" or "zeros". The openssl.iv should be the initial vector on hexadecimal notation. |
The following code snippet shows how to create a crypto profile entry in the database using the example values.
BEGIN
VTDB.INS_UPD_CRYPTO_PROFILES(' RSA_TEST_PROFILE_CODE ',' Unit Test OpenSSL - RSA ','RSA',’OPENSSL',2049,TO_CLOB('{"padding":"pkcs1"}'), 'MB','H',NULL,’RSAE’,'VERITRAN', NULL, 0);
END;
/Important
For PKI/RSA certificate entries, the public and private keys need to be packaged in a pkcs12 keystore. If the keystore has stored both the public key and the private key, the crypto profile can be used to encrypt (with public key), decrypt (with private key), sign (with private key) and verify (with public key). If only the private key is present, only decrypt and sign are allowed. Refer to OpenSSL Commands for more information.