The Key Templates sub-module is used to define the attributes of keys generated in HSM devices. Each HSM vendor requires its own set of attributes  to generate different types of keys. In this module we can define key templates with respect to different vendors and then link these templates to a specific crypto profile, hence while generating keys in that particular crypto profile, the relevant key template can be used to set the key attributes. 

The following screen shows some of the default key templates and their respective types:


A new template can be created by clicking the New button. The templates can be edited by selecting a template by clicking the Edit button.   

New Key Template

Clicking on the New button will display the following screen:  



The following is a description of the above key template attributes:  

Items

Description

Template Type

It contains a list of crypto source vendors supported by ADSS Server for which the required key template will be created. 

Template ID

An operator-defined unique Template ID for easier human recognition within the ADSS Operator Console. Once a Template ID is created, it cannot be changed. 

Template Description

This can be used to describe the Template in more detail. This is for information purposes only.

RSA Key Attributes

Defines the attributes of RSA keys generated in HSM. It contains the following attribute types:

Private Key Attributes

These attributes holds the RSA private object and define the set of attributes to be associated with RSA private key. The type of key attribute that can be configured for private key includes: Private, Extractable, Sign, Sensitive, Decrypt, Modifiable, Token and Unwrap

Public Key Attributes

These attributes holds the RSA public object and define the set of attributes to be associated with RSA public key. The type of key attribute that can be configured for public key includes: Private, Encrypt, Verify, Modifiable, Wrap and Token.

Extractable Key Attributes

These attributes are defined when key wrapping is enabled for static and dynamic KEK generation. The type of key attribute that can be configured for extractable key includes: Extractable, Sensitive, Wrap, Unwrap and Token.

The list of key attributes available on the console depends upon the crypto source profile selected in the Template Type drop-down.

ECDSA Key Attributes

Defines the attributes of ECDSA keys generated in HSM. It contains the following attribute types:

Private Key Attributes

These attributes hold the ECDSA private object and define the set of attributes to be associated with RSA private key. The type of key attribute that can be configured for ECDSA private key includes: Private, Extractable, Sign, Sensitive, Decrypt and Token.

Public Key Attributes

These attribute holds the ECDSA public object and define the set of attributes to be associated with RSA public key. The type of key attribute that can be configured for ECDSA public key includes: Private, Encrypt, Verify and Token.

Extractable Key Attributes

These attributes are used and defined when key wrapping is enabled for static and dynamic KEK generation. The type of key attribute that can be configured for extractable key includes: Extractable, Sensitive, Wrap, Unwrap and Token.

Extractable Key Attributes will not be available in case of Utimaco CryptoServer CP5 and Thales Luna K7 (EN 419221-5).

Secret Key Attributes

Defines the attributes of secret keys generated in HSM. It contains the following attribute types:

HMAC Key Attributes

It defines the attributes of HMAC key when generated in HSM. The type of key attribute that can be configured for HMAC key includes: Encrypt, Sign, Verify, Decrypt, Wrap, Unwrap, Token and Sensitive.

Key Encryption Key Attributes (KEK)

It defines the attributes of KEK when generated in HSM. The type of key attribute that can be configured for KEK includes: Private, Encrypt, Sign, Verify, Decrypt, Wrap, Unwrap, Token and Sensitive.


Search Key Template

Clicking on the Search button will display the following screen:

As mentioned in the screen above, a Key Template can be searched based upon Template Type and Template ID. The Template Type drop-down includes the default crypto source vendors like Utimaco, Thales Safenet, nCipher nShield, Utimaco CP5 CC EAL4+ EN419221-5, Thales Luna K7 (CC EAL4+ EN 419221-5), nCipher nShield Solo X (CC EAL4+ EN 419122-5) and other crypto source vendors. The operator can search the required Key Template based on desired configurations.

If "_" character is used in the search then it will act as wildcard.



See also 

Crypto Source

Service Keys
Certificate Groups
Certificate Templates
Certificate Purpose
CV Certificate Template
Auto Renew Certificates
Default DName
Alerts