000015871 - How to see what a client is allowed to do?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015871
Applies ToRSA Key Manager Client 2.7
IssueHow to see what a client is allowed to do?
How to verify an RKM client policy?
client.applicationpolicy is always 000102030405060708091011
Resolution

If you want to see what your client is allowed to do given its policy, open your application registration file and look at the client.applicationpolicy parameter. Split the entire value value into values of 2 characters, then refer to the values with the following table:

00 - Can Encrypt
01 - Can Decrypt
02 - Can do HMAC
03 - Can do HMAC Verify
04 - Can do GetKey
05 - Can do PutKey (Import key)
06 - Can Generate a key (Create key)
07 - Can change key state, create and change key attribute (update key)
08 - Can do certificate rollover
09 - Can get a certificate request
10 - Can sign
11 - Can verify

Example:

- if your application policy is 000104, your application can encrypt, can decrypt and can get a key.
- if your application policy is 000102030405060708091011, your application is allowed everything possible.

 

Legacy Article IDa52826

Attachments

    Outcomes