Objects can be organized so that they can not be addressed by independent applications running on the same device. This is achieved by specifying the Object’s Domains.
A Domain is a logical partition and can be conceptually mapped to a container. In a YubiHSM 2 there are 16
independent Domains and an Object can belong to one or more. The role that Domains play when trying to access an Object is explained in the Effective Capabilities page. A user has to have access to at least one of the Object’s Domains in order to use it.
Domains are encoded as 16-bit values, where each Domain is represented by a bit
Domain Number | Hex Mask |
---|---|
1 |
0x0001 |
2 |
0x0002 |
3 |
0x0004 |
4 |
0x0008 |
5 |
0x0010 |
6 |
0x0020 |
7 |
0x0040 |
8 |
0x0080 |
9 |
0x0100 |
10 |
0x0200 |
11 |
0x0400 |
12 |
0x0800 |
13 |
0x1000 |
14 |
0x2000 |
15 |
0x4000 |
16 |
0x8000 |