Domain

Objects can be organized so that they can not be addressed by independent applications running on the same device. This is achieved by specifying the Object’s Domains.

A Domain is a logical partition and can be conceptually mapped to a container. In a YubiHSM 2 there are 16 independent Domains and an Object can belong to one or more. The role that Domains play when trying to access an Object is explained in the Effective Capabilities page. For now suffice it to say that a user has to have access to at least one of the Object’s Domains in order to use it.

Protocol Details

Domains are encoded as 16-bit values, where each one is represented by a bit

Domain Number Hex Mask

1

0x0001

2

0x0002

3

0x0004

4

0x0008

5

0x0010

6

0x0020

7

0x0040

8

0x0080

9

0x0100

10

0x0200

11

0x0400

12

0x0800

13

0x1000

14

0x2000

15

0x4000

16

0x8000