Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

External CipherTrust Manager Key APIs

Creating an External CipherTrust Manager Key

search

Please Note:

Creating an External CipherTrust Manager Key

Use the post /v1/cckm/external-cm/keys API to create a new key on external CipherTrust Manager.

Syntax

curl -k '<IP>/api/v1/cckm/external-cm/keys' -H 'Authorization: Bearer AUTHTOKEN' --compressed

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
domainIdstringID of the external CipherTrust Manager domain.
algorithmstringAlgorithm of the key. The algorithm can be:
• aes (default)
• rsa
• ec
• hmac-sha1
• hmac-sha256
• hmac-sha384
• hmac-sha512
curveidstringCryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values:
• secp224k1
• secp224r1
• secp256k1
• secp384r1
• secp521r1
• prime256v1
• brainpoolP224r1
• brainpoolP224t1
• brainpoolP256r1
• brainpoolP256t1
• brainpoolP384r1
• brainpoolP384t1
• brainpoolP512r1
• brainpoolP512t1
namestringName of the key.
objectTypestringThis specifies the type of object that is being created. Valid values are Symmetric Key, Public Key, Private Key, Secret Data, Opaque Object, or Certificate. The object type is inferred for many objects, but must be supplied for the certificate object.
sizeintegerSize of the key.
undeletablebooleanWhether the key is deletable or not.
usageMaskintegerCryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), Content Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow the usages. To set all usage mask bits, use 4194303. Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).

Example Request

curl -k 'https://10.171.15.223/api/v1/cckm/external-cm/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNGU3MDM0MC1lNWE4LTQ5NjYtYTczYS0xYzY4NGMzMzA2YTMiLCJzdWIiOiJsb2NhbHwxNDc1MmJiOS02MTQ5LTRmZDctODM1Mi04NmVhOTE2ZTYxMTQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsby85NzU5MmRkYi0xNDQ0LTRhZGEtYmFhZC0xMDUwNTc2NTI5ODUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImN1c3QiOnsiY2xpZW50X3R5cGUiOiJ1bnJlZ2lzdGVyZWQiLCJkb21haW5faWQiOiI5NzU5MmRkYi0xNDQ0LTRhZGEtYmFhZC0xMDUwNTc2NTI5ODUiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYzgwN2ZjNTItMTI4OC00YzY5LTlkN2UtMDQ1MjM3ZDFjZWY2Iiwiem9uZV9pZCI6IjQ5N2RlYzI2LTA0M2YtNDhmZi05ZmZhLTAyNTFkODk0NWEwOCJ9LCJqd3RpZCI6IjJiZGJlZjk3LTFjNWMtNDk3ZC05MDY1LTk3ZTc3MzU3OTkxNiIsImlhdCI6MTY4MzAyMDkyNywiZXhwIjoxNjgzMDIxMjI3fQ.lFFqbvjIK3vjCuyxkI_pTZun_6btvNtckn_SY4Bj3PY' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "domainId": "fb745b2a-9bd3-4b05-a0ee-bc4692dcf9d3",\n "name": "test-key",\n "algorithm": "aes",\n "size": 256,\n "undeletable": true,\n "usageMask": 12\n}' --compressed

Example Response

{
    "application/json": {
        "id": "7d9bee41-75d4-417d-a26b-7787c6a1f594",
        "uri": "kylo:kylo:cckm:external-cm-key:key-71032f4c-951a-4eec-a075-1130a49bdf90-7d9bee41-75d4-417d-a26b-7787c6a1f594",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2023-01-20T11:42:18.066072Z",
        "updatedAt": "2023-01-20T11:42:18.06514Z",
        "domain_id": "ae5e15dd-70c5-4653-a710-d92a45331232",
        "gone": false,
        "cm_key_params": {
            "key_name": "key-71032f4c-951a-4eec-a075-1130a49bdf90",
            "key_usage_mask": 12,
            "meta": {
                "ownerId": "local|993337a5-c915-404b-98aa-e377942f28ac"
            },
            "object_type": "Symmetric Key",
            "version": 0,
            "algorithm": "AES",
            "key_size": 256,
            "unexportable": false,
            "undeletable": false,
            "never_exported": true,
            "never_exportable": false,
            "format": "raw",
            "key_id": "2f2191b0a4c043de9bbecd7153722ee1bf79bdceb26342ab8411bd09a6b65bf9",
            "key_state": "Active"
        }
    }
}

A new key named test-key is created on the external CipherTrust Manager.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page