Creating an External CipherTrust Manager Key
Use the post /v1/cckm/external-cm/keys
API to create a new key on external CipherTrust Manager.
Syntax
curl -k '<IP>/api/v1/cckm/external-cm/keys' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
domainId | string | ID of the external CipherTrust Manager domain. |
algorithm | string | Algorithm of the key. The algorithm can be: • aes (default) • rsa • ec • hmac-sha1 • hmac-sha256 • hmac-sha384 • hmac-sha512 |
curveid | string | Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values: • secp224k1 • secp224r1 • secp256k1 • secp384r1 • secp521r1 • prime256v1 • brainpoolP224r1 • brainpoolP224t1 • brainpoolP256r1 • brainpoolP256t1 • brainpoolP384r1 • brainpoolP384t1 • brainpoolP512r1 • brainpoolP512t1 |
name | string | Name of the key. |
objectType | string | This specifies the type of object that is being created. Valid values are Symmetric Key , Public Key , Private Key , Secret Data , Opaque Object , or Certificate . The object type is inferred for many objects, but must be supplied for the certificate object. |
size | integer | Size of the key. |
undeletable | boolean | Whether the key is deletable or not. |
usageMask | integer | Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), Content Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow the usages. To set all usage mask bits, use 4194303. Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks). |
Example Request
curl -k 'https://10.171.15.223/api/v1/cckm/external-cm/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNGU3MDM0MC1lNWE4LTQ5NjYtYTczYS0xYzY4NGMzMzA2YTMiLCJzdWIiOiJsb2NhbHwxNDc1MmJiOS02MTQ5LTRmZDctODM1Mi04NmVhOTE2ZTYxMTQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsby85NzU5MmRkYi0xNDQ0LTRhZGEtYmFhZC0xMDUwNTc2NTI5ODUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImN1c3QiOnsiY2xpZW50X3R5cGUiOiJ1bnJlZ2lzdGVyZWQiLCJkb21haW5faWQiOiI5NzU5MmRkYi0xNDQ0LTRhZGEtYmFhZC0xMDUwNTc2NTI5ODUiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYzgwN2ZjNTItMTI4OC00YzY5LTlkN2UtMDQ1MjM3ZDFjZWY2Iiwiem9uZV9pZCI6IjQ5N2RlYzI2LTA0M2YtNDhmZi05ZmZhLTAyNTFkODk0NWEwOCJ9LCJqd3RpZCI6IjJiZGJlZjk3LTFjNWMtNDk3ZC05MDY1LTk3ZTc3MzU3OTkxNiIsImlhdCI6MTY4MzAyMDkyNywiZXhwIjoxNjgzMDIxMjI3fQ.lFFqbvjIK3vjCuyxkI_pTZun_6btvNtckn_SY4Bj3PY' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "domainId": "fb745b2a-9bd3-4b05-a0ee-bc4692dcf9d3",\n "name": "test-key",\n "algorithm": "aes",\n "size": 256,\n "undeletable": true,\n "usageMask": 12\n}' --compressed
Example Response
{
"application/json": {
"id": "7d9bee41-75d4-417d-a26b-7787c6a1f594",
"uri": "kylo:kylo:cckm:external-cm-key:key-71032f4c-951a-4eec-a075-1130a49bdf90-7d9bee41-75d4-417d-a26b-7787c6a1f594",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-01-20T11:42:18.066072Z",
"updatedAt": "2023-01-20T11:42:18.06514Z",
"domain_id": "ae5e15dd-70c5-4653-a710-d92a45331232",
"gone": false,
"cm_key_params": {
"key_name": "key-71032f4c-951a-4eec-a075-1130a49bdf90",
"key_usage_mask": 12,
"meta": {
"ownerId": "local|993337a5-c915-404b-98aa-e377942f28ac"
},
"object_type": "Symmetric Key",
"version": 0,
"algorithm": "AES",
"key_size": 256,
"unexportable": false,
"undeletable": false,
"never_exported": true,
"never_exportable": false,
"format": "raw",
"key_id": "2f2191b0a4c043de9bbecd7153722ee1bf79bdceb26342ab8411bd09a6b65bf9",
"key_state": "Active"
}
}
}
A new key named test-key
is created on the external CipherTrust Manager.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.