Viewing External CipherTrust Manager Keys
Use the get /v1/cckm/external-cm/keys API to view the list of external CipherTrust Manager keys.
Syntax
curl -k '<IP>/api/v1/cckm/external-cm/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | ID of the resource. |
| domain_id | string | ID of the external CipherTrust Manager domain where the key resides. |
| key_id | string | ID of the key. |
| key_name | string | Name of the key. |
| algorithm | string | Algorithm of the key. The algorithm can be: • aes (default) • rsa • ec • hmac-sha1 • hmac-sha256 • hmac-sha384 • hmac-sha512 |
| key_state | string | State of the external CipherTrust Manager key. |
| key_usage_mask | string | Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), Content Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow the usages. To set all usage mask bits, use 4194303. Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks). |
| key_size | integer | Size of the key. |
| version | string | Version of the external CipherTrust Manager key. |
| unexportable | boolean | Whether the key is exportable or not. |
| undeletable | boolean | Whether the key is deletable or not. |
| format | string | Format of the Key. |
| object_type | string | This specifies the type of object that is being created. Valid values are Symmetric Key, Public Key, Private Key, Secret Data, Opaque Object, or Certificate. The object type is inferred for many objects, but must be supplied for the certificate object. |
| curve_id | string | Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values: • secp224k1 • secp224r1 • secp256k1 • secp384r1 • secp521r1 • prime256v1 • brainpoolP224r1 • brainpoolP224t1 • brainpoolP256r1 • brainpoolP256t1 • brainpoolP384r1 • brainpoolP384t1 • brainpoolP512r1 • brainpoolP512t1 |
| gone | boolean | Whether the key version exists in the cloud. |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/external-cm/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImU5ZDA4Mzc3LWUxNGEtNGY1Mi04MGJlLWU2ODQyNzcyNmViZSIsImlhdCI6MTYxNDc0OTg4OSwiZXhwIjoxNjE0NzUwMTg5fQ.P4njjTNAGdkIw4ZNz7ijS9Dwrow2DE-vG8bn0dKIr04' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 2,
"resources": [
{
"id": "b9bf1635-c8b5-4b3e-929d-bffcca3b6fc2",
"uri": "kylo:kylo:cckm:external-cm-key:key2-b9bf1635-c8b5-4b3e-929d-bffcca3b6fc2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-01-19T11:07:45.258033Z",
"updatedAt": "2023-01-19T11:07:45.256613Z",
"domain_id": "ae5e15dd-70c5-4653-a710-d92a45331232",
"gone": false,
"cm_key_params": {
"key_name": "key2",
"key_usage_mask": 15,
"meta": {
"ownerId": "local|993337a5-c915-404b-98aa-e377942f28ac"
},
"object_type": "Symmetric Key",
"version": 0,
"algorithm": "AES",
"key_size": 192,
"unexportable": false,
"undeletable": false,
"never_exported": true,
"never_exportable": false,
"format": "raw",
"key_id": "68bff1f2bed348df84c8e5af31a4bc6c41b76f7966ce4895917f30dffa47f0d4",
"key_state": "Active"
}
},
{
"id": "996d4687-8465-4dc6-8703-190409db5fbe",
"uri": "kylo:kylo:cckm:external-cm-key:key1-996d4687-8465-4dc6-8703-190409db5fbe",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-01-19T11:05:36.870414Z",
"updatedAt": "2023-01-19T11:05:36.863847Z",
"domain_id": "ae5e15dd-70c5-4653-a710-d92a45331232",
"gone": false,
"cm_key_params": {
"key_name": "key1",
"key_usage_mask": 15,
"meta": {
"ownerId": "local|993337a5-c915-404b-98aa-e377942f28ac"
},
"object_type": "Symmetric Key",
"version": 0,
"algorithm": "AES",
"key_size": 192,
"unexportable": false,
"undeletable": false,
"never_exported": true,
"never_exportable": false,
"format": "raw",
"key_id": "f39ca7243d3a4ca1966ab2da3ebf9ccda99789a997ff4d96b01c06e863ba6d51",
"key_state": "Active"
}
}
]
}
The output shows the list of external CipherTrust Manager keys available on the CipherTrust Manager.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
