Encrypting Data Encryption Keys (wrap)
The POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/wrap API is called to encrypt the Data Encryption Key (wrap DEK). This API returns an opaque binary object (wrapped DEK) that is stored by Google Workspace with the encrypted object and sent as is in any subsequent key unwrapping operations.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/wrap' -H 'Content-Type: application/json' --data-binary $'{\n "key": "<DEK>",\n "authorization": "<authorization jwt>",\n "authentication": "<authentication jwt>",\n "reason": ""\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
| key | string | Base64 encoded DEK. |
| authorization | string | A JWT asserting that the user is allowed to wrap DEK. |
| authentication | string | A JWT issued by a third-party asserting who the user is. |
| reason | string | Additional information about the operation. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200/wrap' -H 'Content-Type: application/json' --data-binary $'
{
"key": "GiCi4cC3BGkxcFQWy4BiU4UbZ9c1GYwIU8ZHN2kRd1vhpg==",
"authorization": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjNjYjkzNDNiNDMxOGE5ODgyYmVmMzU4ZmQzNzlmYTIzMWMyZGY1N2EiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJnc3VpdGVjc2UtdG9rZW5pc3N1ZXItZHJpdmVAc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJhdWQiOiJjc2UtYXV0aG9yaXphdGlvbiIsImVtYWlsIjoiZGFuaXNoLWRlby5qb2hhcmlAdGhhbGVzZ3N1aXRlaW50ZWdyYXRpb24ubmV0IiwicmVzb3VyY2VfbmFtZSI6Ii8vZ29vZ2xlYXBpcy5jb20vZHJpdmUvZmlsZXMvMWpyR01qdXFhX1hZOVl1ODZqd1NVc0Z0U1dMYVNfYVRqIiwicm9sZSI6IndyaXRlciIsImthY2xzX3VybCI6Imh0dHBzOi8vZGFuaXNoLWd3LnRoYWxlc2dzdWl0ZWludGVncmF0aW9uLm5ldC9hcGkvdjEvY2NrbS9Hb29nbGVXb3Jrc3BhY2VDU0UvZW5kcG9pbnRzLzRkMTNmMjcwLTZhZmUtNDM1OC04NWZlLWY2MGUyOTA4OWI4MCIsInBlcmltZXRlcl9pZCI6IiIsImlhdCI6MTYxNjA1OTUyOCwiZXhwIjoxNjE2MDYzMTI4fQ.iyhF3naaEavjIkAL35UfA2f8IGMkwkeXWfhObkqozshPF0OobF5gD193FsXEKZs7CKJS-rIBttw466_7BugK_gyUl7jX6_z5NQ4454RjLIGf31hZvOH-eqWDIsW5Vcl9clwabpJqoVONX0mUv7bKxrToSvLWdfvTWvyEbWewQoJEjwIaGOr6a_7LVE7i7ldpTH1pTYRC40EYgc-U9_Bf_IylpK-EgDMqjFqXz7yJKFe4VflVtal5_a_ymwIgtASCLxQeXINfbNe9bzwV5A54kJXhAyQFysiraWQ8q3QWYbdwEsPuQWGHySH9meCwPrk0elbj9slCBGJkVs9efWSWVw",
"authentication": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkhlVENRLW56eGJDM2x5ZFkxc0ZiMiJ9.eyJlbWFpbCI6ImRhbmlzaC1kZW8uam9oYXJpQHRoYWxlc2dzdWl0ZWludGVncmF0aW9uLm5ldCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc3MiOiJodHRwczovL2Rldi1haHpjZTUwbC5hdXRoMC5jb20vIiwic3ViIjoiZ29vZ2xlLW9hdXRoMnwxMTgwOTA4NTU4MjE5ODYyODI3MzUiLCJhdWQiOiIxZU90Z001VmhXNktUWXB5M1Q0UGtpd2tMU1M1WXFjdSIsImlhdCI6MTYxNjA1OTU0MywiZXhwIjoxNjE2MDk1NTQzLCJub25jZSI6IjdVYmpwVk9Dd3Zha1Y3dVllckRvdHc6aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tIn0.6l3gOSJWKAH0FRTLYplZ4Hk84_hN8Wf_yIj0W-Hr0LNeLUlJO3qb8ZsYtYwpirU_XHsAXSpu625FeGmTYLTsHuGk2IVivwvIoXti5YElEoKu7U74C8AZsYktLQwmITQqhlvhthk_RBNNd92A5Pzfa-uB5XTKiEWZaywnl-cBgXu-DIsy24cVOudyJLLoO9z57NVjWImsYBSF4hNLjj0t3YzK93heed_j6ogIOTl7Fx0gYa8_3JwJMS7eSgaG5MPIgQgWVQerROpY47cM3QakNUpX40yrEIJOrmcO5rFXX2NU8Bj-BGzKEHtMfka5DLofAVp4rvikL3szPAp91rUNBA",
"reason": ""
}' --compressed
Example Response
{
"wrapped_key": "eyJ3cmFwcGVkX2tleSI6IjFseTQrSXl3TkJjNGZEL0VXdTQ0QlQ2MHA2dWdVbjR6d2dyMi9GdEJhb3dSZ0hhZks0SlhDME5kazAxTEhIMkJiUkZuR1Ayb3VqUFZoSVllZEVsMU03cTczNGdieStlZmpGOURyT094SnZzMkw1TjJRWTZyaDJrWERmNEdQV1c5OWcvaExQYzRrYWVJZS8rMDBweFdVVjh0NnpMT0F5Q0FTMkFHczZhVHFEbUVaSHUwa2M2N1V4SGNjM29yRmE0RnpueGQxaktWZ0JSWXdka3JqMmtQRTlkZ252ZFRrek5rWThkU1lUTzZkYzBienZOSTQ4TWhkS3M9Iiwia2VrX2lkIjoiNTg4MzdmZGJlYTYyNDY2YzhiZThmZjNjMjY5ZDg3MDg5MTQzMWU2M2M5MTQ0MWFjODQ1MDA5M2U4ZTExNWY1ZCJ9"
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
Refer to HTTP status codes for details.
