Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Stateless APIs

WrapKey

search

Please Note:

WrapKey

This API wraps key.

URL

<http/https>://<host-name>:<Port>/protectappws/services/rest/key/wrapKey

Input Parameters

ParametersDescription
userNameUser name (optional).
passwordPassword associated with the user (optional).
keyNameName of the key to be wrapped.
keyUseForWrapKey to be used for wrapping.
wrapFormatPaddingPadding format to be used for wrapping the key. This is an optional parameter. It is used for PKCS#1v2.1 and one of the following padding is used: SHA256, SHA384, and SHA512.
certAliasClient certificate alias for making SSL connections (optional).
certPassPassword for the provided certificate alias (optional).

Sample REST call for cxf

request

    {
        "WrapKeyRequest": {
            "userName": "cryptouser",
            "password": "asdf1234",
            "keyName": "AESKey",
            "keyUseForWrap": "RSAKey",
            "wrapFormatPadding": "SHA256"
        }
    }

response

    {
        "WrapKeyResponse": {
            "wrapKeyData": "36E409F7993906344FA0DC560475086F485163857ACD41752651ACDF236BDDE73F9859CBF42A744D27603F5869D3DBD29C97005B973517DB76761AF8915D0B13"
        }
    }

Unwrap Key using OpenSSL

  1. The WrapKey API generates output in hex format. To unwrap the key, convert it into byte array and then write the Base64 encoded wrapped key to file as shown here.

    String wrappedKeytxt=<hexdata>;
byte[] wrappedKey =IngrianProvider.hex2ByteArray(wrappedKeytxt);
Base64.encodeToFile(wrappedKey, <filePathWhereBase64EncodedWrappedKeyIsWritten>);

  2. Based on the padding scheme, run the following command.

    openssl enc -in <filePathWhereBase64EncodedWrappedKeyIsWritten> -out <filepathForbinarytext> -d -a
openssl rsautl -decrypt -in <filepathForbinarytext> -out <filePathToUnwrappedKey> -inkey <pemFilePathToPrivKey>

    openssl enc -in <filePathWhereBase64EncodedWrappedKeyIsWritten> -out <filepathForbinarytext> -d -a 
openssl pkeyutl -decrypt -inkey <pemFilePathToPrivKey> -in <filepathForbinarytext> -out <filePathToUnwrappedKey> -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256

  3. Read the unwrapped key bytes from the file. Convert the byte array into hex format as shown here.

    byte keyArr[]=Files.readAllBytes(Paths.get(<filePathToUnwrappedKey>);
String unwrappedKey= IngrianProvider.byteArray2Hex(keyArr));

On this page