Creating Static and Dynamic Keys
Keys can be created with either a static or dynamic work flow:
Static Work Flow
Note
It is recommended to use a static key model with tokenization.
In most cases, it is recommended to implement your application using static keys, that is, keys that will change their key material rarely, and thus are rarely created or destroyed on the CipherTrust Manager.
The implementation tasks for static key creation are:
Decide which actions will be performed (tokenize/detokenize), and which types of keys will be needed to support those actions.
CipherTrust Manager (CM): Create CT-VL-specific keys on the CipherTrust Manager, giving them meaningful names.
CT-VL GUI Administrator: Enter the appropriate key names into the CT-VL GUI, to be stored in the local CT-VL database, and used for assigning encryption and tokenization permissions.
Application Developer: Use the CipherTrust Key Management, Cryptography, and Tokenization APIs to perform the necessary functions in the application being integrated with CT-VL.
Warning
Do not use the REST API create or import key functions.
Dynamic Work Flow
In some cases, an organization may decide to automate key creation, rotation, or key import on the CipherTrust Manager, using the appropriate CipherTrust Key Management APIs.
Warning
If a key is deleted, all of the ciphertext the key was instrumental in creating is rendered unreadable.
In this case, the implementation team would need to:
Decide which actions will be performed (tokenize/detokenize), and which types of keys will be needed to support those actions.
Application Developer: Use the CipherTrust Key Management and CipherTrust Cryptography APIs to perform the necessary functions in the application being integrated into CT-VL, including create and/or import key functions.
CT-VL GUI Administrator: Designate a user (possibly a non-human user), and grant the user permission to create and/or import keys.
