Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Examples

Versioned Key Management Examples

search

Please Note:

Versioned Key Management Examples

This section shows how to use versioned keys within the CipherTrust Cryptographic and Key Management set of APIs.

Versioned Key Creation Example

Creation of an AES 256-bit versioned key named vkey256 with each version of the key with a lifespan of 7 days.

Request

POST /vts/km/v1/keys {"size": 256, "name": "vkey256", "kty": "oct", "versioning_enabled":
true, "version": 0, "version_action": "create", "lifespan_interval":
7}

Response

200 OK
{"attributes": {"usage": ["encrypt", "decrypt", "sign", "verify",
"destroy", "modify", "find", "export"],
"size": 16},
"metadata": {"key_management": {"uuid": "9f3c2775-405b-33e8-91af-
904faa0e551f",
"caching_duration": 44640,
"state": "active",
"lifespan_unit": "days",
"muid": "9f3c2775-405b-33e8-91af-904faa0e551f39b6aee0-6821-39f9-a186-
9a9904abff32",
"caching_enabled": True,
"name": "vkey256"}},
"kid": "tesrn:vts::label:vkey256"}

Versioned Key Import Example

Creation of an AES 256-bit versioned key named vkey256 with each version of the key with a lifespan of 7 days.

Request

POST /vts/km/v1/keys
{"size": 256, "name": "vkey256", "kty": "oct", "versioning_enabled":
true, "version": 0, "lifespan_interval": 7, "wrappedkey":
"SGVsbG9Xb3JsZEFsd2F5cw=="}

Response

200 OK
{"attributes": {"usage": ["encrypt", "decrypt", "sign", "verify",
"destroy", "modify", "find", "export"],
"size": 16},
"metadata": {"key_management": {"uuid": "9f3c2775-405b-33e8-91af-
904faa0e551f",
"caching_duration": 44640,
"state": "active",
"lifespan_unit": "days",
"muid": "9f3c2775-405b-33e8-91af-904faa0e551f39b6aee0-6821-39f9-
a186-9a9904abff32",
"caching_enabled": True,
"name": "vkey256"}},
"kid": "tesrn:cts::label:vkey256"}

Standard Key to Version Key Migration Example

Creation of an AES 256-bit versioned key named vkey256 with each version of the key with a lifespan of 7 days.

Request

PATCH /vts/km/v1/keys/existingkey {"version_action": "migrate"}

Response

200 OK
{
"attributes": {
"size": 32
},
"metadata": {
"key_management": {
"uuid": "7f460ca4-04e2-37d9-8d57-b2c36fbed55e",
"caching_duration": 44640,
"state": "active",
"versioning_enabled": true,
"muid": "7f460ca4-04e2-37d9-8d57-b2c36fbed55ecd222707-123a-
3df5-baef-c9b1f77ac3fb",
"caching_enabled": 1,
"name": "existingkey"
}
},
"kid": "tesrn:cts::uuid:7f460ca4-04e2-37d9-8d57-b2c36fbed55e"
}

Version Key Rotation Example

Rotation of an existing versioned key named vkey256 with each version of the key with a lifespan of 7 days.

Request

PATCH /vts/km/v1/keys {"version_action": "rotate"}

Response

200 OK
{"attributes": {"usage": ["encrypt", "decrypt", "sign", "verify",
"destroy", "modify", "find", "export"],
"size": 16},
"metadata": {"key_management": {"uuid": "d0a031de-5102-3bba-80f4-
7019306da03e",
"caching_duration": 44640,
"state": "active",
"lifespan_unit": "days",
"muid": "d0a031de-5102-3bba-80f4-7019306da03ed0a031de-6821-39f9-
a186-9a9904abff32",
"caching_enabled": True,
"name": "vkey256"}},
"kid": "tesrn:cts::label:vkey256"}

On this page