Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
back

Examples

Versioned Key Management Examples

search

Please Note:

printsuggest an edit

Versioned Key Management Examples

This section shows how to use versioned keys within the CipherTrust Cryptographic and Key Management set of APIs.

copy link to clipboardVersioned Key Creation Example

Creation of an AES 256-bit versioned key named vkey256 with each version of the key with a lifespan of 7 days.

copy link to clipboardRequest

POST /vts/km/v1/keys 
{"size": 256, "name": "vkey256", "kty": "oct", "versioning_enabled":
true, "version": 0, "version_action": "create", "lifespan_interval":
7}

copy link to clipboardResponse

200 OK
{"attributes": {"usage": ["encrypt", "decrypt", "sign", "verify",
"destroy", "modify", "find", "export"],
"size": 16},
"metadata": {"key_management": {"uuid": "9f3c2775-405b-33e8-91af-
904faa0e551f",
"caching_duration": 44640,
"state": "active",
"lifespan_unit": "days",
"muid": "9f3c2775-405b-33e8-91af-904faa0e551f39b6aee0-6821-39f9-a186-
9a9904abff32",
"caching_enabled": True,
"name": "vkey256"}},
"kid": "tesrn:vts::label:vkey256"}

copy link to clipboardVersioned Key Import Example

Creation of an AES 256-bit versioned key named vkey256 with each version of the key with a lifespan of 7 days.

copy link to clipboardRequest

POST /vts/km/v1/keys
{"size": 256, "name": "vkey256", "kty": "oct", "versioning_enabled":
true, "version": 0, "lifespan_interval": 7, "wrappedkey":
"SGVsbG9Xb3JsZEFsd2F5cw=="}

copy link to clipboardResponse

200 OK
{"attributes": {"usage": ["encrypt", "decrypt", "sign", "verify",
"destroy", "modify", "find", "export"],"size": 16},
"metadata": {"key_management": {"uuid": "9f3c2775-405b-33e8-91af-
904faa0e551f",
"caching_duration": 44640,
"state": "active",
"lifespan_unit": "days",
"muid": "9f3c2775-405b-33e8-91af-904faa0e551f39b6aee0-6821-39f9-
a186-9a9904abff32",
"caching_enabled": True,
"name": "vkey256"}},
"kid": "tesrn:cts::label:vkey256"}

copy link to clipboardStandard Key to Version Key Migration Example

Creation of an AES 256-bit versioned key named vkey256 with each version of the key with a lifespan of 7 days.

copy link to clipboardRequest

PATCH /vts/km/v1/keys/existingkey {"version_action": "migrate"}

copy link to clipboardResponse

200 OK
{
"attributes": {
"size": 32
},
"metadata": {
"key_management": {
"uuid": "7f460ca4-04e2-37d9-8d57-b2c36fbed55e",
"caching_duration": 44640,
"state": "active",
"versioning_enabled": true,
"muid": "7f460ca4-04e2-37d9-8d57-b2c36fbed55ecd222707-123a-
3df5-baef-c9b1f77ac3fb",
"caching_enabled": 1,
"name": "existingkey"
}
},
"kid": "tesrn:cts::uuid:7f460ca4-04e2-37d9-8d57-b2c36fbed55e"
}

copy link to clipboardVersion Key Rotation Example

Rotation of an existing versioned key named vkey256 with each version of the key with a lifespan of 7 days.

copy link to clipboardRequest

PATCH /vts/km/v1/keys {"version_action": "rotate"}

copy link to clipboardResponse

200 OK
{"attributes": {"usage": ["encrypt", "decrypt", "sign", "verify",
"destroy", "modify", "find", "export"],
"size": 16},
"metadata": {"key_management": {"uuid": "d0a031de-5102-3bba-80f4-
7019306da03e",
"caching_duration": 44640,
"state": "active",
"lifespan_unit": "days",
"muid": "d0a031de-5102-3bba-80f4-7019306da03ed0a031de-6821-39f9-
a186-9a9904abff32",
"caching_enabled": True,
"name": "vkey256"}},
"kid": "tesrn:cts::label:vkey256"}

On this page