Creating Keys
This section describes steps to create an encryption key using the CTE API.
Overview
Keys in a CTE policy must fulfill the following conditions. The keys should:
-
Have the CTE Clients group permissions
-
Be exportable
-
Be non-versioned/versioned
-
Be of the type "CBC" / "CBC_CS1" or "XTS"
Note
The XTS keys are required for creating GuardPoints with In-place Data Transformation (IDT) policies.
-
Have metadata with the following details:
CTE supports standard, LDT, COS, and IDT policies. Click the following tabs for policy-specific key requirements.
Keys for Standard Policies
-
Standard policies support only non-versioned keys.
-
Keys should have the CTE Clients group access.
-
CTE Clients group should have the Read Key and Export Key permissions.
-
Standard policies support "CBC" / "CBC_CS1" keys.
API
Sample
Keys for LDT Policies
-
LDT policies support only "CBC" and "CBC_CS1" keys.
-
Keys should have the CTE Clients group access.
-
CTE Clients group should have the Read Key and Export Key permissions.
-
LDT policies support only non-versioned keys in the "current_key" field.
-
LDT policies support only versioned keys in the "transformation_key" field.
API
Sample
Click the tabs to view the samples for the current key and transformation key.
Sample for the Current Key
Sample for the Transformation Key
Keys for COS Policies
-
Keys should have the CTE Clients group access.
-
CTE Clients group should have the Read Key and Export Key permissions.
-
COS policies support only non-versioned keys.
-
COS policies support only "CBC_CS1" keys.
API
Sample
Keys for IDT Policies
-
Keys should have the CTE Clients group access.
-
CTE Clients group should have the Read Key and Export Key permissions.
-
IDT policies support only the "XTS" encryption mode.
-
IDT policies support only non-versioned keys in the "current_key" and "transformation_key" fields.
-
IDT policies are used for IDT-capable devices.
API
Sample
Click the tabs to view the samples for the current key and transformation key.
Sample for the Current Key
Sample for the Transformation Key
Deleting CTE Keys
-
A CTE key cannot be deleted if it is being used in a policy.
-
The CTE Admins and Key Admins group permissions are required to delete a CTE key.