Creating a DSM Key
Use the post /v1/cckm/dsm/keys API to create a new key on DSM.
Syntax
curl -k '<IP>/api/v1/cckm/dsm/keys' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| domain | string | Name or ID of the DSM domain where the key is to be created. Refer to Getting DSM Domains to get a domain's ID. |
| dsm_params | JSON | Parameters to specify properties of the DSM key. Refer to DSM Parameters for details. |
| extractable | boolean | Whether the key is extractable. Set to true to make extractable, false to make non-extractable. |
| object_type | string | Object type of the DSM key. The options are: • asymmetric • symmetric" The default type is symmetric. |
DSM Parameters
| Parameter | Type | Description |
|---|---|---|
| algorithm | string | Algorithm of the key. The supported algorithms are: • RSA1024 (asymmetric) • RSA2048 (asymmetric) • RSA3072 (asymmetric) • RSA4096 (asymmetric) • AES256 (symmetric) • AES128 (symmetric) • ARIA128 (symmetric) • ARIA256 (symmetric) |
| name | string | Name for the DSM key. |
| description | string | Description of the DSM the key. |
| encryptionMode | string | (Applicable to AES Symmetric keys) Encryption mode of the DSM key. The options are: • CBC • CBC_CS1 • XTS |
| expirationTime | string | Expiration time of the key. The key will expire after the specified time. |
| keyVersionLifeSpan | integer | Life span of the key versioning. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/dsm/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImU5ZDA4Mzc3LWUxNGEtNGY1Mi04MGJlLWU2ODQyNzcyNmViZSIsImlhdCI6MTYxNDc0OTg4OSwiZXhwIjoxNjE0NzUwMTg5fQ.P4njjTNAGdkIw4ZNz7ijS9Dwrow2DE-vG8bn0dKIr04' -H 'Content-Type: application/json' --data-binary $'{\n "domain": "89c49e63-b5c9-46be-9371-0d8b0649e289",\n "extractable": true,\n "object_type": "symmetric",\n "dsm_params": {\n "name": "test-key",\n "algorithm": "AES256",\n "encryptionMode": "CBC"\n }\n}' --compressed
Example Response
{
"id": "d3296d8a-22bf-4b9c-8ff7-a41104b4631e",
"uri": "kylo:kylo:cckm:dsm-key:d3296d8a-22bf-4b9c-8ff7-a41104b4631e",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-03-03T05:38:55.793895104Z",
"updatedAt": "2021-03-03T05:38:55.79072393Z",
"dsm_params": {
"name": "test-key",
"algorithm": "AES256",
"encryptionMode": "CBC",
"keyUsageType": "STORED_ON_SERVER",
"id": 312745,
"url": "/v1/domains/2153/keys/symmetric/312745",
"uuid": "b4946274-1389-31e5-86f9-ec48c0581a39",
"state": "ACTIVE",
"creationTime": "2021-03-03T05:07:58.243-08:00",
"source": "From DSM",
"domainId": 2153,
"keyVersion": 0,
"keyHash": "7b5e25713d79dc52d7df82c5106e6dd8b6a4270e52a568d141cc93923367d95246398601169016640e565be058d6b5bf",
"numberOfPolicies": 0,
"alignUnit": "",
"alignedCachedTime": 0,
"publicKey": "",
"publicKeyFormat": "",
"alignedKeyVersionLifeSpan": 0
},
"domain_id": "89c49e63-b5c9-46be-9371-0d8b0649e289",
"domain": "test-domain",
"object_type": "symmetric",
"attributes": {
"Cryptographic Usage Mask": "127",
"EXT_KID": "1796125542",
"MUID": "b4946274-1389-31e5-86f9-ec48c0581a39c04e690b-777e-303c-b66e-2f0a99229774",
"UUID": "b4946274-1389-31e5-86f9-ec48c0581a39",
"x-key-state": "ACTIVE",
"x-key-state-actions": "PROTECT_AND_PROCESS"
},
"extractable": true,
"versioned": false
}
A new key named test-key is created on the DSM.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.