DRM Symmetric Key REST Design
Revision as of 17:52, 28 November 2011 by Alee
Archiving a Symmetric Key or Passphrase
- factory URL to create archival requests
- input is xml or json containing the following fields:
- Envelope is SecurityData
- clientID=<string client id> - client specified string id for this piece of data. The client may end up searching on this string.
- transWrappedSessionKey=<url encoded wrapped key> - This client generated session key will be wrapped with the DRM's transport cert.
- wrappedPrivateData=<url encode wrapped key/passphrase> - This is the actual security data encrypted by the created symmetric key.
- dataType=<type of data> - String representation of the type of data, "symmetricKey", "passPhrase" or "AsymmetricKey" (for client convenience)
- Question: do we care about ECC here/ or any algorithms?
- output is xml/json with the following fields:
- status=201 (Created)
- ref_id = <serial number of archival request>
- serialNumber=<serial number of created key record>
- status =
- authenticates the agent issuing the request. Agent must provide a client cert.
- checks authorization of the request based on an acl for this operation "certServer.kra.archive.request (submit)". Submit allowed for DRM agents.
- Get the KRA request queue and generate a new Request object.
- req = queue.newRequest(KRAService.ARCHIVAL) ?
- using req.setExtData(): set the fields as follows
- requestType: "Security Data Archival?"
- extdata-drm_trans_des_key: transWrappedSessionKey
- extdata-requestid: not set - generated by newRequest() call.
- ext-data-keyrecord: not set - stored by server when key is stored
- ext-data-keysize: not set
- extdata-wrappeduserprivate: wrappedPrivateData
- dataType: dataType
- clientID: clientID
- Get the request ID
- reqID = req.getRequestID().toString(). This will be returned as self reference.
- Immediately Process the request