Difference between revisions of "Key REST API"

From Dogtag
Jump to: navigation, search
(Created page with "= Retrieving a Key = Request: <pre> { "Attributes": { "Attribute": [ { "name": "requestId", "value": null...")
 
m (Retrieving Key With DES)
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Retrieving a Key =
+
= Archiving a Key =
 +
 
 +
== Archiving Key with DES ==
  
 
Request:
 
Request:
Line 8: Line 10:
 
         "Attribute": [
 
         "Attribute": [
 
             {
 
             {
                 "name": "requestId",
+
                 "name": "algorithmOID",
                 "value": null
+
                 "value": "{1 2 840 113549 3 7}"
 +
            },
 +
            {
 +
                "name": "clientKeyID",
 +
                "value": <client key ID>
 +
            },
 +
            {
 +
                "name": "dataType",
 +
                "value": "passPhrase"
 +
            },
 +
            {
 +
                "name": "symmetricAlgorithmParams",
 +
                "value": <base64-encoded data>
 
             },
 
             },
 
             {
 
             {
Line 16: Line 30:
 
             },
 
             },
 
             {
 
             {
                 "name": "sessionWrappedPassphrase",
+
                 "name": "wrappedPrivateData",
                 "value": null
+
                 "value": <base64-encoded data>
 +
            }
 +
        ]
 +
    },
 +
    "ClassName": "com.netscape.certsrv.key.KeyArchivalRequest"
 +
}
 +
</pre>
 +
 
 +
Response:
 +
 
 +
<pre>
 +
{
 +
    "RequestInfo": {
 +
        "keyURL": "https://localhost:8443/kra/rest/agent/keys/<key ID>",
 +
        "requestStatus": "begin",
 +
        "requestType": "securityDataEnrollment",
 +
        "requestURL": "https://localhost:8443/kra/rest/agent/keyrequests/<request ID>"
 +
    }
 +
}
 +
</pre>
 +
 
 +
== Archiving Key with AES ==
 +
 
 +
Request:
 +
 
 +
<pre>
 +
{
 +
    "Attributes": {
 +
        "Attribute": [
 +
            {
 +
                "name": "algorithmOID",
 +
                "value": "{2 16 840 1 101 3 4 1 2}"
 
             },
 
             },
 
             {
 
             {
                 "name": "nonceData",
+
                 "name": "clientKeyID",
                 "value": null
+
                 "value": <client key ID>
 
             },
 
             },
 
             {
 
             {
                 "name": "certificate",
+
                 "name": "dataType",
                 "value": null
+
                 "value": "passPhrase"
 
             },
 
             },
 
             {
 
             {
                 "name": "passphrase",
+
                 "name": "keyAlgorithm",
                 "value": null
+
                 "value": ""
 
             },
 
             },
 +
            {
 +
                "name": "symmetricAlgorithmParams",
 +
                "value": <base64-encoded data>
 +
            },
 +
            {
 +
                "name": "transWrappedSessionKey",
 +
                "value": <base64-encoded data>
 +
            },
 +
            {
 +
                "name": "wrappedPrivateData",
 +
                "value": <base64-encoded data>
 +
            }
 +
        ]
 +
    },
 +
    "ClassName": "com.netscape.certsrv.key.KeyArchivalRequest"
 +
}
 +
</pre>
 +
 +
Response:
 +
 +
<pre>
 +
{
 +
    "RequestInfo": {
 +
        "keyURL": "https://localhost:8443/kra/rest/agent/keys/<key ID>",
 +
        "requestStatus": "complete",
 +
        "requestType": "securityDataEnrollment",
 +
        "requestURL": "https://localhost:8443/kra/rest/agent/keyrequests/<request ID>"
 +
    }
 +
}
 +
</pre>
 +
 +
= Retrieving a Key =
 +
 +
== Retrieving Key with DES ==
 +
 +
Request:
 +
 +
<pre>
 +
{
 +
    "Attributes": {
 +
        "Attribute": [
 
             {
 
             {
 
                 "name": "keyId",
 
                 "name": "keyId",
                 "value": "22"
+
                 "value": <key ID>
 +
            },
 +
            {
 +
                "name": "transWrappedSessionKey",
 +
                "value": <base64-encoded data>
 +
            },
 +
            {
 +
                "name": "payloadEncryptionOID",
 +
                "value": "{1 2 840 113549 3 7}"
 
             },
 
             },
 
             {
 
             {
 
                 "name": "payloadWrappingName",
 
                 "name": "payloadWrappingName",
 
                 "value": "DES3/CBC/Pad"
 
                 "value": "DES3/CBC/Pad"
 +
            }
 +
        ]
 +
    },
 +
    "ClassName": "com.netscape.certsrv.key.KeyRecoveryRequest"
 +
}
 +
</pre>
 +
 +
Response:
 +
 +
<pre>
 +
{
 +
    "wrappedPrivateData": <base64-encoded data>,
 +
    "nonceData": <base64-encoded data>,
 +
    "encryptAlgorithmOID": "DESede/CBC/PKCS5Padding/168",
 +
    "type": "passPhrase"
 +
}
 +
</pre>
 +
 +
== Retrieving Key with AES ==
 +
 +
Request:
 +
 +
<pre>
 +
{
 +
    "Attributes": {
 +
        "Attribute": [
 +
            {
 +
                "name": "keyId",
 +
                "value": <key ID>
 +
            },
 +
            {
 +
                "name": "transWrappedSessionKey",
 +
                "value": <base64-encoded data>
 
             },
 
             },
 
             {
 
             {
 
                 "name": "payloadEncryptionOID",
 
                 "name": "payloadEncryptionOID",
                 "value": "{1 2 840 113549 3 7}"
+
                 "value": "{2 16 840 1 101 3 4 1 2}"
 +
            },
 +
            {
 +
                "name": "payloadWrappingName",
 +
                "value": "AES KeyWrap/Padding"
 
             }
 
             }
 
         ]
 
         ]
Line 55: Line 186:
 
     "wrappedPrivateData": <base64-encoded data>,
 
     "wrappedPrivateData": <base64-encoded data>,
 
     "nonceData": <base64-encoded data>,
 
     "nonceData": <base64-encoded data>,
    "p12Data": null,
+
     "encryptAlgorithmOID": "AES/CBC/PKCS5Padding/128",
    "algorithm": null,
+
     "type": "passPhrase"
    "size": null,
 
    "additionalWrappedPrivateData": null,
 
    "requestID": null,
 
     "encryptAlgorithmOID": "DESede/CBC/PKCS5Padding/168",
 
    "wrapAlgorithm": null,
 
     "type": "passPhrase",
 
    "publicKey": null
 
 
}
 
}
 
</pre>
 
</pre>
Line 69: Line 193:
 
= See Also =
 
= See Also =
  
* [{Key Management]]
+
* [[Key Management]]

Latest revision as of 17:26, 11 October 2019

Archiving a Key

Archiving Key with DES

Request:

{
    "Attributes": {
        "Attribute": [
            {
                "name": "algorithmOID",
                "value": "{1 2 840 113549 3 7}"
            },
            {
                "name": "clientKeyID",
                "value": <client key ID>
            },
            {
                "name": "dataType",
                "value": "passPhrase"
            },
            {
                "name": "symmetricAlgorithmParams",
                "value": <base64-encoded data>
            },
            {
                "name": "transWrappedSessionKey",
                "value": <base64-encoded data>
            },
            {
                "name": "wrappedPrivateData",
                "value": <base64-encoded data>
            }
        ]
    },
    "ClassName": "com.netscape.certsrv.key.KeyArchivalRequest"
}

Response:

{
    "RequestInfo": {
        "keyURL": "https://localhost:8443/kra/rest/agent/keys/<key ID>",
        "requestStatus": "begin",
        "requestType": "securityDataEnrollment",
        "requestURL": "https://localhost:8443/kra/rest/agent/keyrequests/<request ID>"
    }
}

Archiving Key with AES

Request:

{
    "Attributes": {
        "Attribute": [
            {
                "name": "algorithmOID",
                "value": "{2 16 840 1 101 3 4 1 2}"
            },
            {
                "name": "clientKeyID",
                "value": <client key ID>
            },
            {
                "name": "dataType",
                "value": "passPhrase"
            },
            {
                "name": "keyAlgorithm",
                "value": ""
            },
            {
                "name": "symmetricAlgorithmParams",
                "value": <base64-encoded data>
            },
            {
                "name": "transWrappedSessionKey",
                "value": <base64-encoded data>
            },
            {
                "name": "wrappedPrivateData",
                "value": <base64-encoded data>
            }
        ]
    },
    "ClassName": "com.netscape.certsrv.key.KeyArchivalRequest"
}

Response:

{
    "RequestInfo": {
        "keyURL": "https://localhost:8443/kra/rest/agent/keys/<key ID>",
        "requestStatus": "complete",
        "requestType": "securityDataEnrollment",
        "requestURL": "https://localhost:8443/kra/rest/agent/keyrequests/<request ID>"
    }
}

Retrieving a Key

Retrieving Key with DES

Request:

{
    "Attributes": {
        "Attribute": [
            {
                "name": "keyId",
                "value": <key ID>
            },
            {
                "name": "transWrappedSessionKey",
                "value": <base64-encoded data>
            },
            {
                "name": "payloadEncryptionOID",
                "value": "{1 2 840 113549 3 7}"
            },
            {
                "name": "payloadWrappingName",
                "value": "DES3/CBC/Pad"
            }
        ]
    },
    "ClassName": "com.netscape.certsrv.key.KeyRecoveryRequest"
}

Response:

{
    "wrappedPrivateData": <base64-encoded data>,
    "nonceData": <base64-encoded data>,
    "encryptAlgorithmOID": "DESede/CBC/PKCS5Padding/168",
    "type": "passPhrase"
}

Retrieving Key with AES

Request:

{
    "Attributes": {
        "Attribute": [
            {
                "name": "keyId",
                "value": <key ID>
            },
            {
                "name": "transWrappedSessionKey",
                "value": <base64-encoded data>
            },
            {
                "name": "payloadEncryptionOID",
                "value": "{2 16 840 1 101 3 4 1 2}"
            },
            {
                "name": "payloadWrappingName",
                "value": "AES KeyWrap/Padding"
            }
        ]
    },
    "ClassName": "com.netscape.certsrv.key.KeyRecoveryRequest"
}

Response:

{
    "wrappedPrivateData": <base64-encoded data>,
    "nonceData": <base64-encoded data>,
    "encryptAlgorithmOID": "AES/CBC/PKCS5Padding/128",
    "type": "passPhrase"
}

See Also