tklmKeyAttributeUpdate

Use the tklmKeyAttributeUpdate command to update key metadata that are Key Management Interoperability Protocol attributes in the database.

Note: The IBM Security Key Lifecycle Manager command-line interface commands will be deprecated in the later versions of IBM Security Key Lifecycle Manager. Use the REST interfaces instead.

Purpose

Use this command to update key metadata that are Key Management Interoperability Protocol attributes in the database.

Permissions

Your role must have a permission to the modify action and a permission to the appropriate device group.

Syntax

tklmKeyAttributeUpdate -uuid keyuuid -operation {add | update | delete} -index indexofvalue -attrName attributename -attrValue {keyvaluepair } {keyvaluepair }

Parameters

-attrName

Required. Specify the name that is used to identify or locate the attribute pair as an object.

Note: Do not use an asterisk (*) or question mark (?) as a character in a Key Management Interoperability Protocol attribute. These wildcard characters are reserved for future use.

applicationSpecificInformation: Specifies application namespace information as a Key Management Interoperability Protocol attribute.
contactInformation: Specifies contact information as a Key Management Interoperability Protocol attribute.
cryptoParams cryptoparameter1, cryptoparameter2, …, cryptoparameterN: Specifies the cryptographic parameters that are used for cryptographic operations by using the object cryptoparameter1, cryptoparameter2, …, cryptoparameterN. This attribute is a Key Management Interoperability Protocol attribute.
customAttribute: Specifies a custom attribute in string format as a Key Management Interoperability Protocol attribute. Client-specific attributes must start with the characters "x-" (x hyphen) and server-specific attributes must start with "y-" (y hyphen).
link: Specifies the link from one managed cryptographic object to another, closely related target managed cryptographic object. This attribute is a Key Management Interoperability Protocol attribute.
name: Specifies the name that is used to identify or locate the object. This attribute is a Key Management Interoperability Protocol attribute.
objectGroup: Specifies one or more object group names of which this object might be part. This attribute is a Key Management Interoperability Protocol attribute.
processStartDate: Specifies the date on which a symmetric key object can be used for process purposes. You cannot change the value after the date occurs. If you specify a date earlier than the current date, the value is set to the current date. This attribute is a Key Management Interoperability Protocol attribute.
protectStopDate: Specifies the date on which an object cannot be used for process purposes. You cannot change the value after the date occurs. If you specify a date earlier than the current date, the value is set to the current date. This attribute is a Key Management Interoperability Protocol attribute.
usageLimits: Specifies either total bytes (BYTE) or total objects (OBJECT) as a Key Management Interoperability Protocol attribute. You cannot modify this value once this object is used. For example, GetUsageAllocation calls this object.

-attrValue

Specify one or more of these key value pairs:

applicationSpecificInformation applicationIDstring

Specifies application namespace information as the value of applicationIDstring.

NAMESPACE: Application namespace.
INFO: Application namespace information.

contactInformation contactstring

Specifies contact information as the value of contactstring. This attribute is a Key Management Interoperability Protocol attribute.

VALUE: Contact information.

cryptoParams cryptoparameter1, cryptoparameter2, …, cryptoparameterN

Specifies the cryptographic parameters that are used for cryptographic operations by using the object cryptoparameter1, cryptoparameter2, …, cryptoparameterN. This attribute is a Key Management Interoperability Protocol attribute.

MODE: CBC, ECB, PCBC, CFB, OFB, CTR, CMAC, CCM, GCM, CBC_MAC, XTS, AES_KEY_WRAP_PADDING, NIST_KEY_WRAP, X9_102_AESKW, X9_102_TDKW, X9_102_AKW1, X 9_102_AKW2
PAD: NONE, OAEP, PKCS5, SSL3, ZEROS, ANSI_X9_23, ISO_10126, PKCS1_ V1_5, X9_31, PSS
HASH: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512
ROLE: BDK, CVK, DEK, MKAC, MKSMC, MKSMI, MKDAC, MKDN, MKCP, MKOTH, KEK, MAC1660 9, MAC97971, MAC97972, MAC97973, MAC97974, MAC97975, ZPK, PVKIBM, PVKPVV, PVKOTH

customAttribute customstring

Specifies for the value of customstring a custom attribute in string format as a Key Management Interoperability Protocol attribute. Client-specific attributes must start with the characters "x-" (x hyphen) and server-specific attributes must start with "y-" (y hyphen).

NAME: Client or server attribute name.
VALUE: Value of the attribute name.

link objectname, objectnametarget

Specifies the link from one managed cryptographic object to another, closely related target managed cryptographic object. This attribute is a Key Management Interoperability Protocol attribute.

TYPE: CERTIFICATE, PRIVATE_KEY, PUBLIC_KEY, DERIVATION_BASE_OBJECT, DERIVED_KEY, REPLACEMENT_OBJECT, REPLACED_OBJECT
LINKED_OBJECT_ID: Specify the target uuid of the linked object.

name

Specifies the name that is used to identify or locate the object. This attribute is a Key Management Interoperability Protocol attribute.

TYPE: TEXT, URI
VALUE: Name, or URI identifying the object.

objectGroup objectgroupname1, objectgroupnameN

Specifies for objectgroupname1, objectgroupnameN the values of one or more object group names of which this object might be part. This attribute is a Key Management Interoperability Protocol attribute.

VALUE: Object group name.

processStartDate yyyy-MM-dd

Specifies the date in yyyy-MM-dd format on which a symmetric key object can be used for process purposes. You cannot change the value after the date occurs. If you specify a date earlier than the current date, the value is set to the current date. This attribute is a Key Management Interoperability Protocol attribute.

VALUE: Date in yyyy-MM-dd format.

protectStopDate yyyy-MM-dd

Specifies the date in yyyy-MM-dd format on which an object cannot be used for process purposes. You cannot change the value after the date occurs. If you specify a date earlier than the current date, the value is set to the current date. This attribute is a Key Management Interoperability Protocol attribute.

VALUE: Date in yyyy-MM-dd format.

usageLimits

Specifies either total bytes (BYTE) or total objects (OBJECT) as a Key Management Interoperability Protocol attribute. You cannot modify this value once this object is used. For example, GetUsageAllocation calls this object.

TYPE: OBJECT, BYTE
VALUE: Total number of objects or bytes.

index

Specify the index to update or delete an attribute value.

operation

Required. Specify one of these valid operations to run on an attribute value: add, update, delete

uuid

Required. Specify the Universal Unique Identifier of the key.

Example

This Jython-formatted command adds an attribute value of a key attribute.

print AdminTask.tklmKeyAttributeUpdate
	('[-uuid KEY-d3ee4491-f96e-495d-bb37-fc03748924ba 
		–operation add –attrName cryptoParams 
			–attrValue 	“{MODE CBC} {PAD NONE} {HASH SHA256} {ROLE BDK}”]')

This Jython-formatted command adds an attribute value of a key attribute.

print AdminTask.tklmKeyAttributeUpdate
	('[-uuid KEY-d3ee4491-f96e-495d-bb37-fc03748924ba 
		–operation add –attrName name 
			-attrValue “{TYPE TEXT} {VALUE key name for xyz}”]')

This Jython-formatted command updates an attribute value of a key attribute.

print AdminTask.tklmKeyAttributeUpdate
	('[-uuid KEY-d3ee4491-f96e-495d-bb37-fc03748924ba 
		-operation update -index 0 -attrName name 
			-attrValue “{TYPE TEXT} {VALUE updated key name for xyz}”]')

This Jython-formatted command deletes the value at the specified index.

print AdminTask.tklmKeyAttributeUpdate
	('[-uuid KEY-d3ee4491-f96e-495d-bb37-fc03748924ba 
		-operation delete -index 0 -attrName name]')