Create/Register KeyPair REST Service

Use the Create/Register KeyPair REST Service to create or register a public-private key pair and associate it with a client.

Operation
POST
URL
https://host:port/SKLM/rest/v1/objects/keypair

By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Request body

JSON object with the following specification:

Property name Description
clientName Required. Specify the name of the client.
prefixName Required. Specify the prefix that is used to create the alias.
publicKeyBlock Required if privateKeyBlock is specified. Specify the following parameters if you want to register the key pair:
publicKeyMaterial
Required. Specify the key material value of the public key in Hex string format. For example, 3082010a0282010100ab7f161c0042496ccd6c6d4dadb919.
publicKeyFormat
Specify the format value of the public key.

Default value: X509

Other possible value: PKCS1
privateKeyBlock Required if publicKeyBlock is specified. Specify the following parameters if you want to register the key pair:
privateKeyMaterial
Required. Specify the key material value of the private key in Hex string format. For example, 3082010a0282010100ab7f161c0042496ccd6c6d4dadb919.
privateKeyFormat
Optional. Specify the format value of the private key.

Default value: PKCS8

Other possible value: PKCS1
numberOfObjects Optional. Specify the number of public-private key pair objects that you want to create and assign to the client.

Default value: 1
privateKeyCryptoUsageMask Optional. Specify the cryptographic usage for which the private key is to be used.

Default value: Sign

Other possible values: Encrypt, Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap
publicKeyCryptoUsageMask Optional. Specify the cryptographic usage for which the public key is used.

Default value: Verify

Other possible values: Encrypt, Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap
algorithm Optional. Specify the algorithm to create the cryptographic object.

Default value: RSA

Other possible value: DSA
bitLength Optional. Specify the size of the cryptographic object.

Default value: 2048

You can specify all other possible values for RSA and DSA algorithms.

Response

Response Headers
Header name Value and description
Status Code
201 Created
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
publicKeyId Returns the unique identifier (UUID) of the public key object.
privateKeyId Returns the unique identifier (UUID) of the private key.
id Returns an array of the UUIDs. This property value is returned only if the number of objects being created is more than one.
messageId Returns the message identifier.
Error response body

JSON object with the following specification.

JSON property name Description
messageId Returns the message identifier.
error Returns a message that describes the error.

Example

Create public-private key pair
POST https://localhost:port/SKLM/rest/v1/objects/keypair{
"clientName":"client_rest",
"numberOfObjects":"2",
"prefixName":"fds",
"privateKeyCryptoUsageMask":"Encrypt",
"publicKeyCryptoUsageMask":"Decrypt",
"algorithm":"RSA",
"bitLength":"2048"
"publicKeyBlock":
{
	"publicKeyFormat":"X509",
	"publicKeyMaterial":"30819f300d06092a864886f70d010101050003818d0030818902818100930451c9ecd94f5bb9da17dd09381bd23be43eca8c7539f301fc8a8cd5d5274c3e7699dbdc711c97a7aa91e2c50a82bd0b1034f0df493dec16362427e58acce7f6ce0f9bcc617bbd8c90d0094a2703ba0d09eb19d1005f2fb265526aac75af32f8bc782cded2a57f811e03eaf67a944de5e78413dca8f232d074e6dcea4cec9f0203010001"},
"privateKeyBlock":
{
	"privateKeyFormat":"PKCS8",
	"privateKeyMaterial":"30820276020100300d06092a864886f70d0101010500048202603082025c02010002818100930451c9ecd94f5bb9da17dd09381bd23be43eca8c7539f301fc8a8cd5d5274c3e7699dbdc711c97a7aa91e2c50a82bd0b1034f0df493dec16362427e58acce7f6ce0f9bcc617bbd8c90d0094a2703ba0d09eb19d1005f2fb265526aac75af32f8bc782cded2a57f811e03eaf67a944de5e78413dca8f232d074e6dcea4cec9f02030100010281800b6a7d736199ea48a420e4537ca0c7c046784dcbeaa63baebc0bc132787449cde8d7cad0c0c863c0fefb06c3062befc50033ecf87b4e33a9be7bcbc8f1511ae215e80deb5d8af2bd31319d7821196640935a0cd67c94599579f2100d65e038831fdafb0dbe2bbdac00a696e67e756350e1c99ace11a36dabac3ed3e730960059024100ddf672fbcc5bda3d73affc4e791e0c03390224405d69ccaabc749faa0dcd4c2583c71dde8941a7b9aa030f52ef1451466c074d4d338fe677892acd9e10fd35bd024100a98fbc3ed6b4c6f860f97165ac2f7bb6f2e2cb192a9abd49795be5bcf37d8ee69a6e169c24e5c32e4e7fa33265461407f952ba49e204818a2f785f113f922b8b0240253f9470390d39049303777ddbc9750e9d64849ce0903eae704dc9f589b7680deb9d609fd5bcd4decd6f120542e5cff5d76f2a43c8615fb5b3a9213463797aa9024100a1ddf023c0cd94c019bb26d09b9e3ca8fa971cb16aa58b9baf79d6081a1dbba452ba53653e2804ba98ff69e8bb1b3a161ea225ea501463216a8dab9b88a75e5f02406178646e112cf79d921a8a843f17f6e7ff974f688122365bf6690cdfc996e1890952eb3820dd1890ec1c8619e87a2bd38f9d03b37fac742efb748c7885942c39"}
}

}
Success response
{
    "id": [
        {
            "publicKeyId": "KEY-d374678-2b27b43b-55d9-45b7-91d9-a2f0790dec52",
            "privateKeyId": "KEY-d374678-3b1ec88b-bf0f-4a50-9f75-51db32895c2f"
        },
        {
            "publicKeyId": "KEY-d374678-65ba75cc-c654-49cd-82c4-5826eef91dd5",
            "privateKeyId": "KEY-d374678-89f6d640-2357-42f7-9a7f-6238c7b634b3"
        }
    ],
    "messageId": "CTGKM6026I"
}
Error response
{
    "messageId": "CTGKM3426E",
    "error": "CTGKM3426E Invalid Cryptographic Length value. Specify a valid integer value and try again."
}
Register public-private key pair
POST https://localhost:port/SKLM/rest/v1/objects/keypair
"clientName":"client_rest",
"prefixName":"fds",
"privateKeyCryptoUsageMask":"Encrypt",
"publicKeyCryptoUsageMask":"Decrypt",
"algorithm":"RSA",
"bitLength":"1024",
"publicKeyBlock":
{
	"publicKeyFormat":"X509","publicKeyMaterial":
"30819f300d06092a864886f70d010101050003818d0030818902818100930451c9ecd94f5bb9da17dd09381bd23be43eca8c7539f301fc8a8cd5d5274c3e7699dbdc711c97a7aa91e2c50a82bd0b1034f0df493dec16362427e58acce7f6ce0f9bcc617bbd8c90d0094a2703ba0d09eb19d1005f2fb265526aac75af32f8bc782cded2a57f811e03eaf67a944de5e78413dca8f232d074e6dcea4cec9f0203010001"
},
"privateKeyBlock":
{
	"privateKeyFormat":"PKCS8","privateKeyMaterial":"30820276020100300d06092a864886f70d0101010500048202603082025c02010002818100930451c9ecd94f5bb9da17dd09381bd23be43eca8c7539f301fc8a8cd5d5274c3e7699dbdc711c97a7aa91e2c50a82bd0b1034f0df493dec16362427e58acce7f6ce0f9bcc617bbd8c90d0094a2703ba0d09eb19d1005f2fb265526aac75af32f8bc782cded2a57f811e03eaf67a944de5e78413dca8f232d074e6dcea4cec9f02030100010281800b6a7d736199ea48a420e4537ca0c7c046784dcbeaa63baebc0bc132787449cde8d7cad0c0c863c0fefb06c3062befc50033ecf87b4e33a9be7bcbc8f1511ae215e80deb5d8af2bd31319d7821196640935a0cd67c94599579f2100d65e038831fdafb0dbe2bbdac00a696e67e756350e1c99ace11a36dabac3ed3e730960059024100ddf672fbcc5bda3d73affc4e791e0c03390224405d69ccaabc749faa0dcd4c2583c71dde8941a7b9aa030f52ef1451466c074d4d338fe677892acd9e10fd35bd024100a98fbc3ed6b4c6f860f97165ac2f7bb6f2e2cb192a9abd49795be5bcf37d8ee69a6e169c24e5c32e4e7fa33265461407f952ba49e204818a2f785f113f922b8b0240253f9470390d39049303777ddbc9750e9d64849ce0903eae704dc9f589b7680deb9d609fd5bcd4decd6f120542e5cff5d76f2a43c8615fb5b3a9213463797aa9024100a1ddf023c0cd94c019bb26d09b9e3ca8fa971cb16aa58b9baf79d6081a1dbba452ba53653e2804ba98ff69e8bb1b3a161ea225ea501463216a8dab9b88a75e5f02406178646e112cf79d921a8a843f17f6e7ff974f688122365bf6690cdfc996e1890952eb3820dd1890ec1c8619e87a2bd38f9d03b37fac742efb748c7885942c39"
Success response
{
  "privateKeyId": "KEY-bdafff7-15e77edd-d361-4866-b911-6ebec841b621",
  "publicKeyId": "KEY-bdafff7-17cbbe52-d345-4f70-a75b-cd64602abf2b",
  "messageId": "CTGKM6026I"
}
}
Error response
{
    "messageId": "CTGKM3426E",
    "error": "CTGKM3426E Invalid Cryptographic Length value. Specify a valid integer value and try again."
}
Table 1. Topic change log
Date Change description
08 Nov 2021 Corrected the definition of the publicKeyBlock and privateKeyBlock parameters.
10 Sept 2021 Initial version.