Key Import REST Service
Use the Key Import REST Service to import secret keys or
public/private key pairs. A secret key is a symmetric key. A public/private key pair is an
asymmetric key pair that contains a public key and a private key. The private key file is in
PKCS#12
format.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/keys/import
By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
JSON object with the following specification:
Property name | Description |
---|---|
alias | Required parameter in the following scenarios:
This parameter is not required when the keystore file contains only one private key. If you specify a value, it is ignored. |
fileName | Required. Specify the path and file name of the file from which the keys are imported. |
keyAlias | This parameter is required if the value of the type
attribute is secretkey . Specify the alias of the private key entry in the keystore
that decrypts the secret key or keys, from the file. Use the same alias value to import and export a
secret key or keys. |
newAlias | Specify a new value for the key alias. |
password | This parameter is required if the type parameter
is privatekey . This password was previously specified
with the Key Export REST Service. If you export
private keys to a PKCS#12 file, ensure that the
file with the key is wrapped with a FIPS-approved method before the
file leaves the computer. |
type | Specify whether the keys are secret or private.
|
usage | Specify the target application usage such as LTO device
group. You can specify the following values:
|
usage |
|
usage |
|
Response
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
privatekey
type
JSON object with the following specification:
JSON property name | Description |
---|---|
code | Returns an integer value such as 0 to indicate the key import status. |
status | Returns the status to indicate that the key import task is succeeded. |
secretkey
type
JSON array that contains JSON objects with the following specification:
JSON property name | Description |
---|---|
ImportedKeys | JSON array that contains JSON objects with a list of imported keys. If no keys are imported, an empty list is returned. |
ExistingKeys | JSON array that contains JSON objects with a list of duplicate keys. If there are no duplicate keys, an empty list is returned. |
FailedToImportKeys | JSON array that contains JSON objects with a list of failed keys. If there are no failed keys, an empty list is returned. |
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Examples
- Service request to import a symmetric key (
secretkey
type) POST https://localhost:port/SKLM/rest/v1/keys/import Content-Type: application/json Accept: application/json Authorization: SKLMAuth userAuthId=139aeh34567m {"keyAlias":" sklmCertificate", "alias":"xyz000000000000000000","newAlias":"ayz000000000000000000","type":"secretkey","fileName": "mykey","usage":"LTO"}
- Service request to import a private key (
privatekey
type) POST https://localhost:port/SKLM/rest/v1/keys/import Content-Type: application/json Accept: application/json Authorization: SKLMAuth userAuthId=139aeh34567m {"type":"privatekey","fileName":"mykey","usage":"SSLSERVER","password":"mypassword","newAlias":"mykey"}
- Service request to import multiple private keys (
privatekey
type) POST https://localhost:port/SKLM/rest/v1/keys/import Content-Type: application/json Accept: application/json Authorization: SKLMAuth userAuthId=139aeh34567m {"type":"privatekey","fileName":"mykey","usage":"3592","password":"mypassword","alias":"abc1","newAlias":"mykey"}