Create/Register Symmetric Key REST Service
Use Create/Register Symmetric Key REST Service to create or register one or more symmetric keys and associate them with a client.
- Operation
POST- URL
- https://host:port/SKLM/rest/v1/objects/symmetrickey
By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Request Parameters
| Parameter | Description |
|---|---|
| host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
| port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
| Header name | Value |
|---|---|
| Content-Type | application/json |
| Accept | application/json |
| Authorization | SKLMAuth userAuthId=<authIdValue> |
| Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
Request body
JSON object with the following specification:
| Property name | Description |
|---|---|
| clientName | Required. Specify the name of the client. |
| prefixName | Required. Specify the prefix that is used to create the alias. |
| keyBlock | Optional. Specify the following parameters if you want to register a symmetric
key:
|
| numberOfObjects | Optional. Specify the number of symmetric keys that you want to create or
register. Default value: 1 |
| algorithm | Optional. Specify the algorithm to create symmetric key. Default value: AES Other possible value: 3DES |
| bitlength | Optional. Specify the size of the key.
|
| cryptoUsageMask | Optional. Specify the cryptographic usage for which the symmetric key is to be
used. Default value: Encrypt Other possible values: Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify |
Response
Response Headers
| Header name | Value and description |
|---|---|
| Status Code |
|
| Content-Type | application/json |
| Content-Language | Locale for the response message. |
Success response body
JSON object with the following specification:
| JSON property name | Description |
|---|---|
| id | Returns the unique identifier (UUID) of the newly created object. If multiple objects are created, an array of the UUIDs is returned. |
| messageId | Returns the message identifier. |
Error response body
JSON object with the following specification.
| JSON property name | Description |
|---|---|
| messageId | Returns the message identifier. |
| error | Returns a message that describes the error. |
Example
- Create a symmetric key
-
POST https://localhost:port/SKLM/rest/v1/objects/symmetrickey { "clientName":"Client_Test", "bitLength":"256", "numberOfObjects":"1", "prefixName":"tre", "cryptoUsageMask":"Decrypt", "algorithm":"AES" } - Success response
-
{ "id": "KEY-bdafff7-caf1cdd5-38d3-4374-a893-8bc4583ae268", "messageId": "CTGKM6026I" } - Error response
-
{ "messageId": "CTGKM3408E", "error": "CTGKM3408E Client with Client_Test name not found." }
- Register a symmetric key
-
POST https://localhost:port/SKLM/rest/v1/objects/symmetrickey { "clientName":"client_rest", "bitLength":"256", "prefixName":"tre", "cryptoUsageMask":"Decrypt", "keyBlock" :{"keyFormat":"RAW","keyMaterial": "EF04D24CCBD37635F5C414EDFBFD163C90BA265D64F45EADD2ECB5EAC30E74F8"}, "algorithm":"AES" } - Success response
-
{ "id": "KEY-bdafff7-6cae98a4-2cf3-43cf-a396-9a5684fda4fc", "messageId": "CTGKM6026I" } - Error response
-
{ "messageId": "CTGKM3408E", "error": "CTGKM3408E Client with client_rest name not found." }