Create Key
The REST_API
license is required to create and use keys
Tip
Key's without policy are of different key-type and thus cannot be transformed to SKA-Key later on.
Endpoint
POST: /v1/key
Description: Create key request.
RSA (Rivest-Shamir-Adleman)
{
"label": "<keyname>",
"password": [ "R","E","P","L","A","C","E" ],
"algorithm": "RSA",
"keySize": 2048,
"attributes": {
"sign": true,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}
EC (Elliptic Curve Cryptography)
Slip-0010
derivation is supported upon HSM-Firmware v3.0.8 and TSB v2.1.0
{
"label": "<keyname>",
"password": [ "R","E","P","L","A","C","E" ],
"algorithm": "EC",
"curveOid": "1.3.132.0.10",
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": true,
"sign": true,
"wrap": true,
"unwrap": true,
"derive": false,
"bip32": false,
"slip10": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"copyable": false
}
}
ED (Edwards-curve Digital Signature Algorithm)
Slip-0010
derivation is supported upon HSM-Firmware v3.0.8 and TSB v2.1.0
{
"label": "<keyname>",
"password": [ "R","E","P","L","A","C","E" ],
"algorithm": "ED",
"curveOid": "1.3.101.112",
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": true,
"sign": true,
"wrap": true,
"unwrap": true,
"derive": false,
"bip32": false,
"slip10": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"copyable": false
}
}
AES (Advanced Encryption Standard)
{
"label": "aes",
"algorithm": "AES",
"keySize": 256,
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": true,
"sign": true,
"wrap": true,
"unwrap": true,
"derive": false,
"bip32": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"copyable": false
}
}
Dilithium (Crystals-Dilithium, PQC)
{
"label": "pqc_dilithium",
"password": null,
"algorithm": "DILITHIUM_L5",
"attributes": {
"sign": true,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}
LMS (Leighton–Micali Signatures, PQC)
{
"label": "lms_dilithium",
"password": null,
"algorithm": "LMS",
"attributes": {
"sign": true,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}
HMAC
{
"label": "hmacsha256",
"password": null,
"algorithm": "HMACSHA256",
"attributes": {
"sign": false,
"extractable": false,
"modifiable": false,
"destroyable": false,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}