Skip to main content

Create Key

The REST_API license is required to create and use keys

Tip

Key's without policy are of different key-type and thus cannot be transformed to SKA-Key later on.

Endpoint

POST: /v1/key

Description: Create key request.

RSA (Rivest-Shamir-Adleman)

{
"label": "<keyname>",
"password": [ "R","E","P","L","A","C","E" ],
"algorithm": "RSA",
"keySize": 2048,
"attributes": {
"sign": true,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}

EC (Elliptic Curve Cryptography)

Slip-0010 derivation is supported upon HSM-Firmware v3.0.8 and TSB v2.1.0

    {
"label": "<keyname>",
"password": [ "R","E","P","L","A","C","E" ],
"algorithm": "EC",
"curveOid": "1.3.132.0.10",
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": true,
"sign": true,
"wrap": true,
"unwrap": true,
"derive": false,
"bip32": false,
"slip10": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"copyable": false
}
}

ED (Edwards-curve Digital Signature Algorithm)

Slip-0010 derivation is supported upon HSM-Firmware v3.0.8 and TSB v2.1.0

    {
"label": "<keyname>",
"password": [ "R","E","P","L","A","C","E" ],
"algorithm": "ED",
"curveOid": "1.3.101.112",
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": true,
"sign": true,
"wrap": true,
"unwrap": true,
"derive": false,
"bip32": false,
"slip10": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"copyable": false
}
}

AES (Advanced Encryption Standard)

{
"label": "aes",
"algorithm": "AES",
"keySize": 256,
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": true,
"sign": true,
"wrap": true,
"unwrap": true,
"derive": false,
"bip32": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"copyable": false
}
}

Dilithium (Crystals-Dilithium, PQC)

{
"label": "pqc_dilithium",
"password": null,
"algorithm": "DILITHIUM_L5",
"attributes": {
"sign": true,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}

LMS (Leighton–Micali Signatures, PQC)

{
"label": "lms_dilithium",
"password": null,
"algorithm": "LMS",
"attributes": {
"sign": true,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}

HMAC

{
"label": "hmacsha256",
"password": null,
"algorithm": "HMACSHA256",
"attributes": {
"sign": false,
"extractable": false,
"modifiable": false,
"destroyable": false,
"sensitive": true,
"decrypt": false,
"unwrap": false
}
}