Wrap/Unwrap
These two endpoint implements the NIST Key Wrapping scheme.
Allowed users
Allowed
Required access scope
keymgmt:use:<KID>
where <KID> is a Key ID as 32 chars hexadecimal string
Wrap
Wrap a message
POST https://my.ence.do/api/crypto/cipher/wrap
Wrap plain message using NIST Key Wrapping scheme.
Headers
| Name | Type | Description |
|---|---|---|
Authorization* | String | Bearer JWT_TOKEN |
Content-Type* | String | application/json |
Request Body
| Name | Type | Description |
|---|---|---|
alg | String | Algorithm to use (e.g. AES256) |
ext_kid | String | External Key ID, 32 chars hex string |
kid* | String | Key ID, 32 chars hex string |
msg* | String | Data message to wrap |
pubkey | String | Base64 encoded external public key |
ctx | String | Additional context data (HKDF argument) |
iv | String | Optional IV data |
The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.
Possible alg values
alg values| Value | Description |
|---|---|
AES128 | Regard to NIST SP 800-38F |
AES192 | Regard to NIST SP 800-38F |
AES256 | Regard to NIST SP 800-38F |
Response data for successful operation
| Name | Type | Description |
|---|---|---|
| String | Base64 encoded wraped data |
Log entries
| Event | Result | Source |
|---|---|---|
LOG_TYPE_FAILED_SCOPE_CHECK | LOG_RESULT_FAILED | 403 |
LOG_TYPE_CRYPTO_WRAP | LOG_RESULT_ERROR | 400 |
LOG_TYPE_CRYPTO_WRAP | LOG_RESULT_FAILED | 406 |
LOG_TYPE_CRYPTO_WRAP | LOG_RESULT_OK | 200 |
Unwrap
Unwarp a message
POST https://my.ence.do/api/crypto/cipher/unwrap
Unwrap encrypted message using the NIST Key Wrapping scheme.
Headers
| Name | Type | Description |
|---|---|---|
Authorization* | String | Bearer JWT_TOKEN |
Content-Type* | String | application/json |
Request Body
| Name | Type | Description |
|---|---|---|
alg | String | Algorithm to use (e.g. AES256) |
ext_kid | String | External Key ID, 32 chars hex string |
iv | String | Ciphertext IV |
kid* | String | Key ID, 32 chars hex string |
msg* | String | Data message to unwrap |
pubkey | String | Base64 encoded external public key |
ctx | String | Additional context data (HKDF argument) |
The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.
Possible alg values
alg valuesCheck the list here.
Response data for successful operation
| Name | Type | Description |
|---|---|---|
| String | Base64 encoded unwraped data |
Log entries
| Event | Result | Source |
|---|---|---|
LOG_TYPE_FAILED_SCOPE_CHECK | LOG_RESULT_FAILED | 403 |
LOG_TYPE_CRYPTO_UNWRAP | LOG_RESULT_ERROR | 400 |
LOG_TYPE_CRYPTO_UNWRAP | LOG_RESULT_FAILED | 406 |
LOG_TYPE_CRYPTO_UNWRAP | LOG_RESULT_OK | 200 |
Last updated