Wrap/Unwrap
These two endpoint implements the NIST Key Wrapping scheme.
toAllowed users
Allowed
Required access scope
keymgmt:use:<KID>
where <KID>
is a Key ID as 32-character hexadecimal string
Wrap
Wrap a message
POST
https://my.ence.do/api/crypto/cipher/wrap
Wrap plain message using the NIST Key Wrapping scheme.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
alg
String
Algorithm to use (e.g. AES256)
ext_kid
String
External Key ID, 32 chars hex string
kid
*
String
Key ID, 32 chars hex string
msg
*
String
Data message to wrap (max. 2048 bytes)
pubkey
String
Base64 encoded external public key
ctx
String
Additional context data (HKDF argument) (max. 64 bytes)
iv
String
Optional IV data
Response status code
{
"wrapped": "ot5cd+SCF6w9dxdjtLnnr96yIMJQWVzb"
}
Possible alg
values
alg
valuesAES128
Regarding NIST SP 800-38F
AES192
Regarding NIST SP 800-38F
AES256
Regarding NIST SP 800-38F
Response data for successful operation
wrapped
String
Base64 encoded wrapped data
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_WRAP
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_WRAP
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_WRAP
LOG_RESULT_OK
200
Unwrap
Unwarp a message
POST
https://my.ence.do/api/crypto/cipher/unwrap
Unwrap the encrypted message using the NIST Key Wrapping scheme.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
alg
String
Algorithm to use (e.g. AES256)
ext_kid
String
External Key ID, 32 chars hex string
iv
String
Ciphertext IV
kid
*
String
Key ID, 32 chars hex string
msg
*
String
Data message to unwrap (max. 2048 bytes)
pubkey
String
Base64 encoded external public key
ctx
String
Additional context data (HKDF argument) (max. 64 bytes)
Response status code
{
"unwrapped": "SGVsbG9Xb3JsZDAxMjM0NQ=="
}
Possible alg
values
alg
valuesCheck the list here.
Response data for successful operation
unwrapped
String
Base64 encoded unwraped data
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_UNWRAP
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_UNWRAP
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_UNWRAP
LOG_RESULT_OK
200
Last updated