search

Derive a key

This key management operation allows to derive a new key and save it inside the device's secure repository.

hashtag
Allowed users

Allowed

hashtag
Required access scope

keymgmt:ecdh

hashtag
Derive a new key

POST https://my.ence.do/api/keymgmt/derive

Derive (create) a new key using ECDH with a source key and save it.

hashtag
Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

hashtag
Request Body

Name
Type
Description

descr

String

Base64 encoded additional description

ext_kid

String

External Key ID, 32 chars hex string

kid*

String

Key ID, 32 chars hex string

label*

String

Label of a key

mode

String

Key operation mode (for NIST ECC only)

pubkey

String

Base64 encoded external public key

type*

String

Type of key to create

hashtag
Response status code

circle-info

The key type pointed to ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will fail.

circle-exclamation

To generate ECC keys (NISP & SECP only), the generated seed needs to be validated to ensure it is in the correct range. As a result, this endpoint can fail without being an error.

hashtag
Response data for successful operation

Name
Type
Description

kid

String

Key ID, 32-character hex string

hashtag
Possible key type

Please refer to the list herearrow-up-right; note that ML-KEM and ML-DSA keys cannot be derived, only generated. These exceptions apply to the list.

hashtag
Possible key mode (for NIST ECC keys only)

Check the list herearrow-up-right.

hashtag
Log entries

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_KEY_DERIVE

LOG_RESULT_ERROR

400

LOG_TYPE_KEY_DERIVE

LOG_RESULT_ERROR

406

LOG_TYPE_KEY_DERIVE

LOG_RESULT_OK

200

PreviousCreate a keyNextImport a key

Last updated