Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Related APIs

Encrypting Private Keys (wrapprivatekey)

search

Please Note:

Encrypting Private Keys (wrapprivatekey)

The POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/wrapprivatekey API is called to encrypt the end user' private key. This API returns an opaque binary object (wrapped private key) that is uploaded by the user to Google using the Gmail API client libraries.

This is a privileged operation, and can only be performed by authorized CCKM admins. When wrapping a private key, specify any of the following combinations with optional field perimeter_id:

  • key_id of the PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA private key created on the CipherTrust Manager.

  • wrapping_key_id and wrapped_custom_private_key, where:

    • wrapping_key_id: Key ID of the RSA key created on the CipherTrust Manager. Its public key is used for wrapping your custom PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA private key.

    • wrapped_custom_private_key: Wrapped custom PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA private key.

Syntax

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/wrapprivatekey' -H 'Content-Type: application/json' --data-binary $'{\n  "private_key": "<private key>",\n  "perimeter_id": "<perimeter id>"\n}' --compressed

Request Parameters

Parameter Type Description
id string ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints.
key_id string ID of the PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA private key created on the CipherTrust Manager.
wrapping_key_id string Key ID of the RSA key created on the CipherTrust Manager. Its public key is used for wrapping your custom PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA private key.
wrapped_custom_private_key string Wrapped custom PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA private key.
perimeter_id string ID of the perimeter to encrypt with the key.

Note

Specify either key_id or a combination of wrapping_key_id and wrapped_custom_private_key, not both.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/7d03-4e2d-c1583936-a0ae-3a1ae2d2e200/wrapprivatekey' -H 'Content-Type: application/json' --data-binary $'
{
    key_id: "f1d2f7c956634abb8159f7184d71e30e0f8dd3556be64e188414291ef886b289"
    wrapping_key_id : "f1d2f7c956634abb8159f7184d71e30e0f8dd3556be64e188414291ef886b287"
    wrapped_custom_private_key : "eyJ3cmFwcGVkX2tleSI6IkNVT3ZWMFFjd1dGWWZhZXR6cStiY09RVC9TU2RiOTBC==",
    "perimeter_id": ""
}' --compressed

Example Response

{
"wrapped_private_key":
    "LpyCSy5ddy82PIp/87JKaMF4Jmt1KdrbfT1iqpB7uhVd3OwZiu+oq8kxIzB7Lr0iX4aOcxM6HiUyMrGP2P
    G8x0HkpykbUKQxBVcfm6SLdsqigT9ho5RYw20M6ZXNWVRetFSleKex4SRilTRny38e2ju/lUy0KDaCt1hDU
    T89nLZ1wsO3D1F3xk8J7clXv5fe7GPRd1ojo82Ny0iyVO7y7h1lh2PACHUFXOMzsdURYFCnxhKAsadccCxp
    CxKh5x8p78PdoenwY1tnT3/X4O/4LAGfT4fo98Frxy/xtI49WDRNZi6fsL6BQT4vS/WFkybBX9tXaenCqlR
    BDyZSFhatPQ==",
}

Response Codes

Response Code Description
2xx Success
4xx Client errors

Refer to HTTP status codes for details.