4 Managing Keystores
| Section | Method | Resource Path |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
POST New KSS Keystore Method
Use the POST method to create a new Keystore Service (KSS) Keystore.
REST Request
POST /opss/v2/keystoreservice
Request Body
Media types for the request or response body.
Media Types: application/json
The request body contains the details of the create request:
| Attribute | Description | Required |
|---|---|---|
|
|
Name of the stripe to contain the KSS keystore. |
Yes |
|
|
Name for the KSS keystore. |
Yes |
|
|
Password for the KSS keystore. |
No |
|
|
Boolean value that specifies whether to create a permission-based keystore. |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the create operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to create a KSS keystore by submitting a POST request on the REST resource using cURL.
curl -i -X POST -u username:password --data @createkss.json -H Content-Type:application/json https://myhost:7001/opss/v2/keystoreservice
Example of Request Body
The following example shows the request body in JSON format.
{
"stripeName" : "myStripe",
"keystoreName" : "myKeystore",
"keystorePassword" : "myPwd",
"permissionBased" : "false"
}
Note:
A password is required unless creating a permission-based keystore ("permission" : "true").
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
}
Example of Creating Permission-Based Keystore
The following example shows the request body in JSON format.
{
"stripeName" : "myStripe",
"keystoreName" : "permKeystore",
"permissionBased" : "true"
}
POST Import KSS Keystore Method
Use the POST method to import a Keystore Service (KSS) keystore from a JKS keystore file.
REST Request
POST /opss/v2/keystoreservice/keystore
Request Body
Media types for the request or response body.
Media Types: multipart/form-data
The response body contains information about the import request, including:
| Attribute | Description | Required |
|---|---|---|
|
|
Name of the stripe. |
Yes |
|
|
Byte array of keystore data. |
Yes |
|
|
Name for the JKS keystore. |
Yes |
|
|
Password for the local keystore file that is being imported and the keystore entry, if password-protected. |
No |
|
|
Keystore type. This value must be set to |
Yes |
|
|
List of aliases for the keys to be imported from the |
Yes |
|
|
List of passwords for the keys to be imported from the |
No |
|
|
Boolean value that specifies whether to import as a permission-based keystore. |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Success message. |
cURL Example
The following example shows how to import a KSS keystore by submitting a POST request on the REST resource using cURL.
curl -i -X PUT -u username:password --data @updatekss.json -H Content-Type:application/json https://myhost:7001/opss/v2/keystoreservice/keystore
Example of Request Body
The following example shows the request body in JSON format.
"stripeName" : "myStripe", "keystoreName" : "myKeystore", "keyAliasList" : ["myAlias"], "keystorePassword" : "password1", "keyPasswordList" : ["password"], "keystoreType" : "JKS", "permissionBased" : "false", "keystoreImportBytes" : [-2, -19, -2, -19, 0, 0, 0, 2, 0, 0, 0, 1, 0, 0, 0, 2, 0, 6, 109, 121, 99, 101, 114, 116, 0, 0, 1, 86, 125, 119, -27, 113, 0, 5, 88, 46, 53, 48, 57, 0, 0, 3, -61, 48, -126, 3, -65, 48, -126, 2, -89, -96, 3, 2, 1, 2, 2, 16, 64, 4, 72, -122, -60, 65, -17, 59, 100, 58, -128, 102, 64, -102, -4, -96, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 48, 120, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 65, -117, -74] }
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"SUCCESS_MSG":"Aliases: myAlias imported
successfully"
}
PUT Password Update KSS Keystore Method
Use the PUT method to update the password for a Keystore Service (KSS) keystore.
REST Request
PUT /opss/v2/keystoreservice
Request Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the Load Balancer patches, including:
| Attribute | Description | Required |
|---|---|---|
|
|
Name of the stripe. |
Yes |
|
|
Name of the KSS keystore. |
Yes |
|
|
New password for the keystore. |
Yes |
|
|
Old password for the keystore. |
Yes |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the update operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to import a KSS keystore by submitting a PUT request on the REST resource using cURL.
curl -i -X PUT -u username:password --data @updatekss.json -H Content-Type:application/json https://myhost:7001/opss/v2/keystoreservice
Example of Request Body
The following example shows the request body in JSON format.
{
"stripeName" : "myStripe",
"keystoreName" : "mykssstore",
"oldPassword" : "myPwd",
"newPassword" : "myNewPwd"
}
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
}
POST Trusted Certificate KSS Keystore Method
Use the POST method to import a trusted certificate into a Keystore Service (KSS) keystore.
REST Request
POST /opss/v2/keystoreservice/certificates
Request Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the import request, including:
| Attribute | Description | Required |
|---|---|---|
|
|
List that contains alias for the trusted certificate. |
Yes |
|
|
Base64-encoded certificate. |
Yes |
|
|
Keystore entry type. Valid values include: |
Yes |
|
|
Name of the KSS keystore. |
Yes |
|
|
Name of the stripe. |
Yes |
|
|
Password for the KSS keystore. |
No |
|
|
List that contains key password for the trust certificate. |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
|
|
Subject DN list that was imported. |
cURL Example
The following example shows how to create a KSS keystore by submitting a POST request on the REST resource using cURL.
curl -i -X POST -u username:password --data @importcertkss.json -H Content-Type:application/json https://myhost:7001/opss/v2/keystoreservice/certificates
Example of Request Body
The following example shows the request body in JSON format.
{
"keyAliasList" : ["myAlias"],
"keystoreEntry":
"MIIC7DCCAqqgAwIBAgIEalhBSjALBgcqhkjOOAQDBQAwSDEKMAgGA1UEBhMBeTEKMAgGA1UECBMB\neTEKMAgGA1UEBxMBeTEKMAgGA1UEChMBeTEKMAgGA1UECxMBeTEKMAgGA1UEAxMBeTAeFw0xNDA3\nMDMxMTAwMTZaFw0xNDEwMDExMTAwMTZaMEgxCjAIBgNVBAYTAXkxCjAIBgNVBAgTAXkxCjAIBgNV\nBAcTAXkxCjAIBgNVBAoTAXkxCjAIBgNVBAsTAXkxCjAIBgNVBAMTAXkwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7/s9JKgOBhAACgYBrvzkjozmv6t6T0GNJES1R3ypRsBs8VLX2g3GotHd7Kht/TCj4HikelZDd\nuL0t96R5Q4A3srOgSIZ+0INRs1ER8y1Q37LyJNfyqYn5KqLBlN9bhSYAfcuIpjwIXGVfLQGdByD7\ntr4PSvZQx18K6p68HUCh+jXQT9+7n3ZUIBzH5aMhMB8wHQYDVR0OBBYEFPdMpcEBbYSCYMdJiE4r\ncQxf7Me4MAsGByqGSM44BAMFAAMvADAsAhQH/G1ixrEaWAG3lGWafkHgXxnzhwIUW5eSctgmaQBj\nvKaY0E6fYJzcp5c=",
"keystoreType" : "TrustedCertificate",
"keystoreName" : "myKeystore",
"stripeName" : "myStripe",
"keystorePassword" : "myPwd"
"keyPasswordList" : ["mykeyPwd"]
}
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
"SUBJECT_DN": "CN=y,OU=y,O=y,L=y,ST=y,C=y"
}
GET Stripe KSS Keystores Method
Use the GET method to return all Keystore Service (KSS) keystores for a stripe.
REST Request
GET /opss/v2/keystoreservice/{stripeName}
Parameters
The following table summarizes the GET request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of stripe for which you want to view all KSS keystores. |
Path |
Yes |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the certificate, including:
| Attribute | Description |
|---|---|
|
|
List of keystores in the stripe. |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password https://myhost:7001/opss/v2/keystoreservice/myStripe
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"keystores":["trust","castore"]
}
GET Alias KSS Keystore Method
Use the GET method to view the alias for the Keystore Service (KSS) keystore.
REST Request
GET /opss/v2/keystoreservice/alias/{stripeName}/{keystoreName}/{entryType}
Parameters
The following table summarizes the GET request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of the stripe. |
Path |
Yes |
|
|
Name of the keystore. |
Path |
Yes |
|
|
Keystore type. Valid values include |
Path |
Yes |
|
|
Base64 encoded keystore password |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the certificate, including:
| Attribute | Description |
|---|---|
|
|
List of keystore aliases in the stripe. |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password https://myhost:7001/opss/v2/keystoreservice/alias/myStripe/myKeystore/TrustedCertificate
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"Alias":["myAlias"]
}
GET Trusted Certificate KSS Keystore Method
Use the GET method to view trusted certificates in the Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide a Base64-encoded header value for the keystore password.
REST Request
GET /opss/v2/keystoreservice/certificates
Parameters
The following table summarizes the GET request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of the stripe. |
Query |
Yes |
|
|
Name of the keystore. |
Query |
Yes |
|
|
Alias for trusted certificate. |
Query |
Yes |
|
|
Type of keystore entry. Valid values include |
Query |
Yes |
|
|
Password for the KSS keystore. |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the certificate, including:
| Attribute | Description |
|---|---|
|
|
Contents of the Base64-encoded certificate. |
|
|
Optional extensions that are used to issue a certificate for a specific purpose. Each extension includes the following:
|
|
|
List of trusted distinguished names. |
|
|
Date the certificate expires. |
|
|
Date the certificate is activated. |
|
|
Serial number of the JKS keystore. |
|
|
Base64-encoded signature key. |
|
|
Signing algorithm for the alias. |
|
|
Subject distinguished names list. |
|
|
String of public key value. |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password -H keystorePassword:cHdkMQ== -H https://myhost:7001/opss/v2/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=client&keystoreEntryType=Certificate"
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"NOT_BEFORE":"Fri Jul 25 02:45:11 PDT 2014",
"NOT_AFTER":"Thu Oct 23 02:45:11 PDT 2014",
"SERIAL_NO":"982191050",
"SIGNING_ALGORITHM":"1.2.840.10040.4.3",
"PUBLIC_KEY": "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAa785I6M5r+rek9BjSREtUd8qUbAbPFS19oNxqLR3eyobf0wo+B4pHpWQ3bi9LfekeUOAN7KzoEiGftCDUbNREfMtUN+y8iTX8qmJ+SqiwZTfW4UmAH3LiKY8CFxlXy0BnQcg+7a+D0r2UMdfCuqevB1Aofo10E/fu592VCAcx+U=""CONTENT":"-----BEGIN CERTIFICATE----- \nMIIC7DCCAqqgAwIBAgIEOosLyjALBgcqhkjOOAQDBQAwS
EKMAgGA1UEBhMBcjEKMAgGA1UECBMB\ncjEKMAgGA1UEBxMBcjEKMAgGA1UEChMBcjEKMAgGA1UECxM
cjEKMAgGA1UEAxMBUjAeFw0xNDA3\nMjUwOTQ1MTFaFw0xNDEwMjMwOTQ1MTFaMEgxCjAIBgNVBAYTA
IxCjAIBgNVBAgTAXIxCjAIBgNV\nBAcTAXIxCjAIBgNVBAoTAXIxCjAIBgNVBAsTAXIxCjAIBgNVBAM
AVIwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA\/X9TgR11EilS30qcLuzk5\/YRt1I870QAwx4\/gL
RJmlFXUAiUftZPY1Y+r\/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5\/oBHsQIsJPu6nX\/rfGG
/g7V+fGqKYVDwT7g\/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu\/yIgMZndFIAccCFQCXYFCPFSMLzLKS
YKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu\/o66oL5V0wLPQeCZ1FZV4661FlP5nEHE
GAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFG
iaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7\/s9JKgOBhAACgYAjhpZybXj6rlXDow8srnSFE9dZJJpCKaQV
ACagQogePV+xlqPClDOoiQJ\nuvuUGHerDrThC1\/Wq5Uj1+TnkSKTy0qYxmQoq56xALa47np9TKtqt
4Vy8eUUorakG4lrjNt\/EgR\nfO675n+qINkKXKpcxaCicupRCYPkPXlnT4mtyKMhMB8wHQYDVR0OBB
EFDKbmPa2Il6SylJRPTv8\nQ+4CqpEhMAsGByqGSM44BAMFAAMvADAsAhQbkmlaUG5QDR5mXUiYC74p
\/FBOwIUGx5lc5Y01ppo\nvK3UgL7M8E3eOfc=\n-----END CERTIFICATE-----",
"SIGNATURE":FEZN2l4SPFEK5jt2QZRb5Q==",
"Extensions":"{subjectKeyIDExtension {oid = 2.5.29.14 critical = false, value = 329b98f6b6225e92ca52513d3bfc43ee02aa9121}}"
}
DELETE Trusted Certificate KSS Keystore Method
Use the Delete method to delete a certificate from a Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore and key passwords.
REST Request
DELETE /opss/v2/keystoreservice/certificates
Parameters
The following table summarizes the DELETE request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of stripe. |
Query |
Yes |
|
|
Name of the keystore. |
Query |
Yes |
|
|
Alias for the certificate in the KSS keystore. |
Query |
Yes |
|
|
Base64 encoded keystore password. |
Header |
No |
|
|
Base64 encoded key password. |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a trusted certificate from the keystore by submitting a DELETE request on the REST resource using cURL.
curl -i -X DELETE -u username:password -H keystorePassword:cHdkMQ== -H keyPassword:bXlQd2Qy https://myhost:7001/opss/v2/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myAlias"
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
}
POST Secret Key KSS Keystore
Use the POST method to create a secret key used in symmetric encryption/decryption for a KSS keystore.
REST Request
POST /opss/v2/keystoreservice/secretkey
Request Body
Media types for the request or response body.
Media Types: application/json
The request body contains the details of the create request:
| Attribute | Description | Required |
|---|---|---|
|
|
Name of the stripe. |
Yes |
|
|
Name for the KSS keystore. |
Yes |
|
|
List that contains alias for the secret key. |
Yes |
|
|
Size measured in bits of the of the key used in cryptographic algorithm. |
Yes |
|
|
Controls the cryptographic characteristics of the algorithms that are used when securing messages. |
Yes |
|
|
Password for the KSS keystore. |
No |
|
|
List that contains the password for the key. |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to create a secret key by submitting a POST request on the REST resource using cURL.
curl -i -X POST -u username:password --data @secretkey.json -H Content-Type:application/json https://myhost:7001/opss/v2/keystoreservice/secretkey
Example of Request Body
The following example shows the request body in JSON format.
{
"stripeName" : "myStripe",
"keystoreName" : "myKeystore",
"keyAliasList" : ["myKeyAlias"],
"keySize" : "56",
"keyAlgorithm" : "DES",
"keystorePassword" : "myPwd",
"keyPasswordList" : ["myKeyPwd"]
}
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
}
GET Secret Key Properties KSS Keystore Method
Use the GET method to view the secret key properties for a KSS keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore and key passwords.
REST Request
GET /opss/v2/keystoreservice/secretkey
Parameters
The following table summarizes the GET request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of the stripe. |
Query |
Yes |
|
|
Name of the keystore. |
Query |
Yes |
|
|
Alias of the secret key. |
Query |
Yes |
|
|
Whether the key should be returned in the output. |
Query |
No |
|
|
Base64 encoded keystore password. |
Header |
No |
|
|
Base64 encoded key password. |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body contains information about the certificate, including:
| Attribute | Description |
|---|---|
|
|
List of secret key properties. |
|
|
String of secret key data if "returnKeyInResponse" set to true. |
cURL Example
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password -H keystorePassword:bXlQd2Q= -H keyPassword:bXlLZXlQd2Q= https://myhost:7001/opss/v2/keystoreservice/secretkey?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myKeyAlias"
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"keystore properties":["DES"]
}
The following example shows how to view the properties of the secret key for an alias, including the secret key value.
curl -i -X GET -u username:password -H keystorePassword:bXlQd2Q= -H keyPassword:bXlLZXlQd2Q= https://myhost:7001/opss/v2/keystoreservice/secretkey?stripeName=myStripe&keystoreName=myKeystore&keyAlias=myKeyAlias&returnKeyInResponse=true
Example of Response Body
The following example shows the response body in JSON format.
{
"keystore properties":["DES"],
"secret key": "f65uMWvxAdM="
}DELETE Secret Key KSS Keystore Method
Use the DELETE method to delete a secret key.
REST Request
DELETE /opss/v2/keystoreservice/secretkey
Parameters
The following table summarizes the DELETE request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of the stripe. |
Query |
Yes |
|
|
Name of the keystore. |
Query |
Yes |
|
|
Alias of the secret key. |
Query |
Yes |
|
|
Password for the KSS keystore. |
Header |
No |
|
|
Password for the key. |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the delete operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a secret key from the keystore by submitting a DELETE request on the REST resource using cURL.
curl -i -X DELETE -u username:password -H keystorePassword:bXlQd2Q= -H keyPassword:bXlLZXlQd2Q= https://myhost:7001/opss/v2/keystoreservice/secretkey?"stripeName=myStripe&keystoreName=myKeystore"
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Header
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
}POST Key Pair KSS Keystore
Use the POST method to create a key pair used in symmetric encryption/decryption for a KSS keystore.
REST Request
POST /opss/v2/keystoreservice/keypair
Request Body
Media types for the request or response body.
Media Types: application/json
The request body contains the details of the create request:
| Attribute | Description | Required |
|---|---|---|
|
|
Name of the stripe. |
Yes |
|
|
Name for the KSS keystore. |
Yes |
|
|
List that contains alias for the secret key. |
Yes |
|
|
Size, measured in bits, of the key used in the cryptographic algorithm. |
Yes |
|
|
Controls the cryptographic characteristics of the algorithms that are used when securing messages. |
Yes |
|
|
Distinguished name for the key |
Yes |
|
|
Password for the KSS keystore. |
No |
|
|
Password for the key. |
No |
|
|
List that contains password for the list. |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to create a key pair by submitting a POST request on the REST resource using cURL.
curl -i -X POST -u username:password --data @keypair.json -H Content-Type:application/json https://myhost:7001/opss/v2/keystoreservice/keypair
Example of Request Body
The following example shows the request body in JSON format.
{
"stripeName" : "myStripe",
"keystoreName" : "myKeystore",
"keyAliasList" : ["myKeyAlias"],
"keySize" : "256",
"algorithm" : "EC",
"DN" : "CN=CertGenCA,OU=FORTESTINGONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US",
"keystorePassword" : "myPwd",
"keyPasswordList" : ["myKeyPwd"]
}
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED"
}
GET Key Pair KSS Keystore Method
Use the GET method to view to view a key pair for a KSS keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore and key passwords.
REST Request
GET /opss/v2/keystoreservice/keypair
Parameters
The following table summarizes the GET request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of the stripe. |
Query |
Yes |
|
|
Name of the keystore. |
Query |
Yes |
|
|
Alias of the secret key. |
Query |
Yes |
|
|
Password for the KSS keystore. |
Header |
No |
|
|
Password for the key. |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the get operation, including:
| Attribute | Description |
|---|---|
|
|
Base64 encoded private key. |
cURL Example
The following example shows how to view a key pair by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password -H keystorePassword:bXlQd2Q= -H keyPassword:bXlLZXlQd2Q= https://myhost:7001/opss/v2/keystoreservice/keypair?stripeName=myStripe&keystoreName=myKeystore&keyAlias=myKeyAlias
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"private key": "MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBzQbYz6xUZjr/XuwVMJj1XXQCquis0f9q5SD9NXhlBjw=="
}
DELETE Key Pair KSS Keystore Method
Use the DELETE method to delete a key pair.
REST Request
DELETE /opss/v2/keystoreservice/keypair
Parameters
The following table summarizes the DELETE request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
|
Name of the stripe. |
Query |
Yes |
|
|
Name of the keystore. |
Query |
Yes |
|
|
Alias of key pair. |
Query |
Yes |
|
|
Base64 encoded keystore password. |
Header |
No |
|
|
Base64 encoded key password. |
Header |
No |
Response Body
Media Types for the request or response body.
Media Types: application/json
The response body returns the status of the delete operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a key pair from the keystore by submitting a DELETE request on the REST resource using cURL.
curl -i -X DELETE -u username:password -H keystorePassword:bXlQd2Q= https://myhost:7001/opss/v2/keystoreservice/keypair?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myKeyAlias"
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 200 OK
Example of Response Body
The following example shows the response body in JSON format.
{
"STATUS": "SUCCEEDED""
}
DELETE Keystore Service KSS Keystore Method
Use the DELETE method to delete a Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide Base64-encoded header values for the keystore password.
REST Request
DELETE /opss/v2/keystoreservice
Parameters
The following table summarizes the DELETE request parameters.
| Name | Description | Type | Required |
|---|---|---|---|
|
" |
Name of the stripe. |
Query |
Yes |
|
" |
Name of the keystore. |
Query |
Yes |
|
|
Password for the key store. |
Header |
No |
Response Body
Media types for the request or response body.
Media Types: application/json
The response body returns the status of the delete operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a trusted certificate from the keystore by submitting a DELETE request on the REST resource using cURL.
curl -i -X DELETE -u username:password -H keystorePassword:bXlQd2Q= https://myhost:7001/opss/v2/keystoreservice?"stripeName=myStripe&keystoreName=myKeystore"
Example of Response Header
The following example shows the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.
HTTP/1.1 204 No Content