Synchronous Key Operations
Synchronous operations that are directly forwarded to the HSM. For certain operations with SKA keys the signed approvals may be included in the request. The RestApi licence is necessary to execute these operations.
📄️ Wrap key
Wrap key
📄️ Verify signature
Verify signature
📄️ Unwrap a wrapped key
Create a synchronous (non-SKA) unwrap request
📄️ Unblock a key
Create a synchronous (ska) unblock request. Unblocking a key is only supported if the key has smart key attributes.
📄️ Sign a payload
Create a synchronous (non-SKA) sign request
📄️ Modify key policy
Create a synchronous (ska) modify policy request. Modifying a key is only supported if the key has smart key attributes.
📄️ Create keyed hash
Create keyed hash
📄️ Verify and decrypt a file
The API client receives the structured file and begins by unwrapping the symmetric key using the asymmetric private key stored on the HSM. With the unwrapped symmetric key, the client decrypts the encrypted payload to retrieve the original content. Finally, the digital signature is verified against the decrypted file-content to ensure its authenticity and integrity.
📄️ Sign and encrypt a file
The file content is first signed, then encrypted using a symmetric key. This symmetric key is subsequently wrapped with an asymmetric key. The encrypted payload, the wrapped symmetric key and the signature are then structured into a file that can be consumed by the API client.
📄️ Decrypt a file
Returns application/octet-stream or application/json of the decrypted file
📄️ Decrypt a ciphertext
Create a synchronous (non-SKA) decrypt request
📄️ Block a key
Create a synchronous (non-SKA) block request. Blocking a key is only supported if the key has smart key attributes.
📄️ Create hash
This API-Endpoint can be used to sign large payloads that exceed the current HSM limits of 20kb, v2.8 & 500kb, v3.0
📄️ Encrypt a file
Returns application/octet-stream or application/json of the encrypted file, key must be of type: EC, curveOid: 1.3.132.0.34 and derive attribute set on 'true'
📄️ Encrypt a payload
Encrypt a payload
📄️ Encapsulation using ML‑KEM
Generate an ephemeral key pair and perform a key‑encapsulation using the ML‑KEM algorithm. The operation takes the public key, generates and encapsulates a shared secret, and returns the ciphertext along with the secret.
📄️ Decapsulation using ML‑KEM
Perform a key‑decapsulation using the ML‑KEM algorithm. The operation takes the encapsulated ciphertext (produced by ML‑KEM), performs with the private key the decapsulation, and returns the recovered shared secret.
📄️ Create a RFC3161 timestamp
Create a RFC3161 timestamp
📄️ Get random bytes
Returns random bytes with the provided length as an base64 encoded string