.. _rewrap: Method: Rewrap Data ------------------- Description ~~~~~~~~~~~ This endpoint rewraps the provided ciphertext using the latest version of the named key in the specified vault. .. note:: Because this endpoint never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts. .. note:: This endpoint requires at least :ref:`Read` permission in the affected vault. URL Syntax ~~~~~~~~~~ /api/{version}/transparent/rewrap/:vaultid/:name HTTP Method ~~~~~~~~~~~ POST Successful HTTP Response ~~~~~~~~~~~~~~~~~~~~~~~~ 200 Parameters ~~~~~~~~~~ +----------------+----------------------+----------------+--------+---------+-----------+------------------+ | Parameter name | Description | Parameter type | Type | Default | Mandatory | Comment | +================+======================+================+========+=========+===========+==================+ | X-Http-Token | StoredSafe token | HTTP Header | String | | :sup:`1)` | Preferred method | +----------------+----------------------+----------------+--------+---------+-----------+------------------+ | token | StoredSafe token | JSON-encoded | String | | :sup:`1)` | Legacy method | +----------------+----------------------+----------------+--------+---------+-----------+------------------+ | vaultid | Vault-ID | URL-encoded | String | | Yes | | +----------------+----------------------+----------------+--------+---------+-----------+------------------+ | name | Key name | URL-encoded | String | | Yes | | +----------------+----------------------+----------------+--------+---------+-----------+------------------+ | to_version | Wrap to version | JSON-encoded | String | | Yes | | +----------------+----------------------+----------------+--------+---------+-----------+------------------+ | ciphertext | Ciphertext to rewrap | JSON-encoded | String | | Yes | | +----------------+----------------------+----------------+--------+---------+-----------+------------------+ .. note:: :sup:`1)` One of the methods is required. Response Attributes ~~~~~~~~~~~~~~~~~~~ +----------------------+------------------------------------+---------+ | Attribute | Description | Type | +======================+====================================+=========+ | CALLINFO.errorcodes | Number of errors | Integer | +----------------------+------------------------------------+---------+ | CALLINFO.errors | Number of errors | Integer | +----------------------+------------------------------------+---------+ | CALLINFO.general | Information | Array | +----------------------+------------------------------------+---------+ | CALLINFO.handler | Handler used | String | +----------------------+------------------------------------+---------+ | CALLINFO.status | SUCCESS or FAIL | String | +----------------------+------------------------------------+---------+ | CALLINFO.token | Rotated StoredSafe token :sup:`1)` | String | +----------------------+------------------------------------+---------+ | CALLINFO.key_version | Latest key version | String | +----------------------+------------------------------------+---------+ | CALLINFO.ciphertext | Ciphertext (Base64 encoded) | String | +----------------------+------------------------------------+---------+ | CALLINFO.objectid | Object-ID | String | +----------------------+------------------------------------+---------+ | DATA | Supplied data in prior API-call | String | +----------------------+------------------------------------+---------+ | HEADERS.(headers) | HTTP Headers | String | +----------------------+------------------------------------+---------+ | PARAMS | Route parameters (empty) | Array | +----------------------+------------------------------------+---------+ | ERRORCODES | Error code and text :sup:`2)` | Object | +----------------------+------------------------------------+---------+ | ERRORS | Error code and text :sup:`2)` | Array | +----------------------+------------------------------------+---------+ .. note:: | :sup:`1)` Token to be used in subsequent calls | :sup:`2`) Only present if errors Examples ~~~~~~~~ Rewrap chipertext using the rotated key (version 2) of the key ``my-new-key`` in the vault (vaultid) 179. **Request** :: POST /api/1.0/transparent/rewrap/179/my-new-key x-http-token: your_storedsafe_token { "ciphertext": "storedsafe:v1:p7zqAiAHgWcsc7tqxtTp8FVfptehaSWTEo/yTn/oKJKIIdsASm7SVw==", "to_version": "2" } **Response** :: HTTP/2 200 Content-type: application/json; charset=UTF-8 { "CALLINFO": { "errorcodes": 0, "errors": 0, "general": [], "handler": "EncryptionHandler", "status": "SUCCESS", "token": "rotated_storedsafe_token", "name": "my-new-key", "key_version": "2", "ciphertext": "storedsafe:v2:rsUKcXUaeUqIlAihBB7c5NoX9xAUxcJt8L1xS1bDuIulobKIp1OAOQ==" }, "DATA": { "name": "my-new-key", "vaultid": "179", "ciphertext": "storedsafe:v1:p7zqAiAHgWcsc7tqxtTp8FVfptehaSWTEo/yTn/oKJKIIdsASm7SVw==", "to_version": "2", "token": "your_storedsafe_token" }, "HEADERS": { "Accept": "*/*", "Content-Length": "169", "Content-Type": "application/json", "Host": "safe.domain.cc", "User-Agent": "curl/7.64.1", "X-Http-Token": "your_storedsafe_token" }, "PARAMS": [] }