Method: Rewrap Data

Description

This endpoint rewraps the provided ciphertext using the latest version of the named key in the specified vault.

Note

Because this endpoint never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts.

Note

This endpoint requires at least Read permission in the affected vault.

URL Syntax

/api/{version}/transparent/rewrap/:vaultid/:name

HTTP Method

POST

Successful HTTP Response

200

Parameters

Parameter name	Description	Parameter type	Type	Mandatory	Comment
X-Http-Token	StoredSafe token	HTTP Header	String	¹⁾	Preferred method
token	StoredSafe token	JSON-encoded	String	¹⁾	Legacy method
vaultid	Vault-ID	URL-encoded	String	Yes
name	Key name	URL-encoded	String	Yes
to_version	Wrap to version	JSON-encoded	String	Yes
ciphertext	Ciphertext to rewrap	JSON-encoded	String	Yes

Note

¹⁾ One of the methods is required.

Response Attributes

Attribute	Description	Type
CALLINFO.errorcodes	Number of errors	Integer
CALLINFO.errors	Number of errors	Integer
CALLINFO.general	Information	Array
CALLINFO.handler	Handler used	String
CALLINFO.status	SUCCESS or FAIL	String
CALLINFO.token	Rotated StoredSafe token ¹⁾	String
CALLINFO.key_version	Latest key version	String
CALLINFO.ciphertext	Ciphertext (Base64 encoded)	String
CALLINFO.objectid	Object-ID	String
DATA	Supplied data in prior API-call	String
HEADERS.(headers)	HTTP Headers	String
PARAMS	Route parameters (empty)	Array
ERRORCODES	Error code and text ²⁾	Object
ERRORS	Error code and text ²⁾	Array

Note

¹⁾ Token to be used in subsequent calls

²) Only present if errors

Examples

Rewrap chipertext using the rotated key (version 2) of the key my-new-key in the vault (vaultid) 179.

Request

POST /api/1.0/transparent/rewrap/179/my-new-key
x-http-token: your_storedsafe_token
{
 "ciphertext": "storedsafe:v1:p7zqAiAHgWcsc7tqxtTp8FVfptehaSWTEo/yTn/oKJKIIdsASm7SVw==",
 "to_version": "2"
}

Response

HTTP/2 200
Content-type: application/json; charset=UTF-8
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "EncryptionHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token",
        "name": "my-new-key",
        "key_version": "2",
        "ciphertext": "storedsafe:v2:rsUKcXUaeUqIlAihBB7c5NoX9xAUxcJt8L1xS1bDuIulobKIp1OAOQ=="
    },
    "DATA": {
        "name": "my-new-key",
        "vaultid": "179",
        "ciphertext": "storedsafe:v1:p7zqAiAHgWcsc7tqxtTp8FVfptehaSWTEo/yTn/oKJKIIdsASm7SVw==",
        "to_version": "2",
        "token": "your_storedsafe_token"
    },
    "HEADERS": {
        "Accept": "*/*",
        "Content-Length": "169",
        "Content-Type": "application/json",
        "Host": "safe.domain.cc",
        "User-Agent": "curl/7.64.1",
        "X-Http-Token": "your_storedsafe_token"
    },
    "PARAMS": []
}