Method: Rewrap Data¶
Description¶
This endpoint rewraps the provided ciphertext using the latest version of the named key in the specified vault.
Note
Because this endpoint never returns plaintext, it is possible to delegate this functionality to untrusted users or scripts.
Note
This endpoint requires at least Read permission in the affected vault.
URL Syntax¶
/api/{version}/transparent/rewrap/:vaultid/:name
HTTP Method¶
POST
Successful HTTP Response¶
200
Parameters¶
| Parameter name | Description | Parameter type | Type | Default | Mandatory | Comment |
|---|---|---|---|---|---|---|
| X-Http-Token | StoredSafe token | HTTP Header | String | 1) | Preferred method | |
| token | StoredSafe token | JSON-encoded | String | 1) | Legacy method | |
| vaultid | Vault-ID | URL-encoded | String | Yes | ||
| name | Key name | URL-encoded | String | Yes | ||
| to_version | Wrap to version | JSON-encoded | String | Yes | ||
| ciphertext | Ciphertext to rewrap | JSON-encoded | String | Yes |
Note
1) One of the methods is required.
Response Attributes¶
| Attribute | Description | Type |
|---|---|---|
| CALLINFO.errorcodes | Number of errors | Integer |
| CALLINFO.errors | Number of errors | Integer |
| CALLINFO.general | Information | Array |
| CALLINFO.handler | Handler used | String |
| CALLINFO.status | SUCCESS or FAIL | String |
| CALLINFO.token | Rotated StoredSafe token 1) | String |
| CALLINFO.key_version | Latest key version | String |
| CALLINFO.ciphertext | Ciphertext (Base64 encoded) | String |
| CALLINFO.objectid | Object-ID | String |
| DATA | Supplied data in prior API-call | String |
| HEADERS.(headers) | HTTP Headers | String |
| PARAMS | Route parameters (empty) | Array |
| ERRORCODES | Error code and text 2) | Object |
| ERRORS | Error code and text 2) | Array |
Note
1) Token to be used in subsequent calls
2) Only present if errors
Examples¶
Rewrap chipertext using the rotated key (version 2) of the key my-new-key
in the vault (vaultid) 179.
Request
POST /api/1.0/transparent/rewrap/179/my-new-key
x-http-token: your_storedsafe_token
{
"ciphertext": "storedsafe:v1:p7zqAiAHgWcsc7tqxtTp8FVfptehaSWTEo/yTn/oKJKIIdsASm7SVw==",
"to_version": "2"
}
Response
HTTP/2 200
Content-type: application/json; charset=UTF-8
{
"CALLINFO": {
"errorcodes": 0,
"errors": 0,
"general": [],
"handler": "EncryptionHandler",
"status": "SUCCESS",
"token": "rotated_storedsafe_token",
"name": "my-new-key",
"key_version": "2",
"ciphertext": "storedsafe:v2:rsUKcXUaeUqIlAihBB7c5NoX9xAUxcJt8L1xS1bDuIulobKIp1OAOQ=="
},
"DATA": {
"name": "my-new-key",
"vaultid": "179",
"ciphertext": "storedsafe:v1:p7zqAiAHgWcsc7tqxtTp8FVfptehaSWTEo/yTn/oKJKIIdsASm7SVw==",
"to_version": "2",
"token": "your_storedsafe_token"
},
"HEADERS": {
"Accept": "*/*",
"Content-Length": "169",
"Content-Type": "application/json",
"Host": "safe.domain.cc",
"User-Agent": "curl/7.64.1",
"X-Http-Token": "your_storedsafe_token"
},
"PARAMS": []
}