Add/Update Cryptographic Policy

1.0 Overview

For more information on the cryptographic policy, refer to User's Guide: Group Cryptographic Policy.

Following is an example of Cryptographic policy which:

  • Allows only AES 256 keys.

  • Allows only RSA 2048 and above keys.

  • No other keys allowed.

  • Only supports Encrypt, Decrypt, Sign and Verify operations

  • Restricts use of keys not compliant with the policy.

2.0 When there is no Quorum Policy on the Group

2.1 REST API using curl

$ curl <Endpoint URL>/sys/v1/groups/<Group-UUID> -H 'Authorization: Bearer YhXwwa-6C...ig5g' -X PATCH \
-d '{"cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, "rsa": { "minimum_key_length": 2048}}}'

3.0 When there is a Quorum Policy on the Group

In this case, you need to use the "approval_request" API.

3.1 REST API using curl

$ curl <Endpoint URL>/sys/v1/approval_requests -H 'Authorization: Bearer YhXwwa-6C...ig5g' \
-d '{"method": "PATCH", "operation": "/sys/v1/groups/<Group-UUID>", "body":{"cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, "rsa": { "minimum_key_length": 2048}}}}'