1.0 Overview
For more information on the cryptographic policy, refer to User's Guide: Group Cryptographic Policy.
Following is an example of Cryptographic policy which:
Allows only AES 256 keys.
Allows only RSA 2048 and above keys.
No other keys allowed.
Only supports Encrypt, Decrypt, Sign and Verify operations
Restricts use of keys not compliant with the policy.
2.0 When there is no Quorum Policy on the Group
2.1 REST API using curl
$ curl <Endpoint URL>/sys/v1/groups/<Group-UUID> -H 'Authorization: Bearer YhXwwa-6C...ig5g' -X PATCH \
-d '{"cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, "rsa": { "minimum_key_length": 2048}}}'3.0 When there is a Quorum Policy on the Group
In this case, you need to use the "approval_request" API.
3.1 REST API using curl
$ curl <Endpoint URL>/sys/v1/approval_requests -H 'Authorization: Bearer YhXwwa-6C...ig5g' \
-d '{"method": "PATCH", "operation": "/sys/v1/groups/<Group-UUID>", "body":{"cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, "rsa": { "minimum_key_length": 2048}}}}'