Unwrapping a Key

This operation unwraps (decrypts) a wrapped key and import into Fortanix DSM. This allows securely importing into Fortanix DSM security objects that were previously wrapped by Fortanix DSM or another key management system. A new security object will be created in Fortanix DSM with the unwrapped data.

  • The Alg and Mode parameters specify the encryption algorithm and cipher mode being used by the unwrapping key (See Encryption Section).

  • The ObjectType parameter specifies the object type of the Security-object being unwrapped. The size or elliptic curve of the object being unwrapped does not need to be specified.

Go

newKeyName := "new AES Key"
unwrapKeyReq := sdkms.UnwrapKeyRequest {
           Name: &newKeyName,
           Alg: sdkms.AlgorithmRsa // Unwrapping key type
           ObjType: sdkms.AlgorithmAes,
           WrappedKey: new byte[](<wrapped key in bytes>),
}
unwrapKeyResp, err := client.Unwrap(ctx, unwrapKeyReq)

Java

// Unwrap an AES key that is wrapped with an RSA key
UnwrapKeyRequest unwrapRequest = new UnwrapKeyRequest()
              .ObjType(ObjectType.AES)
              .name("new AES key")
              .wrappedKey(<wrapped key in bytes>)
              .alg(ObjectType.RSA); // Unwrapping key type
              
KeyObject unwrappedKey = new WrappingAndUnwrappingApi(apiClient)
       .unwrapKey(<UUID of the unwrapping key>, unwrapRequest);

Python

#Unwrap an AES key that is wrapped with an RSA key
api_instance = sdkms.v1.WrappingAndUnwrappingApi(api_client=client)
request = sdkms.v1.UnwrapKeyRequest(
      alg=ObjectType.RSA, // Unwrapping Key Type
      obj_type=ObjectType.AES,
      wrapped_key=<wrapped key in bytes>
      name="new AES KEY") 
wrapping_response = api_instance
        .unwrap_key(<UUID of the unwrapping key, request)

REST API using curl

$ curl <Endpoint URL>/crypto/v1/unwrapkey -H 'Authorization: Bearer YhXwwa-6C...ig5g' -d '{"key": {"kid": "Unwrapping-Key-UUID"}, "alg": "RSA", "obj_type": "AES", "wrapped_key": "YiBmal…ZyB1eXZpZyB2ZQoK", "name": "new AES Key"}'