Add/Update Cryptographic Policy

See this article for more information on cryptographic policies https://support.fortanix.com/hc/en-us/articles/360042064051-User-s-Guide-Cryptographic-Policy

Following is an example of Cryptographic policy which:

  • Allows only AES 256 keys.
  • Allows only RSA 2048 and above keys.
  • No other keys allowed.
  • Only supports Encrypt, Decrypt, Sign and Verify operations
  • Restricts use of keys not compliant with the policy.

When there is no Quorum Policy on the Group

REST API using curl

$ curl <Endpoint URL>/sys/v1/groups/<Group-UUID> -H 'Authorization: Bearer YhXwwa-6C...ig5g' -X PATCH \
-d '{cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, rsa": { minimum_key_length": 2048}}}'

When there is a Quorum Policy on the Group

In this case, you need to use the "approval_request" API.

REST API using curl

$ curl <Endpoint URL>/sys/v1/approval_requests -H 'Authorization: Bearer YhXwwa-6C...ig5g' \
-d '{"method": "PATCH", "operation": "/sys/v1/groups/<Group-UUID>", "body":{cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, rsa": { minimum_key_length": 2048}}}}'

 

Was this article helpful?
0 out of 0 found this helpful