See this article for more information on cryptographic policies https://support.fortanix.com/hc/en-us/articles/360042064051-User-s-Guide-Cryptographic-Policy
Following is an example of Cryptographic policy which:
- Allows only AES 256 keys.
- Allows only RSA 2048 and above keys.
- No other keys allowed.
- Only supports Encrypt, Decrypt, Sign and Verify operations
- Restricts use of keys not compliant with the policy.
When there is no Quorum Policy on the Group
REST API using curl
$ curl <Endpoint URL>/sys/v1/groups/<Group-UUID> -H 'Authorization: Bearer YhXwwa-6C...ig5g' -X PATCH \
-d '{"cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, "rsa": { "minimum_key_length": 2048}}}'
When there is a Quorum Policy on the Group
In this case, you need to use the "approval_request" API.
REST API using curl
$ curl <Endpoint URL>/sys/v1/approval_requests -H 'Authorization: Bearer YhXwwa-6C...ig5g' \
-d '{"method": "PATCH", "operation": "/sys/v1/groups/<Group-UUID>", "body":{"cryptographic_policy": {"legacy_policy": "prohibited", "key_ops": ["SIGN", "VERIFY", "ENCRYPT", "DECRYPT"], "aes": {"key_sizes": [256]}, "rsa": { "minimum_key_length": 2048}}}}'
Comments
Please sign in to leave a comment.