This operation unwraps (decrypts) a wrapped key and import into Fortanix DSM. This allows securely importing into Fortanix DSM security objects that were previously wrapped by Fortanix DSM or another key management system. A new security object will be created in Fortanix DSM with the unwrapped data.
-
The
AlgandModeparameters specify the encryption algorithm and cipher mode being used by the unwrapping key (See Encryption Section). -
The
ObjectTypeparameter specifies the object type of the Security-object being unwrapped. The size or elliptic curve of the object being unwrapped does not need to be specified.
Go
newKeyName := "new AES Key"
unwrapKeyReq := sdkms.UnwrapKeyRequest {
Name: &newKeyName,
Alg: sdkms.AlgorithmRsa // Unwrapping key type
ObjType: sdkms.AlgorithmAes,
WrappedKey: new byte[](<wrapped key in bytes>),
}
unwrapKeyResp, err := client.Unwrap(ctx, unwrapKeyReq)Java
// Unwrap an AES key that is wrapped with an RSA key
UnwrapKeyRequest unwrapRequest = new UnwrapKeyRequest()
.ObjType(ObjectType.AES)
.name("new AES key")
.wrappedKey(<wrapped key in bytes>)
.alg(ObjectType.RSA); // Unwrapping key type
KeyObject unwrappedKey = new WrappingAndUnwrappingApi(apiClient)
.unwrapKey(<UUID of the unwrapping key>, unwrapRequest);Python
#Unwrap an AES key that is wrapped with an RSA key
api_instance = sdkms.v1.WrappingAndUnwrappingApi(api_client=client)
request = sdkms.v1.UnwrapKeyRequest(
alg=ObjectType.RSA, // Unwrapping Key Type
obj_type=ObjectType.AES,
wrapped_key=<wrapped key in bytes>
name="new AES KEY")
wrapping_response = api_instance
.unwrap_key(<UUID of the unwrapping key, request)
REST API using curl
$ curl <Endpoint URL>/crypto/v1/unwrapkey -H 'Authorization: Bearer YhXwwa-6C...ig5g' -d '{"key": {"kid": "Unwrapping-Key-UUID"}, "alg": "RSA", "obj_type": "AES", "wrapped_key": "YiBmal…ZyB1eXZpZyB2ZQoK", "name": "new AES Key"}'