The keyExecute command executes cryptographic key–related administrative operations.
Table: keyExecute commands | Command | Description |
|---|
| KEYCMD_CREATE | Creates a new key (see KEYCMD_CREATE). |
| KEYCMD_DELETE | Deletes a key (see KEYCMD_DELETE). |
| KEYCMD_QUERY_STATUS | Queries the status of a key rotation operation currently in progress (see KEYCMD_ROTATE_STATUS). |
| KEYCMD_ROTATE_ABORT | Aborts a key rotation operation currently in progress (see KEYCMD_ROTATE_ABORT). |
| KEYCMD_ROTATE_KEY | Rotates a key (see KEYCMD_ROTATE_KEY). |
| KEYCMD_UPDATE | Updates a key (see KEYCMD_UPDATE). |
| KEYCMD_VIEW | Retrieves the settings of the specified key (see KEYCMD_VIEW). |
The following field attributes are available for the operations of this command:
Table: keyExecute field attributes | Attribute name | Data type | Description |
|---|
| KEYFLD_CACHE_ID | String | Key cache ID |
| KEYFLD_CREATE_TIME | Datetime | The date and time the data record was created.
|
| KEYFLD_CRYPTO_ALGO | String | The cryptographic algorithm to use. Possible values: - AES-256-CBC
- AES-256-CFB
- AES-128-CBC
- AES-128-CBC-2
- BF-CFB
- CAST5-CFG
- DES-EDE3-CFB
- DES-EDE-CFB
|
| KEYFLD_CRYPTO_TYPE | String | The type of cryptography used by the key. Possible values: |
| KEYFLD_DEFAULT_KEY | Boolean | Indicates whether this is the default key. |
| KEYFLD_DESCRIPTION | String | Key description. |
| KEYFLD_KCV | String | The key check value (KCV) used for hardware security module (HSM) keys. |
| KEYFLD_KEY_ID | String | The cryptographic key identifier. |
| KEYFLD_KEY_LABEL | String | The HSM key label. |
| KEYFLD_LEGACY_MODE | Boolean | |
| KEYFLD_MODIFY_TIME | DateTime | The date and time the data record was last modified.
|
| KEYFLD_NCIPHER_KEYHASH | String | |
| KEYFLD_NOTIFY | String | Notification method. Possible values: |
| KEYFLD_ROTATE_ELAPSED_TIME | Integer | Elapsed time of last rotation for this key. |
| KEYFLD_ROTATE_FAILED | Integer | The number of records where the key rotation failed. |
| KEYFLD_ROTATE_FOUND_TOTAL | Integer | The total number of records found for the key rotation. |
| KEYFLD_ROTATE_SUCCESS | Integer | The number of records where the key rotation completed successfully. |
| KEYFLD_SCHEDULE | Boolean | Indicates whether the key rotation is scheduled. |
| KEYFLD_SCHEDULE_DATE | String | Scheduled date. |
| KEYFLD_SCHEDULE_TIME | String | Scheduled time. |
| KEYFLD_SLOT_ID | Integer | The HSM slot ID. |
| KEYFLD_TOKEN_LABEL | String | The HSM token label. |
| KEYFLD_TOKEN_PIN | String | The HSM token PIN used to access the token. |
| KEYFLD_USAGE | String | Specifies the data that the key is used to encrypt. Possible values: - Storage Data
- Sensitive Data
|
| KEYFLD_VALUE | String | The software security module (SSM) key value (hexadecimal). |
KEYCMD_VIEW
Only the KEYFLD_KEY_ID attribute can be specified in the attribute set input parameter of this command.
The following attributes will be specified in the results output parameter of this command:
Table: KEYCMD_VIEW (Supported output attributes) | Attribute name | Returned |
|---|
| KEYFLD_CREATE_TIME | |
| KEYFLD_CRYPTO_ALGO | |
| KEYFLD_CRYPTO_TYPE | |
| KEYFLD_DEFAULT_KEY | |
| KEYFLD_DESCRIPTION | |
| KEYFLD_KCV | |
| KEYFLD_KEY_ID | |
| KEYFLD_KEY_LABEL | |
| KEYFLD_MODIFY_TIME | |
| KEYFLD_SLOT_ID | |
| KEYFLD_TOKEN_LABEL | |
| KEYFLD_USAGE | |
KEYCMD_CREATE
The following attributes can be specified in the attributeSet input parameter of this command:
Table: KEYCMD_CREATE (Supported input attributes) | Attribute name | Optionality |
|---|
| KEYFLD_CRYPTO_ALGO | |
| KEYFLD_CRYPTO_TYPE | |
| KEYFLD_DESCRIPTION | |
| KEYFLD_KCV | |
| KEYFLD_KEY_ID | |
| KEYFLD_KEY_LABEL | |
| KEYFLD_SLOT_ID | |
| KEYFLD_TOKEN_LABEL | |
| KEYFLD_TOKEN_PIN | |
| KEYFLD_USAGE | |
| KEYFLD_VALUE | |
The following attributes will be specified in the results output parameter of this command:
Table: KEYCMD_CREATE (Supported output attributes) | Attribute name | Returned |
|---|
| KEYFLD_CRYPTO_ALGO | |
| KEYFLD_CRYPTO_TYPE | |
| KEYFLD_DEFAULT_KEY | |
| KEYFLD_DESCRIPTION | |
| KEYFLD_KCV | |
| KEYFLD_KEY_ID | |
| KEYFLD_KEY_LABEL | |
| KEYFLD_SLOT_ID | |
| KEYFLD_TOKEN_LABEL | |
| KEYFLD_USAGE | |
KEYCMD_DELETE
Only the KEYFLD_KEY_ID attribute can be specified in the attribute set input parameter of this command.
This command returns no result attributes.
KEYCMD_UPDATE
The following attributes can be specified in the attributeSet input parameter of this command:
Table: KEYCMD_UPDATE (Supported input attributes) | Attribute name | Optionality |
|---|
| KEYFLD_DESCRIPTION |
|
| KEYFLD_KEY_ID | Mandatory |
The following attributes will be specified in the results output parameter of this command:
Table: KEYCMD_UPDATE (Supported output attributes) | Attribute name | Returned |
|---|
| KEYFLD_CRYPTO_ALGO | |
| KEYFLD_CRYPTO_TYPE | |
| KEYFLD_DESCRIPTION | |
| KEYFLD_KCV | |
| KEYFLD_KEY_ID | |
| KEYFLD_KEY_LABEL | |
| KEYFLD_LEGACY_MODE | |
| KEYFLD_SLOT_ID | |
| KEYFLD_TOKEN_LABEL | |
| KEYFLD_USAGE | |
| KEYFLD_VALUE | |
KEYCMD_ROTATE_KEY
The following attributes can be specified in the attributeSet input parameter of this command:
Table: KEYCMD_ROTATE_KEY (Supported input attributes) | Attribute name | Optionality |
|---|
| KEYFLD_KEY_ID | |
| KEYFLD_SCHEDULE | |
| KEYFLD_SCHEDULE_DATE | |
| KEYFLD_SCHEDULE_NOTIFY | |
| KEYFLD_SCHEDULE_TIME | |
| KEYFLD_TOKEN_LABEL | |
| KEYFLD_USAGE | |
The following attributes will be specified in the results output parameter of this command:
Table: KEYCMD_ROTATE_KEY (Supported output attributes) | Attribute name | Returned |
|---|
| KEYFLD_CHACHE_ID | |
| KEYFLD_ROTATE_FOUND_TOTAL | |
KEYCMD_ROTATE_ABORT
Only the KEYFLD_CACHE_ID attribute can be specified in the attribute set input parameter of this command.
This command returns no result attributes.
KEYCMD_ROTATE_STATUS
Only the KEYFLD_CACHE_ID attribute can be specified in the attribute set input parameter of this command.
The following attributes will be specified in the results output parameter of this command:
Table: KEYCMD_ROTATE_STATE (Supported output attributes) | Attribute name | Returned |
|---|
| KEYFLD_ELAPSED_TIME | |
| KEYFLD_ROTATE_FAILED | |
| KEYFLD_ROTATE_SUCCESS | |