CreateKey Method

Creates a new key.

Syntax

ANSI (Cross Platform)
char* CreateKey(const char* lpszKeyName, const char* lpszKeyType, const char* lpszKeyOps);

Unicode (Windows)
LPWSTR CreateKey(LPCWSTR lpszKeyName, LPCWSTR lpszKeyType, LPCWSTR lpszKeyOps);
- (NSString*)createKey:(NSString*)keyName :(NSString*)keyType :(NSString*)keyOps;
#define MID_AZUREKEYS_CREATEKEY 6

CLOUDKEYS_EXTERNAL int CLOUDKEYS_CALL CloudKeys_AzureKeys_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);

Remarks

This method creates a new key with the given KeyName and KeyType. If a key with the specified KeyName already exists, a new version of it is created. The version Id of the newly-created key is returned.

The value passed for KeyName must consist solely of alphanumeric characters and hyphens (-).

The KeyType parameter specifies the type of key that should be created. Each key type has two variants, a software-based one and an HSM-based one. Possible values are shown in the first two columns of the following table:

Software-based HSM-based Description
EC_P256 EC_HSM_P256 The NIST P-256 curve (SECP256R1).
EC_P256K EC_HSM_P256K The SECP256K1 curve.
EC_P384 EC_HSM_P384 The NIST P-384 curve (SECP384R1).
EC_P521 EC_HSM_P521 The NIST P-521 curve (SECP521R1).
RSA_2048 RSA_HSM_2048 2048-bit RSA key.
RSA_3072 RSA_HSM_3072 3072-bit RSA key.
RSA_4096 RSA_HSM_4096 4096-bit RSA key.

The KeyOps parameter specifies which operations the key will be valid for use with. Possible values are as follows; at least one pair of operations must be specified:

  • encrypt
  • decrypt
  • sign
  • verify
  • wrapKey
  • unwrapKey
(Note that EC keys can only be used for signing and verification.)

If there are any items in the Tag* properties, they will be applied to the newly-created key. Keys may have up to 15 tags.

The following configuration settings can also be used to send additional values when creating the key, refer to their documentation for more information:

Note: If there is already a soft-deleted key with the specified KeyName in the currently-selected Vault, then a new key cannot be created with the same name. To resolve such a situation, the soft-deleted key would need to be recovered (using RecoverKey) or permanently deleted (using PurgeKey) first.

Error Handling (C++)

This method returns a String value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 C++ Edition - Version 20.0 [Build 8157]