CreateKey Method
Creates a new key.
Syntax
public fun createKey(keyName: String?, keyType: String?, keyOps: String?): String?
Remarks
This method creates a new key with the given KeyName and KeyType. If a key with the specified KeyName already exists, a new version of it is created. The version Id of the newly-created key is returned.
The value passed for KeyName must consist solely of alphanumeric characters and hyphens (-).
The KeyType parameter specifies the type of key that should be created. Each key type has two variants, a software-based one and an HSM-based one. Possible values are shown in the first two columns of the following table:
Software-based | HSM-based | Description |
EC_P256 | EC_HSM_P256 | The NIST P-256 curve (SECP256R1). |
EC_P256K | EC_HSM_P256K | The SECP256K1 curve. |
EC_P384 | EC_HSM_P384 | The NIST P-384 curve (SECP384R1). |
EC_P521 | EC_HSM_P521 | The NIST P-521 curve (SECP521R1). |
RSA_2048 | RSA_HSM_2048 | 2048-bit RSA key. |
RSA_3072 | RSA_HSM_3072 | 3072-bit RSA key. |
RSA_4096 | RSA_HSM_4096 | 4096-bit RSA key. |
The KeyOps parameter specifies which operations the key will be valid for use with. Possible values are as follows; at least one pair of operations must be specified:
- encrypt
- decrypt
- sign
- verify
- wrapKey
- unwrapKey
If there are any items in the Tags collection, they will be applied to the newly-created key. Keys may have up to 15 tags.
The following configuration settings can also be used to send additional values when creating the key, refer to their documentation for more information:
Note: If there is already a soft-deleted key with the specified KeyName in the currently-selected Vault, then a new key cannot be created with the same name. To resolve such a situation, the soft-deleted key would need to be recovered (using RecoverKey) or permanently deleted (using PurgeKey) first.