Managed keys
Managed keys outsources the creation, storage, and management of cryptographic keys to a trusted third-party service provider. This approach is also known as key management as a service (KMaaS).
Managed keys are commonly used in situations where an organization requires a high level of security for their cryptographic keys, but does not have the expertise, resources, or infrastructure to manage the keys internally. In this case, the service provider is responsible for generating, storing, and managing the cryptographic keys on behalf of the organization. The keys are stored in a secure data center or cloud environment that is designed to meet strict security requirements and industry standards.
All the operations involved with this keys such as encrypt/decrypt or sign/verify are executed directly on the provider to ensure that the keys are not exposed at any moment.
Overall, managed key management can provide a secure and convenient way for organizations to manage their cryptographic keys, while offloading the burden of key management to a trusted third-party service provider.
Generating a managed key
- Typescript
- Python
- Java
- PHP
- Golang
import {
KeyClient,
KeyProtectionLevel,
KeyType,
ManagedKeyParams,
} from '@bloock/sdk';
const keyClient = new KeyClient();
const keyProtection = KeyProtectionLevel.SOFTWARE;
// Generate a EcP256k key
let keyType = KeyType.EcP256k;
let _key = await keyClient.newManagedKey(
new ManagedKeyParams(keyProtection, keyType)
);
// Generate a Rsa2048 key
keyType = KeyType.Rsa2048;
_key = await keyClient.newManagedKey(
new ManagedKeyParams(keyProtection, keyType)
);
// Generate a Rsa3072 key
keyType = KeyType.Rsa3072;
_key = await keyClient.newManagedKey(
new ManagedKeyParams(keyProtection, keyType)
);
// Generate a Rsa4096 key
keyType = KeyType.Rsa4096;
_key = await keyClient.newManagedKey(
new ManagedKeyParams(keyProtection, keyType)
);
// Generate a Aes128 key
keyType = KeyType.Aes128;
_key = await keyClient.newManagedKey(
new ManagedKeyParams(keyProtection, keyType)
);
// Generate a Aes256 key
keyType = KeyType.Aes256;
_key = await keyClient.newManagedKey(
new ManagedKeyParams(keyProtection, keyType)
);
from bloock.entity.key.key_type import KeyType
from bloock.client.key import KeyClient
from bloock.entity.key.key_protection_level import KeyProtectionLevel
from bloock.entity.key.managed_key_params import ManagedKeyParams
if __name__ == "__main__":
key_client = KeyClient()
protection = KeyProtectionLevel.SOFTWARE
# Generate a EcP256k key
key_type = KeyType.EcP256k
managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))
# Generate a Rsa2048 key
key_type = KeyType.Rsa2048
managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))
# Generate a Rsa3072 key
key_type = KeyType.Rsa3072
managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))
# Generate a Rsa4096 key
key_type = KeyType.Rsa4096
managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))
# Generate a Aes128 key
key_type = KeyType.Aes128
managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))
# Generate a Aes256 key
key_type = KeyType.Aes256
managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))
import com.bloock.sdk.client.KeyClient;
import com.bloock.sdk.entity.key.KeyProtectionLevel;
import com.bloock.sdk.entity.key.KeyType;
import com.bloock.sdk.entity.key.ManagedKey;
import com.bloock.sdk.entity.key.ManagedKeyParams;
public class NewManagedKey {
public static void main(String[] args) throws Exception {
KeyClient keyClient = new KeyClient();
KeyProtectionLevel keyProtectionLevel = KeyProtectionLevel.SOFTWARE;
// Generate a EcP256k key
KeyType keyType = KeyType.EcP256k;
ManagedKey managedKey = keyClient.newManagedKey(
new ManagedKeyParams(keyProtectionLevel, keyType));
// Generate a Rsa2048 key
keyType = KeyType.Rsa2048;
managedKey = keyClient.newManagedKey(
new ManagedKeyParams(keyProtectionLevel, keyType));
// Generate a Rsa3072 key
keyType = KeyType.Rsa3072;
managedKey = keyClient.newManagedKey(
new ManagedKeyParams(keyProtectionLevel, keyType));
// Generate a Rsa4096 key
keyType = KeyType.Rsa4096;
managedKey = keyClient.newManagedKey(
new ManagedKeyParams(keyProtectionLevel, keyType));
// Generate a Aes128 key
keyType = KeyType.Aes128;
managedKey = keyClient.newManagedKey(
new ManagedKeyParams(keyProtectionLevel, keyType));
// Generate a Aes256 key
keyType = KeyType.Aes256;
managedKey = keyClient.newManagedKey(
new ManagedKeyParams(keyProtectionLevel, keyType));
}
}
$keyClient = new KeyClient();
$keyProtection = KeyProtectionLevel::SOFTWARE;
// Generate a EcP256k key
$keyType = KeyType::EcP256k;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));
// Generate a Rsa2048 key
$keyType = KeyType::Rsa2048;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));
// Generate a Rsa3072 key
$keyType = KeyType::Rsa3072;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));
// Generate a Rsa4096 key
$keyType = KeyType::Rsa4096;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));
// Generate a Aes128 key
$keyType = KeyType::Aes128;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));
// Generate a Aes256 key
$keyType = KeyType::Aes256;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));
package main
import (
"github.com/bloock/bloock-sdk-go/v2/client"
"github.com/bloock/bloock-sdk-go/v2/entity/key"
)
func main() {
keyClient := client.NewKeyClient()
protection := key.KEY_PROTECTION_SOFTWARE
// Generate a EcP256k key
keyType := key.EcP256k
_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
Protection: protection,
KeyType: keyType,
})
// Generate a Rsa2048 key
keyType = key.Rsa2048
_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
Protection: protection,
KeyType: keyType,
})
// Generate a Rsa3072 key
keyType = key.Rsa3072
_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
Protection: protection,
KeyType: keyType,
})
// Generate a Rsa4096 key
keyType = key.Rsa4096
_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
Protection: protection,
KeyType: keyType,
})
// Generate a Aes128 key
keyType = key.Aes128
_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
Protection: protection,
KeyType: keyType,
})
// Generate a Aes256 key
keyType = key.Aes256
_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
Protection: protection,
KeyType: keyType,
})
}
Loading an existing managed key
- Typescript
- Python
- Java
- PHP
- Golang
import { KeyClient } from '@bloock/sdk';
const keyClient = new KeyClient();
// Load a managed key
const _key = await keyClient.loadManagedKey('key id');
from bloock.client.key import KeyClient
if __name__ == "__main__":
key_client = KeyClient()
# Load a managed key
key = key_client.load_managed_key("key id")
import com.bloock.sdk.client.KeyClient;
import com.bloock.sdk.entity.key.ManagedKey;
public class LoadManagedKey {
public static void main(String[] args) throws Exception {
KeyClient keyClient = new KeyClient();
// Load a managed key
ManagedKey key = keyClient.loadManagedKey("key id");
}
}
$keyClient = new KeyClient();
// Load a managed key
$key = $keyClient->loadManagedKey("key id");
package main
import "github.com/bloock/bloock-sdk-go/v2/client"
func main() {
keyClient := client.NewKeyClient()
// Load a managed key
_, _ = keyClient.LoadManagedKey("key id")
}