Managed keys

Managed keys outsources the creation, storage, and management of cryptographic keys to a trusted third-party service provider. This approach is also known as key management as a service (KMaaS).

Managed keys are commonly used in situations where an organization requires a high level of security for their cryptographic keys, but does not have the expertise, resources, or infrastructure to manage the keys internally. In this case, the service provider is responsible for generating, storing, and managing the cryptographic keys on behalf of the organization. The keys are stored in a secure data center or cloud environment that is designed to meet strict security requirements and industry standards.

All the operations involved with this keys such as encrypt/decrypt or sign/verify are executed directly on the provider to ensure that the keys are not exposed at any moment.

Overall, managed key management can provide a secure and convenient way for organizations to manage their cryptographic keys, while offloading the burden of key management to a trusted third-party service provider.

Generating a managed key

Typescript
Python
Java
PHP
Golang

import {
  KeyClient,
  KeyProtectionLevel,
  KeyType,
  ManagedKeyParams,
} from '@bloock/sdk';

const keyClient = new KeyClient();
const keyProtection = KeyProtectionLevel.SOFTWARE;

// Generate a EcP256k key
let keyType = KeyType.EcP256k;
let _key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

// Generate a Rsa2048 key
keyType = KeyType.Rsa2048;
_key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

// Generate a Rsa3072 key
keyType = KeyType.Rsa3072;
_key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

// Generate a Rsa4096 key
keyType = KeyType.Rsa4096;
_key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

// Generate a Aes128 key
keyType = KeyType.Aes128;
_key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

// Generate a Aes256 key
keyType = KeyType.Aes256;
_key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

// Generate a Bjj key
keyType = KeyType.Bjj;
_key = await keyClient.newManagedKey(
  new ManagedKeyParams(keyProtection, keyType)
);

from bloock.entity.key.key_type import KeyType
from bloock.client.key import KeyClient
from bloock.entity.key.key_protection_level import KeyProtectionLevel
from bloock.entity.key.managed_key_params import ManagedKeyParams

if __name__ == "__main__":
    key_client = KeyClient()
    protection = KeyProtectionLevel.SOFTWARE

    # Generate a EcP256k key
    key_type = KeyType.EcP256k
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

    # Generate a Rsa2048 key
    key_type = KeyType.Rsa2048
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

    # Generate a Rsa3072 key
    key_type = KeyType.Rsa3072
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

    # Generate a Rsa4096 key
    key_type = KeyType.Rsa4096
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

    # Generate a Aes128 key
    key_type = KeyType.Aes128
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

    # Generate a Aes256 key
    key_type = KeyType.Aes256
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

    # Generate a Bjj key
    key_type = KeyType.Bjj
    managed_key = key_client.new_managed_key(ManagedKeyParams(protection, key_type))

import com.bloock.sdk.client.KeyClient;
import com.bloock.sdk.entity.key.KeyProtectionLevel;
import com.bloock.sdk.entity.key.KeyType;
import com.bloock.sdk.entity.key.ManagedKey;
import com.bloock.sdk.entity.key.ManagedKeyParams;

public class NewManagedKey {
        public static void main(String[] args) throws Exception {
                KeyClient keyClient = new KeyClient();
                KeyProtectionLevel keyProtectionLevel = KeyProtectionLevel.SOFTWARE;

                // Generate a EcP256k key
                KeyType keyType = KeyType.EcP256k;
                ManagedKey managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));

                // Generate a Rsa2048 key
                keyType = KeyType.Rsa2048;
                managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));

                // Generate a Rsa3072 key
                keyType = KeyType.Rsa3072;
                managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));

                // Generate a Rsa4096 key
                keyType = KeyType.Rsa4096;
                managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));

                // Generate a Aes128 key
                keyType = KeyType.Aes128;
                managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));

                // Generate a Aes256 key
                keyType = KeyType.Aes256;
                managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));

                // Generate a BJJ key
                keyType = KeyType.Bjj;
                managedKey = keyClient.newManagedKey(
                                new ManagedKeyParams(keyProtectionLevel, keyType));
        }
}

<?php

require "./vendor/autoload.php";

use Bloock\Client\KeyClient;
use Bloock\Entity\Key\KeyType;
use Bloock\Entity\Key\ManagedKeyParams;
use Bloock\Entity\Key\KeyProtectionLevel;

$keyClient = new KeyClient();
$keyProtection = KeyProtectionLevel::SOFTWARE;

// Generate a EcP256k key
$keyType = KeyType::EcP256k;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

// Generate a Rsa2048 key
$keyType = KeyType::Rsa2048;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

// Generate a Rsa3072 key
$keyType = KeyType::Rsa3072;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

// Generate a Rsa4096 key
$keyType = KeyType::Rsa4096;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

// Generate a Aes128 key
$keyType = KeyType::Aes128;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

// Generate a Aes256 key
$keyType = KeyType::Aes256;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

// Generate a Bjj key
$keyType = KeyType::Bjj;
$key = $keyClient->newManagedKey(new ManagedKeyParams($keyProtection, $keyType));

package main

import (
	"github.com/bloock/bloock-sdk-go/v2/client"
	"github.com/bloock/bloock-sdk-go/v2/entity/key"
)

func main() {
	keyClient := client.NewKeyClient()
	protection := key.KEY_PROTECTION_SOFTWARE

	// Generate a EcP256k key
	keyType := key.EcP256k
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})

	// Generate a Rsa2048 key
	keyType = key.Rsa2048
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})

	// Generate a Rsa3072 key
	keyType = key.Rsa3072
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})
	// Generate a Rsa4096 key
	keyType = key.Rsa4096
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})

	// Generate a Aes128 key
	keyType = key.Aes128
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})

	// Generate a Aes256 key
	keyType = key.Aes256
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})

	// Generate a BJJ key
	keyType = key.Bjj
	_, _ = keyClient.NewManagedKey(key.ManagedKeyParams{
		Protection: protection,
		KeyType:    keyType,
	})
}

Loading an existing managed key

All created managed keys can be viewed in your BLOOCK account (Dashboard). Each key is identified internally by an ID of type UUID. So when you want to load a key, you will need to know its id.

Typescript
Python
Java
PHP
Golang

import { KeyClient } from '@bloock/sdk';

const keyClient = new KeyClient();

// Load a managed key
const _key = await keyClient.loadManagedKey('key id');

from bloock.client.key import KeyClient

if __name__ == "__main__":
    key_client = KeyClient()

    # Load a managed key
    key = key_client.load_managed_key("key id")

import com.bloock.sdk.client.KeyClient;
import com.bloock.sdk.entity.key.ManagedKey;

public class LoadManagedKey {
    public static void main(String[] args) throws Exception {
        KeyClient keyClient = new KeyClient();

        // Load a managed key
        ManagedKey key = keyClient.loadManagedKey("key id");
    }
}

<?php

require "./vendor/autoload.php";

use Bloock\Client\KeyClient;

$keyClient = new KeyClient();

// Load a managed key
$key = $keyClient->loadManagedKey("key id");

package main

import "github.com/bloock/bloock-sdk-go/v2/client"

func main() {
	keyClient := client.NewKeyClient()

	// Load a managed key
	_, _ = keyClient.LoadManagedKey("key id")
}

Core SDK

Tools

Managed keys

Generating a managed key​

Loading an existing managed key​

Generating a managed key

Loading an existing managed key