POST API/GetGPGPublicKey from Key Server

Retrieves a GNU Private Guard (GPG) public key and the hu location in the Web Key Directory (WKD) of the Code Signing Key Server. This server is an implementation of various key discovery mechanisms such as GPG WKD and GPG PKS.

This action is similar to PKCS11Config.exe -gpg sync. This endpoint automatically syncs the public key to the caller's machine. The GPG public key verifies authenticity. It is available for code signing electronic information such as email and smart card data. However, the corresponding private key, which is in the Secret Store, is not shared.

Requirements

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

KeyId

The GUID that uniquely identifies the GPG environment. The Key ID allows the WKS to retrieve the GPG public key for signing of electronic information. To get the value, use the Guid from the POST Codesign/GetEnvironment response.
KeyContext (Optional) signing: The purpose of the key.

Returns

Response description

Name

Description
HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Fingerprint: The Fingerprint (FPR) of the public key that is signed with the private key.

  • Location: The WDK location. You share this command with non-Venafi users so they can download the public key for code signing. For more information, see PKS/Lookup

  • Public Key: The GPG public key from the WKS.

  • Successtrue: The API completed successfully, otherwise, false.
HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example: Get a PGP key of a binary or digital content

Request (REST)

POST https://test.venafi.example/vedhsm/API/GetGPGPublicKey
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "KeyId":"{f0e96069-d7da-4a8b-b0ad-02a4a4b1c787}",
   "KeyContext":"signing"
}

Response

HTTP/1.1 200 OK
{
   "Fingerprint":"78DE143954895A0659D1D528C728B80726174396",
   "Location":"https://codesign-int-tpp/pks/lookup?op=get&options=mr&search=0x78DE14...",
   "PublicKey":"mQENBGGElp...=",
   "Success":true
}