POST API/GetGPGPublicKey from Key Server
Retrieves a GNU Private Guard (GPG) public key and the hu location in the Web Key Directory (WKD) of the Code Signing Key Server. This server is an implementation of various key discovery mechanisms such as GPG WKD and GPG PKS.
This action is similar to PKCS11Config.exe -gpg sync. This endpoint automatically syncs the public key to the caller's machine. The GPG public key verifies authenticity. It is available for code signing electronic information such as email and smart card data. However, the corresponding private key, which is in the Secret Store, is not shared.
Requirements
-
GPG 2.2.
- Setup: See Setting up your HSM Client application.
- Permissions: The caller must be a Key User.
- Token scope: codesignclient
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
KeyId |
The GUID that uniquely identifies the GPG environment. The Key ID allows the WKS to retrieve the GPG public key for signing of electronic information. To get the value, use the Guid from the POST Codesign/GetEnvironment response. |
KeyContext | (Optional) signing: The purpose of the key. |
Returns
Name |
Description |
---|---|
HTTP 200 |
For valid requests, this call returns a HTTP 200 message and the following data in the message body:
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
Example: Get a PGP key of a binary or digital content
Request (REST)
POST https://test.venafi.example/vedhsm/API/GetGPGPublicKey Authorization:Bearer 4MyGeneratedBearerTknz== { "KeyId":"{f0e96069-d7da-4a8b-b0ad-02a4a4b1c787}", "KeyContext":"signing" }
Response
HTTP/1.1 200 OK { "Fingerprint":"78DE143954895A0659D1D528C728B80726174396", "Location":"https://codesign-int-tpp/pks/lookup?op=get&options=mr&search=0x78DE14...", "PublicKey":"mQENBGGElp...=", "Success":true }