Update the backup passphrase. If the backup passphrase is not set yet, use "" as currentPassphrase. WARNING: Like the unlock passphrase, this configuration can’t be reset by an admin user without knowing the current value, so if the backup passphrase is lost, neither can it be reset to a new value nor can the created backups be restored.
Get logging configuration. Protocol is always syslog over UDP. Configurable are IP adress and port, log level.
Configure log level and destination.
Get network configuration. IP address, netmask, router.
Configure network.
Get system time.
Configure system time.
Get certificate for NetHSMs https API.
Set certificate for NetHSMs https API e.g. to replace self-signed intital certificate.
Get NetHSM certificate signing request e.g. to replace self-signed intital certificate.
Generate a new pair of public and private key for NetHSM’s https API.
Get public key for NetHSMs https API.
Read unattended boot configuration: is it on or off?
Configure unattended boot: switch it on or off (flip the switch).
Update the unlock passphrase. WARNING: The unlock passphrase can’t be reset by an admin user without knowing the current value, so if the unlock passphrase is lost, neither can it be reset to a new value nor can the NetHSM be unlocked.
Retrieve wether NetHSM is alive (powered up). This corresponds to the state Locked or Unprovisioned.
Retrieve wether NetHSM is alive and ready to take traffic. This corresponds to the state Operational.
Retrieve the state of NetHSM.
Information about the vendor and product.
Generate a pair of public and private key and store it in NetHSM. KeyID is optional as a parameter and will be generated by NetHSM if not present.
Get a list of the identifiers of all keys that are currently stored in NetHSM. Separate requests need to be made to request the individual key data.
Delete the certificate.
Retrieve a stored certificate in the exact format it was stored.
Store a certificate. Maximum size 1MB. The Content-Type must be application/octet-stream.
Retrieve a certificate signing request in PEM format.
Decrypt an encrypted message with the secret key.
Delete a pair of public and private key.
Encrypt a message with the secret key.
Retrieve the public key.
Retrieve public key in PEM format.
Import a private key into NetHSM and store it under the KeyID path. The public key will be automatically derived. The parameters of the key can be passed as a PEM file or a JSON object.
Delete a tag from the authorized set
Add a tag to the authorized set
Sign a message with the secret key.
Import a private key into NetHSM and let NetHSM generate a KeyID. The public key will be automatically derived. The parameters of the key can be passed as a PEM file or a JSON object.
Brings an Operational NetHSM into Locked state.
Get metrics. Precondition: NetHSM is Operational and a R-Metrics can be authenticated.
Initial provisioning, only available in Unprovisioned state. WARNING: The unlock passphrase can’t be reset by an admin user without knowing the current value, so if the unlock passphrase is lost, neither can it be reset to a new value nor can the NetHSM be unlocked.
Retrieve cryptographically strong random bytes from NetHSM. Precondition: NetHSM is Operational and a R-Operator can be authenticated.
Back up the key store to a backup file.
Cancel update of NetHSM software.
Commit update of NetHSM software.
Reset NetHSM to factory settings.
Get detailed system information, including firmware, system, and hardware version.
Reboot NetHSM.
Restore the key store and user store from a backup file. If NetHSM is Unprovisioned, then the configuration is restored.
Shut down NetHSM.
Update NetHSM software.
Brings a Locked NetHSM into Operational state.
Get a list of all user ids that have accounts on NetHSM.
Create a new user on NetHSM. The user-ID is generated by NetHSM.
Delete a user from keyfender.
Get user info: name and role.
Update the passphrase.
Create a user on keyfender.
Get the list of tags set to an Operator user.
Delete a tag from the Operator user
Add a tag to the Operator user.