POST Key Rotation results in an orchestration
Where: CFM Repo
Requirements:
-
API should be available under /tenants/{tenantID}/participant-profiles/{participantID}/rotate-keys
-
API should take in its body an array of KeyRotationRequest objects that look like this:
{
"keyId": "...", // key ID to rotate
"algorithm": "EdDSA", //or "EcDSA", "RSA",...
"curve": "ed25519", //or "es256", etc.
"gracePeriod": "P1M" // ISO 8601 duration for how long the old key is still publicly available
}
-
algorithm, curve and gracePeriodSec are optional and default to EdDSA, ed25519 and
P3M (3 months), respectively
-
initially, the API will not offer a way to provide client-generated keys, to keep the complexity down.
POST Key Rotation results in an orchestration
Where: CFM Repo
Requirements:
API should be available under
/tenants/{tenantID}/participant-profiles/{participantID}/rotate-keysAPI should take in its body an array of
KeyRotationRequestobjects that look like this:{ "keyId": "...", // key ID to rotate "algorithm": "EdDSA", //or "EcDSA", "RSA",... "curve": "ed25519", //or "es256", etc. "gracePeriod": "P1M" // ISO 8601 duration for how long the old key is still publicly available }algorithm,curveandgracePeriodSecare optional and default toEdDSA,ed25519andP3M(3 months), respectivelyinitially, the API will not offer a way to provide client-generated keys, to keep the complexity down.