LeSuisse
Gpg plugin.
Hi, I have just started with this gpg plugin and wanted to have some clarifications. 1.What will be the output of create key endpoint? Will it generate a key pair ( public/private key). 2.if it's creating a key pair, can we export both public and private key pair outside of vault using the export endpoint. 3. What is the use of show session key endpoint? 4.Can I use this plugin to generate a gpg key and use that key to encrypt data outside of vault?
@fear1226
1.What will be the output of create key endpoint? Will it generate a key pair ( public/private key).
It will return HTTP 204 without a body, as stated here in the table in the rightmost column.
2.if it's creating a key pair, can we export both public and private key pair outside of vault using the export endpoint.
If the private key is marked exportable when calling /create then you can export it by calling /export. The public key can be derived from the private key or you can read it from the API using /read.
- What is the use of show session key endpoint?
The session key for a given cipher text is the symmetric key which was used to encrypt the plain text. This symmetric key is in turn encrypted with the public key of the receiver. If you have the recipient's private key and the encoded cipher text in PGP format, you can use this endpoint to retrieve the symmetric key from the metadata wrapping the actual encrypted message. This is equivalent to the --show-session-key parameter on gpg.
4.Can I use this plugin to generate a gpg key and use that key to encrypt data outside of vault?
Yes. Just read the public key or export the private key and import them using --import. I use the plugin to generate a unique key pair for every host in a cluster of machines then import the key pair from vault.
