You can check if key has added only usage to be -d "use : sig" using below GET method curl -H "Authorization: Bearer XXXXXX" -X GEThttpsGET https://HOSTNAME/uas/oauth2/metadata.jwks --insecure Tip |
---|
|
Expand |
---|
title | Successfully Fetched key details |
---|
|
{
"keys" : [
{
"use" : "sig" ,
"kid" : "sig-key1" ,
"kty" : "RSA" ,
"n" : "... redacted ..." ,
"e" : "AQAB"
}
]
}
|
|
|
You can remove the usage by following command : curl -H "Authorization: Bearer XXXXXX" -X PUT https://HOSTNAME/sso-api/credential/System/ServerKeyContainer/sig-key1 -d "use= " --insecure Tip |
---|
|
Expand |
---|
title | Successfully created or updated a key |
---|
| Accept: application/json Field | Type | Description |
---|
type | string | The type of the object. Currently this is always set to credential. | id | string | The unique id of the key. | attributes.name | string | The name of the key. | attributes.kty | string | The type of the key. For example RSA | attributes.kid | string | The key identifier as defined by RFC 7517 JSON Web Key specification | attributes.use | string | The usage of the key as defined by RFC 7517 JSON Web Key specification. Valid values are enc - for encryptionsig - for signing
| attributes.enabled | boolean | Denotes whether the key is enabled or not. | attributes.notBefore | datetime | The epoch timestamp after which the key is valid. | attributes.notOnOrAfter | datetime | The epoch timestamp after which the key is not valid. | attributes.description | string array | A human-readable description of the key. |
|
|
Now the same key will be used as encrypion key as well as sig key. |