Assign a new key
Creates a new key pair with the enclave, shards the private key, and securely stores the encrypted key shards. organisation and package are optional; key_environment defaults to HOT if omitted.
Authorizations
Bearer token authentication. Can be either a JWT token or API key.
Headers
Bearer token for authentication. Can be either a JWT token or API key.
Body
Key assignment details
Unique identifier of the user
Type of cryptographic key to generate. rsa4096 for encrypting recovery material; secp256k1 or ed25519 for a blockchain backup signer.
rsa4096, secp256k1, ed25519 Key environment specification - HOT (online generation) or COLD (offline generation)
HOT, COLD Optional organisation metadata
Optional package metadata
Response
Key successfully assigned
Unique identifier for the key
Public key in hex format. For rsa4096 this is the encryption public key; for secp256k1 or ed25519 this is the compressed public key.
Signature of the key in base64 format, produced by the generating enclave. Verify against your CoinCover verification key before relying on the key.
External customer identifier (e.g. organisation customer ID)
External package identifier (e.g. workspace/package ID)
Optional metadata describing the associated organisation and package