Key Management

Key management functions like generation, listing, export/import, and deletion.

SSI-Kit CLI key management commands can be accessed with the key command. It provides the following functionality:

All commands have the help option available:

  • <your-command> -h

  • or <your-command> --help

E.g. key gen -h

Generate key

Use the gen command to create asymmetric key pair by the specified algorithm. Supported algorithms are:

  • RSA:

    • key gen -a RSA

    • or key gen --algorithm RSA

  • ECDSA Secp256k1:

    • key gen -a Secp256k1

    • or key gen --algorithm Secp256k1

  • EdDSA Ed25519 (default)

    • key gen

    • or key gen -a Ed25519

    • or key gen --algorithm Ed25519

The returned value represents the keyId of the newly created key.

E.g. key gen -a Secp256k1

List keys

Use the list command to list all keys in the key store:

  • key list

It will output the following fields:

  • key index - index within the list

  • keyId - key identification number

  • key algorithm - algorithm used to create the key

  • crypto service - the cryptographic service used to create the key

Import key

Use the import command to import a key in JWK or PEM format:

  • key import <your-key-file-path>

    • JWK - based on the JWK key ID and key material, an internal key object will be created and placed in the corresponding key store

    • PEM - if there's no key ID in the PEM file (which is usually the case), a random key ID will be generated and, based on the key material, an internal key object will be created and placed in the corresponding key store. PEM files must have the file extension 'pem':

      • RSA keys - file should contain either the private key or private and public keys concatenated with a 'new line' character

      • Ed25519, Secp256k1 - file should contain both private and public keys concatenated with a 'new line' character

E.g.

Ed25519 JWK public key

key import ./ed25519jwk.json

Secp256k1 PEM key

key import ./secp256k1.pem

Export key

Use the export command to export a specified key type with the specified id and format.

Available key type:

  • public (default):

    • key export <your-key-id>

    • or key export <your-key-id> --pub

  • private:

    • key export <your-key-id> --priv

Available export formats:

  • JWK (default):

    • key export <your-key-id>

    • or key export <your-key-id> -f JWK

    • or key export <your-key-id> --key-format JWK

  • PEM:

    • key export <your-key-id> -f PEM

    • key export <your-key-id> --key-format PEM

The output will display the exported key in the specified format.

E.g.

key export 17592087c6f04c358b9b813dbe2ef027 --pub -f PEM

key export 17592087c6f04c358b9b813dbe2ef027 --pub

key export 17592087c6f04c358b9b813dbe2ef027 --priv -f PEM

key export 17592087c6f04c358b9b813dbe2ef027 --priv

Delete key

Use the delete command to delete a key with the specified ID:

  • key delete <your-key-id>

E.g. key delete 17592087c6f04c358b9b813dbe2ef027

Last updated