Importing and Exporting Keys

When you import a key into the Cryptographic Security Platform Vault for Cryptographic APIs, the target key must be wrapped with RSA-AES. To do this, the key is first wrapped with a temporary AES key, and the temporary AES key is wrapped with an RSA key. The two wrapped keys are concatenated and imported. If the key that you are importing was created in a different Cryptographic Security Platform Vault for Cryptographic APIs, then you can wrap that key before you export it with a key created in the new vault.

When you export a key, you must wrap it before you export it, and then unwrap the key after it has been exported. The key must be encrypted in AES-256 format.