Managing keys in Stream

Regardless of the type of keystores you set up, you can manage the keys through Stream the same way

Adding a key into a keystore

1. Log in to the Stream Administration Interface.

2. Go to Keystores and keys and click add_key_keystore on the keystore you want to add the key into.

3. Set the name of the key as well as the key type (RSA, ECDSA or EDDSA) and the key size (for RSA)/key parameter (for ECDSA/EDDSA).

4. For the Cloud KMSs, you can set the key to be Hardware protected through the dedicated toggle. For the PKCS#11 HSM, you can set the key to be exportable through the dedicated toggle.

5. Once you set up the key parameters as you want them, click "Add".

The page should refresh and show you the list of keys for the keystore you pushed the key into, where you should see the key you just added.

Viewing the keys of a keystore

1. Log in to the Stream Administration Interface.

2. Go to Keystores and keys and click on the keystore you want to view.

3. You should see the list of keys on your keystore.

You can then see information about the keys in the keystore:

The name column where you can see the name of the key ;
The type column where you can see the type of algorithm that was used to generate the key. Both RSA and ECDSA are part of the suiteb type algorithms ;
The key type column where you can see the algorithm that was used to generate the key as well as the key size/parameter ;
The exportable column indicates if the key is exportable or not.

Deleting a key from a keystore

1. Log in to the Stream Administration Interface.

2. Go to Keystores and keys and click on the keystore you want to delete the key from.

3. Click the remove_key_keystore icon on the key that you want to delete and click "Confirm" on the prompt.

You cannot delete a key from a keystore if this key is currently used by a CA in Stream. You must first delete the CA that references it and then go over the deleting procedure.