RSA Key Management

RSA encryption key rotation

When enabled, per request, TokenEx provides a way for our clients to rotate the RSA keys they utilize for Browser Based Encryption, and other APIs that utilize an RSA encrypted request.
To utilize this service, visit the page titled Browser Based Encryption Key Management within the client portal navigation.

  • TokenEx clients will have one key associated with the group by default.
  • This public key can be used for encryption for all TokenEx Id’s under that group.
  • Users can Rotate RSA keys when they are ready using the “Rotate RSA Keys” button.
  • Users can view RSA public key using “View Key” button.
  • The “Copy RSA Key” will add the RSA Key into the user’s clipboard.

Multiple RSA encryption keys

  1. Users can have up to two active keys at a time.
  2. When users create a new key, the existing key will be set to expire in 7 days.
  3. Users/applications will be able to use both keys for encryption until the old key expires.
  4. When users have two active encryption keys, TokenEx will try to decrypt the data with both active keys for decrypting the data.

Rolling back new RSA encryption key

  1. Users can use the “Hold to Delete” button to delete any active keys.
  2. If the most recent active key is deleted, then TokenEx will reset the expiry date on the old key. That means the old key would no longer expire in 7 days.

RSA Key Portal API

TokenEx provides a way for our clients to retrieve the latest RSA Key generated from the Browser Based Encryption Key Management page utilizing the Portal Management API.



In the following example, supply the correct TokenExID within the URL in order to retrieve the latest RSA Key.

GET Request

GET   /api/api/Key/{TokenExID} HTTP/1.1
Content-Type: application/json
Authorization: {Your Authorization Value}