Rotation Security Downgrade
URI: https://docs.ankatech.co/errors/rotate-security-downgrade
HTTP Status: 422 Unprocessable Entity
When you see this
The requested rotation target offers a lower security level than the current key. Rotation must not downgrade cryptographic strength.
Common Causes
- Rotating a higher-strength key (for example ML-KEM-1024) to a lower-strength algorithm.
- Selecting a classical algorithm as the rotation target for a post-quantum key.
- Choosing a target whose security level is below the source key's level.
Response Example
{
"type": "https://docs.ankatech.co/errors/rotate-security-downgrade",
"title": "Rotation Security Downgrade",
"status": 422,
"detail": "Rotation target 'RSA-2048' is a security downgrade from the current key. Choose an equal or stronger algorithm.",
"instance": "/api/v3/keys/my-mlkem-key/rotate",
"correlationId": "550e8400-e29b-41d4-a716-446655440000",
"timestamp": 1730000000
}
Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.
How to Resolve
- Select a rotation target whose security level is equal to or greater than the current key.
- Consult the algorithm-selection guidance in the Developer Hub Reference for equivalent or stronger options.
- Re-submit the rotation with the stronger target.
For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.