Skip to content

Rotation Purpose Violation

URI: https://docs.ankatech.co/errors/rotation-purpose-violation
HTTP Status: 422 Unprocessable Entity

When you see this

The rotation you requested would change the key's purpose. Rotation preserves the original key's purpose by design; it cannot turn an encryption key into a signing key (or vice versa).

Common Causes

  • Rotating an ENCRYPT_DECRYPT key into an algorithm that only supports signing.
  • Supplying a target purpose in the rotation request that differs from the source key's purpose.
  • Attempting to repurpose a key under the guise of rotation.

Response Example

{
  "type": "https://docs.ankatech.co/errors/rotation-purpose-violation",
  "title": "Rotation Purpose Violation",
  "status": 422,
  "detail": "Rotation cannot change the key purpose. The new key must keep the original purpose.",
  "instance": "/api/v3/keys/my-mlkem-key/rotate",
  "correlationId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": 1730000000
}

Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.

How to Resolve

  1. Choose a rotation target algorithm whose purpose matches the source key's purpose.
  2. Keep the requested purpose identical to the existing key's purpose.
  3. If you genuinely need a different purpose, create a new key instead of rotating.

For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.