This document is intended as
a specification of the protocol used for the communication between clients and
servers to perform certain management operations on objects stored and
maintained by a key management system. These objects are referred to as Managed Objects in this specification.
They include symmetric and asymmetric cryptographic keys, digital certificates,
and templates used to simplify the creation of objects and control their use.
Managed Objects are managed with operations
that include the ability to generate cryptographic keys, register objects with
the key management system, obtain objects from the system, destroy objects from
the system, and search for objects maintained by the system. Managed Objects
also have associated attributes,
which are named values stored by the key management system and are obtained
from the system via operations. Certain attributes are added, modified, or
deleted by operations.
The protocol specified in this document includes several
certificate-related functions for which there are a number of existing
protocols – namely Validate (e.g., SCVP or XKMS), Certify (e.g. CMP, CMC, SCEP) and Re-certify (e.g. CMP, CMC, SCEP). The protocol does not attempt to define
a comprehensive certificate management protocol, such as would be needed for a
certification authority. However, it does include functions that are needed to
allow a key server to provide a proxy for certificate management functions.
In addition to the normative definitions for managed
objects, operations and attributes, this specification also includes normative
definitions for the following aspects of the protocol:
·
The expected behavior of the server and client as a
result of operations,
·
Message contents and formats,
·
Message encoding (including enumerations), and
·
Error handling.
This specification is complemented by three other
documents. The Usage Guide [KMIP-UG] provides
illustrative information on using the protocol. The KMIP Profiles Specification
[KMIP-Prof] provides a
selected set of conformance profiles and authentication suites. The Test Specification
[KMIP-UC] provides
samples of protocol messages corresponding to a set of defined test cases.
This specification defines the KMIP protocol version
major 1 and minor 0 (see 6.1).
1.1
Terminology
The key words "SHALL", "SHALL NOT",
"REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED",
"MAY", and
"OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The words ‘must’, ‘can’, and ‘will’ are forbidden.
For definitions not found in this document, see [SP800-57-1].
|
Archive
|
To place information not accessed frequently into
long-term storage.
|
|
Asymmetric key pair
(key pair)
|
A public key and its corresponding private key; a key pair
is used with a public key algorithm.
|
|
Authentication
|
A process that establishes the origin of information, or
determines an entity’s identity.
|
|
Authentication code
|
A cryptographic checksum based on a security function
(also known as a Message Authentication Code).
|
|
Authorization
|
Access privileges that are granted to an entity; conveying
an “official” sanction to perform a security function or activity.
|
|
Certification authority
|
The entity in a Public Key Infrastructure (PKI) that is responsible for issuing
certificates, and exacting compliance to a PKI
policy.
|
|
Ciphertext
|
Data in its encrypted form.
|
|
Compromise
|
The unauthorized disclosure, modification, substitution or
use of sensitive data (e.g., keying material and other security-related information).
|
|
Confidentiality
|
The property that sensitive information is not disclosed
to unauthorized entities.
|
|
Cryptographic algorithm
|
A well-defined computational procedure that takes variable
inputs, including a cryptographic key and produces an output.
|
|
Cryptographic key
(key)
|
A parameter used in conjunction with a cryptographic
algorithm that determines its operation in such a way that an entity with
knowledge of the key can reproduce or reverse the operation, while an entity
without knowledge of the key cannot. Examples include:
1. The transformation of plaintext data into ciphertext
data,
2. The transformation of ciphertext data into plaintext
data,
3. The computation of a digital signature from data,
4. The verification of a digital signature,
5. The computation of an authentication code from data,
6. The verification of an authentication code from data
and a received authentication code.
|
|
Decryption
|
The process of changing ciphertext into plaintext using a
cryptographic algorithm and key.
|
|
Digest (or hash)
|
The result of applying a hash function to information.
|
|
Digital signature
(signature)
|
The result of a cryptographic transformation of data that,
when properly implemented with supporting infrastructure and policy, provides
the services of:
1. origin authentication
2. data integrity, and
3. signer non-repudiation.
|
|
Encryption
|
The process of changing plaintext into ciphertext using a
cryptographic algorithm and key.
|
|
Hashing algorithm
|
An algorithm that maps a bit string of arbitrary length to
a fixed length bit string. Approved hashing algorithms satisfy the following
properties:
1. (One-way) It is computationally infeasible to find any
input that
maps to any pre-specified output, and
2. (Collision resistant) It is computationally infeasible
to find any two distinct inputs that map to the same output.
|
|
Integrity
|
The property that sensitive data has not been modified or
deleted in an unauthorized and undetected manner.
|
|
Key derivation
(derivation)
|
A function in the lifecycle of keying material; the
process by which one or more keys are derived from 1) either a shared secret
from a key agreement computation or a pre-shared cryptographic key, and 2)
other information.
|
|
Key management
|
The activities involving the handling of cryptographic
keys and other related security parameters (e.g., IVs and passwords) during
the entire life cycle of the keys, including their generation, storage,
establishment, entry and output, and destruction.
|
|
Key wrapping
(wrapping)
|
A method of encrypting and/or MACing/signing keys using cryptographic
keys.
|
|
Message authentication code (MAC)
|
A cryptographic checksum on data that uses a symmetric key
to detect both accidental and intentional modifications of data.
|
|
Private key
|
A cryptographic key, used with a public key cryptographic
algorithm, that is uniquely associated with an entity and is not made public.
The private key is associated with a public key. Depending on the algorithm,
the private key may be used to:
1. Compute the corresponding public key,
2. Compute a digital signature that may be verified by the
corresponding public key,
3. Decrypt data that was encrypted by the corresponding
public key, or
4. Compute a piece of common shared data, together with
other information.
|
|
Profile
|
A specification of objects, attributes, operations,
message elements and authentication methods to be used in specific contexts
of key management server and client interactions (see [KMIP-Prof]).
|
|
Public key
|
A cryptographic key used with a public key cryptographic
algorithm that is uniquely associated with an entity and that may be made
public. The public key is associated with a private key. The public key may
be known by anyone and, depending on the algorithm, may be used to:
1. Verify a digital signature that is signed by the
corresponding private key,
2. Encrypt data that can be decrypted by the corresponding
private key, or
3. Compute a piece of shared data.
|
|
Public key certificate
(certificate)
|
A set of data that uniquely identifies an entity, contains
the entity's public key and possibly other information, and is digitally
signed by a trusted party, thereby binding the public key to the entity.
|
|
Public key cryptographic algorithm
|
A cryptographic algorithm that uses two related keys, a
public key and a private key. The two keys have the property that determining
the private key from the public key is computationally infeasible.
|
|
Public Key Infrastructure
|
A framework that is established to issue, maintain and
revoke public key certificates.
|
|
Recover
|
To retrieve information that was archived to long-term
storage.
|
|
Split
knowledge
|
A process by which a cryptographic key is split into n multiple
key components, individually providing no knowledge of the original key, which
can be subsequently combined to recreate the original cryptographic key. If
knowledge of k (where k is less than or equal to n)
components is required to construct the original key, then knowledge of any k-1
key components provides no information about the original key other than, possibly,
its length.
|
|
Symmetric key
|
A single cryptographic key that is used with a secret (symmetric)
key algorithm.
|
|
Symmetric key algorithm
|
A cryptographic algorithm that uses the same secret
(symmetric) key for an operation and its complement (e.g., encryption and
decryption).
|
|
X.509 certificate
|
The ISO/ITU-T X.509 standard defined two types of
certificates – the X.509 public key certificate, and the X.509 attribute
certificate. Most commonly (including this document), an X.509 certificate
refers to the X.509 public key certificate.
|
|
X.509 public key certificate
|
The public key for a user (or
device) and a name for the user (or device), together with some other
information, rendered un-forgeable by the digital signature of the
certification authority that issued the certificate, encoded in the format
defined in the ISO/ITU-T X.509 standard.
|
Table 1: Terminology
[FIPS186-3] Digital Signature Standard (DSS), FIPS PUB 186-3, Jun 2009, http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
[FIPS197] Advanced Encryption Standard, FIPS
PUB 197, Nov 2001, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[FIPS198-1] The Keyed-Hash Message Authentication Code
(HMAC), FIPS PUB
198-1, Jul 2008, http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf
[IEEE1003-1] IEEE
Std 1003.1, Standard for information
technology - portable operating system interface (POSIX). Shell and utilities,
2004.
[ISO16609] ISO, Banking -- Requirements for message
authentication using symmetric techniques, ISO 16609, 1991
[ISO9797-1] ISO/IEC,
Information technology -- Security
techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a
block cipher, ISO/IEC 9797-1, 1999
[KMIP-Prof] OASIS Committee Draft 05,
Key Management
Interoperability Protocol Profiles Version 1.0, Mar
2010, http://docs.oasis-open.org/kmip/profiles/v1.0/cd05/kmip-profiles-1.0-cd-05.doc
[PKCS#1] RSA
Laboratories, PKCS #1 v2.1: RSA
Cryptography Standard, Jun 14, 2002, http://www.rsa.com/rsalabs/node.asp?id=2125
[PKCS#5] RSA Laboratories,
PKCS #5 v2.1: Password-Based Cryptography
Standard, Oct 5, 2006, http://www.rsa.com/rsalabs/node.asp?id=2127
[PKCS#7] RSA
Laboratories, PKCS#7 v1.5: Cryptographic
Message Syntax Standard, Nov 1, 1993, http://www.rsa.com/rsalabs/node.asp?id=2129
[PKCS#8] RSA
Laboratories, PKCS#8 v1.2: Private-Key
Information Syntax Standard, Nov 1, 1993, http://www.rsa.com/rsalabs/node.asp?id=2130
[PKCS#10] RSA
Laboratories, PKCS #10 v1.7: Certification
Request Syntax Standard, May 26, 2000, http://www.rsa.com/rsalabs/node.asp?id=2132
[RFC1319] B.
Kaliski, The MD2 Message-Digest Algorithm,
IETF RFC 1319, Apr 1992, http://www.ietf.org/rfc/rfc1319.txt
[RFC1320] R.
Rivest, The MD4 Message-Digest Algorithm,
IETF RFC 1320, Apr 1992, http://www.ietf.org/rfc/rfc1320.txt
[RFC1321] R.
Rivest, The MD5 Message-Digest Algorithm,
IETF RFC 1321, Apr 1992, http://www.ietf.org/rfc/rfc1321.txt
[RFC1421] J.
Linn, Privacy Enhancement for Internet
Electronic Mail: Part I:
Message Encryption and Authentication Procedures, IETF
RFC 1421, Feb 1993, http://www.ietf.org/rfc/rfc1421.txt
[RFC1424] B. Kaliski,
Privacy Enhancement for Internet
Electronic Mail: Part IV: Key Certification and Related Services, IETF RFC
1424, Feb 1993, http://www.ietf.org/rfc/rfc1424.txt
[RFC2104] H.
Krawczyk, M. Bellare, R. Canetti, HMAC:
Keyed-Hashing for Message Authentication, IETF RFC 2104, Feb 1997, http://www.ietf.org/rfc/rfc2104.txt
[RFC2119] S. Bradner, Key
words for use in RFCs to Indicate Requirement Levels, IETF RFC 2119, Mar
1997, http://www.ietf.org/rfc/rfc2119.txt
[RFC 2246] T.
Dierks and C. Allen, The TLS Protocol, Version 1.0, IETF
RFC 2246, Jan 1999, http://www.ietf.org/rfc/rfc2246.txt
[RFC2898] B.
Kaliski, PKCS #5: Password-Based
Cryptography Specification Version 2.0, IETF RFC 2898, Sep 2000, http://www.ietf.org/rfc/rfc2898.txt
[RFC 3394] J.
Schaad, R. Housley, Advanced Encryption
Standard (AES) Key Wrap Algorithm,
IETF RFC 3394, Sep 2002, http://www.ietf.org/rfc/rfc3394.txt
[RFC3447] J.
Jonsson, B. Kaliski, Public-Key
Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1,
IETF RFC 3447, Feb 2003, http://www.ietf.org/rfc/rfc3447.txt
[RFC3629] F.
Yergeau, UTF-8, a transformation format
of ISO 10646, IETF RFC 3629, Nov 2003, http://www.ietf.org/rfc/rfc3629.txt
[RFC3647] S.
Chokhani, W. Ford, R. Sabett, C. Merrill, and S. Wu,
Internet X.509 Public Key Infrastructure
Certificate Policy and Certification Practices Framework, IETF RFC 3647,
Nov 2003, http://www.ietf.org/rfc/rfc3647.txt
[RFC4210] C.
Adams, S. Farrell, T. Kause and T. Mononen, Internet
X.509 Public Key Infrastructure Certificate Management Protocol (CMP), IETF
RFC 2510, Sep 2005, http://www.ietf.org/rfc/rfc4210.txt
[RFC4211] J.
Schaad, Internet X.509 Public Key
Infrastructure Certificate Request Message Format (CRMF), IETF RFC 4211,
Sep 2005, http://www.ietf.org/rfc/rfc4211.txt
[RFC4868] S.
Kelly, S. Frankel, Using HMAC-SHA-256,
HMAC-SHA-384, and HMAC-SHA-512 with IPsec, IETF RFC 4868, May 2007, http://www.ietf.org/rfc/rfc4868.txt
[RFC4949] R.
Shirey, Internet Security Glossary, Version 2, IETF RFC 4949,
Aug 2007, http://www.ietf.org/rfc/rfc4949.txt
[RFC5272] J.
Schaad and M. Meyers, Certificate
Management over CMS (CMC), IETF RFC 5272, Jun 2008, http://www.ietf.org/rfc/rfc5272.txt
[RFC5280] D.
Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, Internet X.509 Public Key Infrastructure
Certificate, IETF RFC 5280, May 2008, http://www.ietf.org/rfc/rfc5280.txt
[RFC5649] R.
Housley, Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm, IETF RFC
5649, Aug 2009, http://www.ietf.org/rfc/rfc5649.txt
[SHAMIR1979] A. Shamir, How to share a secret, Communications of
the ACM, vol. 22, no. 11, pp. 612-613, Nov 1979
[SP800-38A] M.
Dworkin, Recommendation for Block Cipher
Modes of Operation – Methods and Techniques, NIST Special Publication
800-38A, Dec 2001, http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
[SP800-38B] M.
Dworkin, Recommendation for Block Cipher
Modes of Operation: The CMAC Mode for Authentication, NIST Special
Publication 800-38B, May 2005, http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
[SP800-38C] M.
Dworkin, Recommendation for Block Cipher
Modes of Operation: the CCM Mode for Authentication and Confidentiality, NIST
Special Publication 800-38C, May 2004, http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
[SP800-38D] M.
Dworkin, Recommendation for Block Cipher
Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special
Publication 800-38D, Nov 2007, http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
[SP800-38E] M.
Dworkin, Recommendation for Block Cipher
Modes of Operation: The XTS-AES
Mode for Confidentiality on Block-Oriented Storage Devices, NIST Special
Publication 800-38E, Jan 2010, http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf
[SP800-56A] E.
Barker, D. Johnson, and M. Smid, Recommendation
for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
(Revised), NIST Special Publication 800-56A, Mar 2007, http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
[SP800-56B] E.
Barker, L. Chen, A. Regenscheid, and M. Smid, Recommendation for Pair-Wise Key Establishment Schemes Using Integer
Factorization Cryptography, NIST Special Publication 800-56B, Aug 2009, http://csrc.nist.gov/publications/nistpubs/800-56B/sp800-56B.pdf
[SP800-57-1] E.
Barker, W. Barker, W. Burr, W. Polk, and M. Smid, Recommendations for Key Management - Part 1: General (Revised),
NIST Special Publication 800-57 part 1, Mar 2007, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
[SP800-67] W. Barker, Recommendation
for the Triple Data Encryption Algorithm (TDEA) Block Cipher, NIST Special
Publication 800-67, Version 1.1, Revised 19 May 2008, http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
[SP800-108] L. Chen, Recommendation for Key Derivation Using Pseudorandom Functions (Revised),
NIST Special Publication 800-108, Oct 2009,
http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
[X.509] International
Telecommunication Union (ITU)–T, X.509: Information technology – Open systems
interconnection – The Directory: Public-key
and attribute certificate frameworks, Aug 2005, http://www.itu.int/rec/T-REC-X.509-200508-I/en
[X9.24-1] ANSI, X9.24 - Retail Financial Services Symmetric Key Management - Part 1:
Using Symmetric Techniques, 2004.
[X9.31] ANSI, X9.31:Digital Signatures Using Reversible Public Key Cryptography for
the Financial Services Industry (rDSA), Sep 1998.
[X9.42] ANSI,
X9-42: Public Key Cryptography for the
Financial Services Industry: Agreement of Symmetric Keys Using Discrete
Logarithm Cryptography, 2003.
[X9-57] ANSI, X9-57: Public Key
Cryptography for the Financial Services Industry: Certificate Management,
1997.
[X9.62] ANSI, X9-62: Public Key Cryptography for the Financial Services Industry, The
Elliptic Curve Digital Signature Algorithm (ECDSA), 2005.
[X9-63] ANSI, X9-63: Public Key Cryptography for the Financial Services Industry, Key
Agreement and Key Transport Using Elliptic Curve Cryptography, 2001.
[X9-102] ANSI, X9-102: Symmetric Key Cryptography for the Financial Services Industry
- Wrapping of Keys and Associated Data, 2008.
[X9 TR-31] ANSI, X9 TR-31: Interoperable Secure Key Exchange Key Block Specification for
Symmetric Algorithms, 2005.
1.3
Non-normative
References
[KMIP-UG] OASIS
Committee Draft 09, Key
Management Interoperability Protocol Usage Guide Version 1.0, Mar
2010, http://docs.oasis-open.org/kmip/ug/v1.0/cd09/kmip-ug-1.0-cd-09.doc
[KMIP-UC] OASIS Committee
Draft 09, Key Management
Interoperability Protocol Use Cases Version 1.0, Mar
2010, http://docs.oasis-open.org/kmip/usecases/v1.0/cd09/kmip-usecases-1.0-cd-09.doc
[ISO/IEC 9945-2] The Open Group, Regular Expressions, The Single UNIX
Specification version 2, 1997, ISO/IEC 9945-2:1993, http://www.opengroup.org/onlinepubs/007908799/xbd/re.html
The following subsections describe the objects that are passed
between the clients and servers of the key management system. Some of these
object types, called Base Objects, are used only in the protocol itself,
and are not considered Managed Objects. Key management systems MAY choose to support a subset of the Managed
Objects. The object descriptions refer to the primitive data types of which
they are composed. These primitive data types are
·
Integer
·
Long Integer
·
Big Integer
·
Enumeration – choices from a predefined list of values
·
Boolean
·
Text String –
string of characters representing human-readable text
·
Byte String – sequence of unencoded byte values
·
Date-Time – date and time, with a granularity of one
second
·
Interval – a length of time expressed in seconds
Structures are composed of
ordered lists of primitive data types or sub-structures.
2.1
Base
Objects
These
objects are used within the messages of the protocol, but are not objects
managed by the key management system. They are components of Managed Objects.
2.1.1 Attribute
An Attribute object is a
structure (see Table
2) used for sending and receiving Managed Object
attributes. The Attribute Name is a text-string that is used to identify
the attribute. The Attribute Index is an index number assigned by the
key management server when a specified named attribute is allowed to have
multiple instances. The Attribute Index is used to identify the particular
instance. Attribute Indices SHALL start with 0. The Attribute Index of an
attribute SHALL NOT change when other instances are added or deleted. For
example, if a particular attribute has 4 instances with Attribute Indices 0, 1,
2 and 3, and the instance with Attribute Index 2 is deleted, then the Attribute
Index of instance 3 is not changed. Attributes that have a single instance have
an Attribute Index of 0, which is assumed if the Attribute Index is not
specified. The Attribute Value is either a primitive data type or
structured object, depending on the attribute.
|
Object
|
Encoding
|
REQUIRED
|
|
Attribute
|
Structure
|
|
|
Attribute Name
|
Text String
|
Yes
|
|
Attribute Index
|
Integer
|
No
|
|
Attribute Value
|
Varies, depending on attribute. See Section 3
|
Yes, except for the Notify operation (see Section 5.1)
|
Table
2:
Attribute Object Structure
A Credential is a structure (see Table 3) used for client identification purposes and is not managed by the key management
system (e.g., user id/password pairs, Kerberos tokens, etc). It MAY be used for authentication purposes as
indicated in [KMIP-Prof].
|
Object
|
Encoding
|
REQUIRED
|
|
Credential
|
Structure
|
|
|
Credential Type
|
Enumeration, see 9.1.3.2.1
|
Yes
|
|
Credential Value
|
Varies. Structure for Username and Password
Credential Type.
|
Yes
|
Table
3:
Credential Object Structure
If the Credential Type in the Credential is Username and Password, then Credential
Value is a structure as shown in Table 4.
The Username field identifies the client, and the Password field is a secret
that authenticates the client.
|
Object
|
Encoding
|
REQUIRED
|
|
Credential Value
|
Structure
|
|
|
Username
|
Text String
|
Yes
|
|
Password
|
Text String
|
No
|
Table 4: Credential Value Structure for the
Username and Password Credential
A Key Block object is
a structure (see Table 5) used to encapsulate all of the information that is closely associated
with a cryptographic key. It contains a Key Value of one of the following Key
Format Types:
·
Raw – This is a key that contains only cryptographic key
material, encoded as a string of bytes.
·
Opaque – This is an encoded key for which the encoding is
unknown to the key management system. It is encoded as a string of bytes.
·
PKCS1 – This is an encoded private key, expressed as a DER-encoded ASN.1
PKCS#1 object.
·
PKCS8 – This is an encoded private key, expressed as a DER-encoded ASN.1
PKCS#8 object, supporting both the RSAPrivateKey syntax and
EncryptedPrivateKey.
·
X.509 – This is an encoded object, expressed as a DER-encoded ASN.1
X.509 object.
·
ECPrivateKey – This is an ASN.1 encoded elliptic curve private key.
·
Several Transparent
Key types – These are algorithm-specific structures containing defined
values for the various key types, as defined in Section 2.1.7
·
Extensions – These are vendor-specific extensions to allow for
proprietary or legacy key formats.
The Key Block MAY
contain the Key Compression Type, which indicates the format of the elliptic
curve public key. By default, the public key is uncompressed.
The Key Block also has the Cryptographic
Algorithm and the Cryptographic Length of the key contained in the Key Value
field. Some example values are:
·
RSA keys are
typically 1024, 2048 or 3072 bits in length
·
3DES keys are typically 168 bits in length
·
AES keys are typically 128 or 256 bits in length
The Key Block SHALL contain
a Key Wrapping Data structure if the key in the Key Value field is wrapped
(i.e., encrypted, or MACed/signed, or both).
|
Object
|
Encoding
|
REQUIRED
|
|
Key Block
|
Structure
|
|
|
Key Format Type
|
Enumeration, see 9.1.3.2.3
|
Yes
|
|
Key Compression Type
|
Enumeration, see 9.1.3.2.2
|
No
|
|
Key Value
|
Byte String: for wrapped Key Value; Structure: for
plaintext Key Value, see 2.1.4
|
Yes
|
|
Cryptographic Algorithm
|
Enumeration, see 9.1.3.2.12
|
Yes, MAY be omitted only
if this information is available from the Key Value. Does not apply to Secret
Data or Opaque Objects. If present, the Cryptographic Length SHALL also be
present.
|
|
Cryptographic Length
|
Integer
|
Yes, MAY be omitted only
if this information is available from the Key Value. Does not apply to Secret
Data or Opaque Objects. If present, the Cryptographic Algorithm SHALL also be
present.
|
|
Key Wrapping Data
|
Structure, see 2.1.5
|
No, SHALL only be present if the key is wrapped.
|
Table
5:
Key Block Object Structure
The
Key Value is used only inside a Key Block and is either a Byte String or
a structure (see Table 6):
·
The Key Value structure contains the key material, either as a
byte string or as a Transparent Key structure (see Section 2.1.7), and OPTIONAL attribute
information that is associated and encapsulated with the key material. This
attribute information differs from the attributes associated with Managed
Objects, and which is obtained via the Get Attributes operation, only by the
fact that it is encapsulated with (and possibly wrapped with) the key material
itself.
·
The Key Value Byte
String is the wrapped TTLV-encoded (see Section 9.1) Key Value structure.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Value
|
Structure
|
|
|
Key Material
|
Byte String: for Raw, Opaque, PKCS1, PKCS8, ECPrivateKey,
or Extension Key Format types;
Structure:
for Transparent, or Extension Key Format Types
|
Yes
|
|
Attribute
|
Attribute Object, see Section 2.1.1
|
No. MAY
be repeated
|
Table
6:
Key Value Object Structure
The Key Block MAY
also supply OPTIONAL information about a cryptographic key wrapping mechanism
used to wrap the Key Value.
This consists of a Key Wrapping Data
structure (see Table 7). It is only used inside a Key
Block.
This structure contains
fields for:
·
A Wrapping Method, which indicates the method used to
wrap the Key Value.
·
Encryption Key Information, which contains the Unique Identifier (see 3.1) value of the encryption key
and associated cryptographic parameters.
·
MAC/Signature Key Information, which contains the Unique
Identifier value of the MAC/signature
key and associated cryptographic parameters.
·
A MAC/Signature,
which contains a MAC or
signature of the Key Value.
·
An IV/Counter/Nonce,
if REQUIRED by the wrapping method.
If
wrapping is used, then the whole Key Value structure is wrapped unless
otherwise specified by the Wrapping Method. The algorithms used for wrapping
are given by the Cryptographic Algorithm attributes of the encryption key and/or
MAC/signature key; the block-cipher
mode, padding method, and hashing algorithm used for wrapping are given by the
Cryptographic Parameters in the Encryption Key Information and/or MAC/Signature Key Information, or, if not present,
from the Cryptographic Parameters attribute of the respective key(s). At least
one of the Encryption Key Information and the MAC/Signature
Key Information SHALL be specified.
The following wrapping
methods are currently defined:
·
Encrypt only (i.e., encryption using a symmetric key or public
key, or authenticated encryption algorithms that use a single key)
·
MAC/sign only
(i.e., either MACing the Key Value with a symmetric key, or signing the Key
Value with a private key)
·
Encrypt then MAC/sign
·
MAC/sign then encrypt
·
TR-31
·
Extensions
|
Object
|
Encoding
|
REQUIRED
|
|
Key Wrapping Data
|
Structure
|
|
|
Wrapping Method
|
Enumeration, see 9.1.3.2.4
|
Yes
|
|
Encryption Key
Information
|
Structure, see below
|
No. Corresponds to the key that was used to encrypt the Key Value.
|
|
MAC/Signature
Key Information
|
Structure, see below
|
No. Corresponds
to the symmetric key used to MAC
the Key Value or the private key used to sign the Key Value
|
|
MAC/Signature
|
Byte String
|
No
|
|
IV/Counter/Nonce
|
Byte String
|
No
|
Table 7:
Key Wrapping Data Object Structure
The
structures of the Encryption Key Information (see Table 8) and the MAC/Signature Key
Information (see Table 9) are as follows:
|
Object
|
Encoding
|
REQUIRED
|
|
Encryption Key
Information
|
Structure
|
|
|
Unique Identifier
|
Text
string, see 3.1
|
Yes
|
|
Cryptographic Parameters
|
Structure,
see 3.6
|
No
|
Table 8:
Encryption Key Information Object Structure
|
Object
|
Encoding
|
REQUIRED
|
|
MAC/Signature
Key Information
|
Structure
|
|
|
Unique Identifier
|
Text
string, see 3.1
|
Yes. It SHALL be either the Unique Identifier of the Symmetric Key used to MAC, or of the Private Key (or its corresponding
Public Key) used to sign.
|
|
Cryptographic Parameters
|
Structure,
see 3.6
|
No
|
Table 9: MAC/Signature
Key Information Object Structure
This is a separate structure (see Table 10) that is defined for operations
that provide the option to return wrapped keys. The Key
Wrapping Specification SHALL be included inside the operation
request if clients request the server to return a wrapped key. If Cryptographic Parameters are
specified in the Encryption Key Information and/or
the MAC/Signature
Key Information of the Key Wrapping Specification, then the server SHALL verify
that they match one of the instances of the Cryptographic Parameters attribute
of the corresponding key. If Cryptographic Parameters are omitted, then the
server SHALL use the Cryptographic Parameters attribute with the lowest Attribute
Index of the corresponding key. If the corresponding key does not have any
Cryptographic Parameters attribute, or if no match is found, then an error is
returned.
This structure contains:
·
A Wrapping Method that indicates the method used to wrap the
Key Value.
·
Encryption Key Information with the Unique Identifier value of
the encryption key and associated cryptographic parameters.
·
MAC/Signature Key Information
with the Unique Identifier value of the MAC/signature
key and associated cryptographic parameters.
·
Zero or more Attribute Names to indicate the attributes to be
wrapped with the key material.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Wrapping Specification
|
Structure
|
|
|
Wrapping Method
|
Enumeration, see 9.1.3.2.4
|
Yes
|
|
Encryption Key
Information
|
Structure, see 2.1.5
|
No, SHALL be present if MAC/Signature
Key Information is omitted
|
|
MAC/Signature
Key Information
|
Structure, see 2.1.5
|
No, SHALL be present if Encryption Key Information is
omitted
|
|
Attribute Name
|
Text String
|
No, MAY
be repeated
|
Table 10:
Key Wrapping Specification Object Structure
2.1.7 Transparent
Key Structures
Transparent Key structures describe the necessary parameters to obtain
the key material. They are used in the Key Value structure. The mapping to the
parameters specified in other standards is shown in Table 11.
|
Object
|
Description
|
Mapping
|
|
P
|
For DSA and DH, the (large) prime field order.
For RSA, a prime factor of the modulus.
|
p in [FIPS186-3],
[X9.42],
[SP800-56A]
p in [PKCS#1],
[SP800-56B]
|
|
Q
|
For DSA and DH, the (small) prime multiplicative subgroup
order.
For RSA, a prime factor of the modulus.
|
q in [FIPS186-3],
[X9.42],
[SP800-56A]
q in [PKCS#1],
[SP800-56B]
|
|
G
|
The generator of the subgroup of order Q.
|
g in [FIPS186-3],
[X9.42],
[SP800-56A]
|
|
X
|
DSA or DH private key.
|
x in [FIPS186-3]
x, xu, xv in [X9.42],
[SP800-56A]
for static private keys
r, ru, rv in [X9.42],
[SP800-56A]
for ephemeral private keys
|
|
Y
|
DSA or DH public key.
|
y in [FIPS186-3]
y, yu, yv in [X9.42],
[SP800-56A]
for static public keys
t, tu, tv in [X9.42],
[SP800-56A]
for ephemeral public keys
|
|
J
|
DH cofactor integer, where P = JQ + 1.
|
j in [X9.42]
|
|
Modulus
|
RSA modulus PQ, where P and Q are distinct primes.
|
n in [PKCS#1],
[SP800-56B]
|
|
Private Exponent
|
RSA private exponent.
|
d in [PKCS#1],
[SP800-56B]
|
|
Public Exponent
|
RSA public exponent.
|
e in [PKCS#1],
[SP800-56B]
|
|
Prime Exponent P
|
RSA private exponent for the prime factor P in the CRT format, i.e., Private Exponent (mod (P-1)).
|
dP in [PKCS#1],
[SP800-56B]
|
|
Prime Exponent Q
|
RSA private exponent for the prime factor Q in the CRT format, i.e., Private Exponent (mod (Q-1)).
|
dQ in [PKCS#1],
[SP800-56B]
|
|
CRT Coefficient
|
The (first) CRT
coefficient, i.e., Q-1 mod P.
|
qInv in [PKCS#1],
[SP800-56B]
|
|
Recommended Curve
|
NIST Recommended Curves (e.g., P-192).
|
See Appendix D of [FIPS186-3]
|
|
D
|
Elliptic curve private key.
|
d; de,U,de,V (ephemeral private
keys); ds,U,ds,V (static private keys) in [X9-63],
[SP800-56A]
|
|
Q String
|
Elliptic curve public key.
|
Q; Qe,U,Qe,V
(ephemeral public keys); Qs,U,Qs,V
(static public keys) in [X9-63],
[SP800-56A]
|
Table 11: Parameter mapping.
2.1.7.1
Transparent Symmetric Key
If
the Key Format Type in the Key Block is Transparent Symmetric Key, then
Key Material is a structure as shown in Table 12.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Key
|
Byte String
|
Yes
|
Table
12:
Key Material Object Structure for Transparent Symmetric Keys
2.1.7.2
Transparent DSA Private Key
If
the Key Format Type in the Key Block is Transparent
DSA Private Key, then Key Material is a structure as shown in Table 13.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
P
|
Big Integer
|
Yes
|
|
Q
|
Big Integer
|
Yes
|
|
G
|
Big Integer
|
Yes
|
|
X
|
Big Integer
|
Yes
|
Table
13:
Key Material Object Structure for Transparent DSA Private Keys
2.1.7.3
Transparent DSA Public Key
If
the Key Format Type in the Key Block is Transparent
DSA Public Key, then Key Material is a structure as shown in Table 14.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
P
|
Big Integer
|
Yes
|
|
Q
|
Big Integer
|
Yes
|
|
G
|
Big Integer
|
Yes
|
|
Y
|
Big Integer
|
Yes
|
Table
14:
Key Material Object Structure for Transparent DSA Public Keys
2.1.7.4
Transparent RSA Private Key
If
the Key Format Type in the Key Block is Transparent
RSA Private Key, then Key Material is a structure as shown in Table 15.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Modulus
|
Big Integer
|
Yes
|
|
Private Exponent
|
Big Integer
|
No
|
|
Public Exponent
|
Big Integer
|
No
|
|
P
|
Big Integer
|
No
|
|
Q
|
Big Integer
|
No
|
|
Prime Exponent P
|
Big Integer
|
No
|
|
Prime Exponent Q
|
Big Integer
|
No
|
|
CRT Coefficient
|
Big Integer
|
No
|
Table 15:
Key Material Object Structure
for Transparent RSA Private Keys
One
of the following SHALL be present (refer to [PKCS#1]):
·
Private Exponent
·
P and Q (the first two prime factors of Modulus)
·
Prime Exponent P and Prime Exponent Q.
2.1.7.5
Transparent RSA Public Key
If
the Key Format Type in the Key Block is Transparent
RSA Public Key, then Key Material is a structure as shown in Table 16.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Modulus
|
Big Integer
|
Yes
|
|
Public Exponent
|
Big Integer
|
Yes
|
Table
16:
Key Material Object Structure for Transparent RSA Public Keys
2.1.7.6
Transparent DH Private Key
If
the Key Format Type in the Key Block is Transparent
DH Private Key, then Key Material is a structure as shown in Table 17.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
P
|
Big Integer
|
Yes
|
|
Q
|
Big Integer
|
No
|
|
G
|
Big Integer
|
Yes
|
|
J
|
Big Integer
|
No
|
|
X
|
Big Integer
|
Yes
|
Table 17:
Key Material Object Structure
for Transparent DH Private Keys
2.1.7.7
Transparent DH Public Key
If
the Key Format Type in the Key Block is Transparent
DH Public Key, then Key Material is a structure as shown in Table 18.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
P
|
Big Integer
|
Yes
|
|
Q
|
Big Integer
|
No
|
|
G
|
Big Integer
|
Yes
|
|
J
|
Big Integer
|
No
|
|
Y
|
Big Integer
|
Yes
|
Table 18:
Key Material Object Structure
for Transparent DH Public Keys
2.1.7.8
Transparent ECDSA Private Key
If
the Key Format Type in the Key Block is Transparent
ECDSA Private Key, then Key Material is a structure as shown in Table 19.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Recommended
Curve
|
Enumeration, see 9.1.3.2.5
|
Yes
|
|
D
|
Big Integer
|
Yes
|
Table
19:
Key Material Object Structure for Transparent ECDSA Private Keys
2.1.7.9
Transparent ECDSA Public Key
If
the Key Format Type in the Key Block is Transparent
ECDSA Public Key, then Key Material is a structure as shown in Table 20.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Recommended
Curve
|
Enumeration, see 9.1.3.2.5
|
Yes
|
|
Q String
|
Byte String
|
Yes
|
Table 20:
Key Material Object Structure
for Transparent ECDSA Public Keys
2.1.7.10 Transparent
ECDH Private Key
If
the Key Format Type in the Key Block is Transparent
ECDH Private Key, then Key Material is a structure as shown in Table 21.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Recommended
Curve
|
Enumeration, see 9.1.3.2.5
|
Yes
|
|
D
|
Big Integer
|
Yes
|
Table
21:
Key Material Object Structure for Transparent ECDH Private Keys
2.1.7.11 Transparent
ECDH Public Key
If
the Key Format Type in the Key Block is Transparent
ECDH Public Key, then Key Material is a structure as shown in Table 22.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Recommended
Curve
|
Enumeration, see 9.1.3.2.5
|
Yes
|
|
Q String
|
Byte String
|
Yes
|
Table
22:
Key Material Object Structure for Transparent ECDH Public Keys
2.1.7.12 Transparent
ECMQV Private Key
If
the Key Format Type in the Key Block is Transparent
ECMQV Private Key, then Key Material is a structure as shown in Table 23.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Recommended
Curve
|
Enumeration, see 9.1.3.2.5
|
Yes
|
|
D
|
Big Integer
|
Yes
|
Table 23: Key Material Object Structure for
Transparent ECMQV Private Keys
2.1.7.13 Transparent
ECMQV Public Key
If
the Key Format Type in the Key Block is Transparent
ECMQV Public Key, then Key Material is a structure as shown in Table 24.
|
Object
|
Encoding
|
REQUIRED
|
|
Key Material
|
Structure
|
|
|
Recommended
Curve
|
Enumeration, see 9.1.3.2.5
|
Yes
|
|
Q String
|
Byte String
|
Yes
|
Table 24: Key Material Object Structure for
Transparent ECMQV Public Keys
These structures are used in
various operations to provide the desired attribute values and/or template
names in the request and to return the actual attribute values in the response.
The Template-Attribute, Common Template-Attribute, Private Key Template-Attribute, and Public
Key Template-Attribute structures are defined identically as follows:
|
Object
|
Encoding
|
REQUIRED
|
|
Template-Attribute,
Common
Template-Attribute, Private Key Template-Attribute,
Public Key
Template-Attribute
|
Structure
|
|
|
Name
|
Structure,
see 3.2
|
No, MAY be repeated.
|
|
Attribute
|
Attribute
Object, see 2.1.1
|
No, MAY be repeated
|
Table 25:
Template-Attribute Object Structure
Name is the
Name attribute of the Template object defined in Section 2.2.6.
2.2
Managed
Objects
Managed Objects are objects
that are the subjects of key management operations, which are described in
Sections 4and 5. Managed Cryptographic Objects are the subset of Managed Objects
that contain cryptographic material (e.g. certificates, keys, and secret data).
2.2.1 Certificate
A Managed Cryptographic
Object that is a digital certificate (e.g., an encoded X.509 certificate).
|
Object
|
Encoding
|
REQUIRED
|
|
Certificate
|
Structure
|
|
|
Certificate Type
|
Enumeration, see 9.1.3.2.6
|
Yes
|
|
Certificate Value
|
Byte String
|
Yes
|
Table 26: Certificate Object
Structure
A Managed Cryptographic Object
that is a symmetric key.
|
Object
|
Encoding
|
REQUIRED
|
|
Symmetric Key
|
Structure
|
|
|
Key Block
|
Structure, see 2.1.3
|
Yes
|
Table 27: Symmetric Key Object
Structure
A Managed Cryptographic
Object that is the public portion of an asymmetric key pair. This is only a
public key, not a certificate.
|
Object
|
Encoding
|
REQUIRED
|
|
Public Key
|
Structure
|
|
|
Key Block
|
Structure, see 2.1.3
|
Yes
|
Table 28: Public Key Object
Structure
A Managed Cryptographic
Object that is the private portion of an asymmetric key pair.
|
Object
|
Encoding
|
REQUIRED
|
|
Private Key
|
Structure
|
|
|
Key Block
|
Structure, see 2.1.3
|
Yes
|
Table 29: Private Key Object
Structure
A Managed Cryptographic
Object that is a Split Key. A split
key is a secret, usually a symmetric key or a private key that has been split
into a number of parts, each of which MAY
then be distributed to several key holders, for additional security. The Split
Key Parts field indicates the total number of parts, and the Split Key
Threshold field indicates the minimum number of parts needed to reconstruct
the entire key. The Key Part Identifier indicates which key part is
contained in the cryptographic object, and SHALL be at least 1 and SHALL be less
than or equal to Split Key Parts.
|
Object
|
Encoding
|
REQUIRED
|
|
Split Key
|
Structure
|
|
|
Split Key Parts
|
Integer
|
Yes
|
|
Key Part Identifier
|
Integer
|
Yes
|
|
Split Key Threshold
|
Integer
|
Yes
|
|
Split Key Method
|
Enumeration, see 9.1.3.2.7
|
Yes
|
|
Prime Field Size
|
Big Integer
|
No, REQUIRED only if Split Key Method is Polynomial Sharing Prime
Field.
|
|
Key Block
|
Structure, see 2.1.3
|
Yes
|
Table 30: Split Key Object Structure
There
are three Split Key Methods for secret sharing: the first one is based
on XOR, and the other two are based on polynomial secret sharing, according to [SHAMIR1979].
Let L be the minimum number of bits needed to represent all
values of the secret.
·
When the Split Key Method is XOR, then
the Key Material in the Key Value of the Key Block is of length L bits. The number of split
keys is Split
Key Parts (identical to Split Key Threshold), and the secret is reconstructed by XORing all of the parts.
·
When the Split Key
Method is Polynomial Sharing Prime Field, then secret sharing is performed in
the field GF(Prime Field Size), represented as integers, where Prime
Field Size is a prime bigger than 2L.
·
When the Split Key
Method is Polynomial Sharing GF(216), then secret sharing is performed in the field GF(216).
The Key Material in the Key Value of the Key Block is a bit string of length L, and when L is bigger than 216,
then secret sharing is applied piecewise in pieces of 16 bits each. The Key
Material in the Key Value of the Key Block is the concatenation of the
corresponding shares of all pieces of the secret.
Secret
sharing is performed in the field GF(216), which is represented as
an algebraic extension of GF(28):
GF(216)
≈ GF(28) [y]/(y2+y+m), where m is defined later.
An
element of this field then consists of a linear combination uy + v,
where u and v are elements of the smaller field GF(28).
The
representation of field elements and the notation in this section rely on [FIPS197], Sections 3 and 4. The field GF(28) is as described in [FIPS197],
GF(28)
≈ GF(2) [x]/(x8+x4+x3+x+1).
An
element of GF(28) is represented as a byte. Addition and subtraction
in GF(28) is performed as a bit-wise XOR of the bytes.
Multiplication and inversion are more complex (see [FIPS197] Section 4.1 and 4.2 for details).
An
element of GF(216) is represented as a pair of bytes (u, v).
The element m is given by
m = x5+x4+x3+x,
which
is represented by the byte 0x3A (or {3A} in notation according to [FIPS197]).
Addition
and subtraction in GF(216) both correspond to simply XORing the bytes.
The product of two elements ry + s
and uy + v is given by
(ry
+ s) (uy + v) = ((r + s)(u + v)
+ sv)y + (ru + svm).
The
inverse of an element uy + v is given by
(uy
+ v)-1 = ud-1y + (u + v)d-1, where d
= (u + v)v + mu2.
2.2.6 Template
A Template is a named Managed Object containing the client-settable
attributes of a
Managed Cryptographic Object (i.e., a
stored, named list of attributes). A Template is used to specify the attributes
of a new Managed
Cryptographic Object in various
operations. It is intended to be used to specify the cryptographic attributes
of new objects in a standardized or convenient way. None of the client-settable
attributes specified in a Template except the Name attribute apply to the
template object itself, but instead apply to any object created using the
Template.
The Template MAY be the
subject of the Register, Locate, Get, Get
Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete
Attribute, and Destroy operations.
An attribute specified in a Template is applicable either to the Template
itself or to objects created using the Template.
Attributes applicable to the Template itself are: Unique Identifier, Object Type, Name, Initial Date, Archive
Date, and Last Change Date.
Attributes applicable to
objects created using the Template are:
·
Cryptographic
Algorithm
·
Cryptographic
Length
·
Cryptographic
Domain Parameters
·
Cryptographic
Parameters
·
Operation Policy
Name
·
Cryptographic
Usage Mask
·
Usage Limits
·
Activation Date
·
Process Start Date
·
Protect Stop Date
·
Deactivation Date
·
Object Group
·
Application
Specific Information
·
Contact
Information
·
Custom Attribute
|
Object
|
Encoding
|
REQUIRED
|
|
Template
|
Structure
|
|
|
Attribute
|
Attribute Object, see 2.1.1
|
Yes. MAY
be repeated.
|
Table
31:
Template Object Structure
A
Managed Cryptographic Object containing a shared secret value that is not a key
or certificate (e.g., a password). The Key Block of the Secret Data object
contains a Key Value of the Opaque type. The Key Value MAY
be wrapped.
|
Object
|
Encoding
|
REQUIRED
|
|
Secret Data
|
Structure
|
|
|
Secret Data Type
|
Enumeration, see 9.1.3.2.8
|
Yes
|
|
Key Block
|
Structure, see 2.1.3
|
Yes
|
Table 32: Secret Data Object
Structure
A
Managed Object that the key management server is possibly not able to
interpret. The context information for this object MAY
be stored and retrieved using Custom Attributes.
|
Object
|
Encoding
|
REQUIRED
|
|
Opaque Object
|
Structure
|
|
|
Opaque Data Type
|
Enumeration, see 9.1.3.2.9
|
Yes
|
|
Opaque Data Value
|
Byte String
|
Yes
|
Table
33:
Opaque Object Structure
The following subsections describe the attributes that are
associated with
Managed Objects. Attributes
that an object MAY have multiple
instances of are referred to as multi-instance
attributes. Similarly, attributes which an object MAY
only have at most one instance of are referred to as single-instance attributes. These attributes are able to be obtained by a client from the
server using the Get Attribute operation. Some attributes are able to be set by
the Add Attribute operation or updated by the Modify Attribute operation, and
some are able to be deleted by the Delete Attribute operation if they no longer
apply to the
Managed Object. Read-only attributes are attributes that
SHALL NOT be modified by either server or client, and that SHALL NOT be deleted
by a client.
When attributes are returned by the server (e.g., via a Get
Attributes operation), the attribute value returned MAY
differ for different clients (e.g., the Cryptographic Usage Mask value MAY be different for different clients, depending
on the policy of the server).
The first table in each subsection contains the attribute name
in the first row. This name is the canonical name used when managing attributes
using the Get Attributes, Get Attribute List, Add Attribute, Modify Attribute,
and Delete Attribute operations.
A server SHALL NOT delete
attributes without receiving a request from a client until the object is
destroyed. After an object is destroyed, the server MAY
retain all, some or none of the object attributes, depending on the object type
and server policy.
The second table in each subsection
lists certain attribute characteristics (e.g., “SHALL always have a value”): Table 34
below explains the meaning of each characteristic that may appear in those
tables. The server policy MAY
further restrict these attribute characteristics.
|
SHALL always have a value
|
All Managed Objects that are of the Object Types for which this
attribute applies, SHALL always have this attribute set once the object has
been created or registered, up until the object has been destroyed.
|
|
Initially set by
|
Who is permitted to initially set the value of the attribute (if the
attribute has never been set, or if all the attribute values have been
deleted)?
|
|
Modifiable by server
|
Is the server allowed to change an existing value of the attribute
without receiving a request from a client?
|
|
Modifiable by client
|
Is the client able to change an existing value of the attribute value
once it has been set?
|
|
Deletable by client
|
Is the client able to delete an instance of the attribute?
|
|
Multiple instances permitted
|
Are multiple instances of the attribute permitted?
|
|
When implicitly set
|
Which operations MAY cause
this attribute to be set even if the attribute is not specified in the
operation request itself?
|
|
Applies to Object Types
|
Which Managed Objects MAY
have this attribute set?
|
Table 34: Attribute Rules
The
Unique Identifier is generated by the key management system to uniquely
identify a Managed Object. It is only REQUIRED to be unique within the
identifier space managed by a single key management system, however it is RECOMMENDED
that this identifier be globally unique in order to allow for a key management
domain export of such objects. This attribute SHALL be assigned by the key
management system at creation or registration time, and then SHALL NOT be
changed or deleted before the object is destroyed.
|
Object
|
Encoding
|
|
|
Unique Identifier
|
Text String
|
|
Table 35: Unique Identifier
Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair, Register, Derive Key, Certify, Re-certify,
Re-key
|
|
Applies to Object Types
|
All Objects
|
Table
36:
Unique Identifier Attribute Rules
The
Name attribute is a structure (see Table 37) used to identify and locate
the object. This attribute is assigned by the client, and the Name Value is intended to be in a form that
humans are able to interpret. The
key management system MAY specify
rules by which the client creates valid names. Clients are informed of such
rules by a mechanism that is not specified by this standard. Names SHALL be
unique within a given key management domain, but are not REQUIRED to be globally
unique.
|
Object
|
Encoding
|
REQUIRED
|
|
Name
|
Structure
|
|
|
Name Value
|
Text String
|
Yes
|
|
Name Type
|
Enumeration, see 9.1.3.2.10
|
Yes
|
Table 37:
Name Attribute Structure
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
Yes
|
|
Deletable by client
|
Yes
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Re-key, Re-certify
|
|
Applies to Object Types
|
All Objects
|
Table 38: Name Attribute Rules
The
Object Type of a Managed Object (e.g.,
public key, private key, symmetric key, etc) SHALL be set by the server when
the object is created or registered and then SHALL NOT be changed or deleted
before the object is destroyed.
|
Object
|
Encoding
|
|
|
Object Type
|
Enumeration, see 9.1.3.2.11
|
|
Table 39: Object Type Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Objects
|
Table 40: Object Type Attribute
Rules
The
Cryptographic Algorithm used by the
object (e.g., RSA, DSA, DES, 3DES, AES,
etc). This attribute SHALL be set by the server when the object is created or
registered and then SHALL NOT be changed or deleted before the object is
destroyed.
|
Object
|
Encoding
|
|
|
Cryptographic Algorithm
|
Enumeration, see 9.1.3.2.12
|
|
Table 41: Cryptographic
Algorithm Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Re-key
|
|
Applies to Object Types
|
Keys, Certificates, Templates
|
Table 42: Cryptographic
Algorithm Attribute Rules
Cryptographic Length is the length in bits of the clear-text cryptographic key
material of the Managed Cryptographic Object. This attribute SHALL be set by
the server when the object is created or registered, and then SHALL NOT be
changed or deleted before the object is destroyed.
|
Object
|
Encoding
|
|
|
Cryptographic Length
|
Integer
|
|
Table 43: Cryptographic Length
Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When
implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Re-key
|
|
Applies to Object Types
|
Keys ,Certificates, Templates
|
Table 44: Cryptographic Length Attribute
Rules
The Cryptographic
Parameters attribute is a structure (see Table 45) that contains a set of OPTIONAL fields that describe certain
cryptographic parameters to be used when performing cryptographic operations
using the object. Specific fields MAY
pertain only to certain types of Managed Cryptographic Objects.
|
Object
|
Encoding
|
REQUIRED
|
|
Cryptographic Parameters
|
Structure
|
|
|
Block Cipher Mode
|
Enumeration, see 9.1.3.2.13
|
No
|
|
Padding Method
|
Enumeration, see 9.1.3.2.14
|
No
|
|
Hashing Algorithm
|
Enumeration, see 9.1.3.2.15
|
No
|
|
Key Role Type
|
Enumeration, see 9.1.3.2.16
|
No
|
Table 45:
Cryptographic Parameters Attribute Structure
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
Yes
|
|
Deletable by client
|
Yes
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Re-key, Re-certify
|
|
Applies to Object Types
|
Keys, Certificates, Templates
|
Table 46: Cryptographic
Parameters Attribute Rules
Key Role Type definitions
match those defined in ANSI X9
TR-31 [X9 TR-31] and are defined in Table 47:
|
BDK
|
Base Derivation Key (ANSI X9.24 DUKPT key derivation)
|
|
CVK
|
Card Verification Key
(CVV/signature strip number validation)
|
|
DEK
|
Data Encryption Key
(General Data Encryption)
|
|
MKAC
|
EMV/chip card Master Key:
Application Cryptograms
|
|
MKSMC
|
EMV/chip card Master Key:
Secure Messaging for Confidentiality
|
|
MKSMI
|
EMV/chip card Master Key:
Secure Messaging for Integrity
|
|
MKDAC
|
EMV/chip card Master Key:
Data Authentication Code
|
|
MKDN
|
EMV/chip card Master Key:
Dynamic Numbers
|
|
MKCP
|
EMV/chip card Master Key:
Card Personalization
|
|
MKOTH
|
EMV/chip card Master Key:
Other
|
|
KEK
|
Key Encryption or Wrapping
Key
|
|
MAC16609
|
ISO16609 MAC Algorithm 1
|
|
MAC97971
|
ISO9797-1 MAC Algorithm 1
|
|
MAC97972
|
ISO9797-1 MAC Algorithm 2
|
|
MAC97973
|
ISO9797-1 MAC Algorithm 3 (Note this is commonly known as
X9.19 Retail MAC)
|
|
MAC97974
|
ISO9797-1 MAC Algorithm 4
|
|
MAC97975
|
ISO9797-1 MAC Algorithm 5
|
|
ZPK
|
PIN Block Encryption Key
|
|
PVKIBM
|
PIN Verification Key, IBM 3624 Algorithm
|
|
PVKPVV
|
PIN Verification Key, VISA
PVV Algorithm
|
|
PVKOTH
|
PIN Verification Key, Other
Algorithm
|
Table
47:
Key Role Types
Accredited Standards Committee X9, Inc. - Financial Industry
Standards (www.x9.org) contributed to Table 47. Key role names and
descriptions are derived from material in the Accredited Standards Committee
X9, Inc's Technical Report "TR-31 2005 Interoperable Secure Key Exchange
Key Block Specification for Symmetric Algorithms" and used with the
permission of Accredited Standards Committee X9, Inc. in an effort to improve
interoperability between X9 standards and OASIS KMIP. The complete ANSI X9 TR-31 is available at www.x9.org.
The Cryptographic Domain Parameters attribute is a
structure (see Table 48)
that contains a set of OPTIONAL fields that MAY
need to be specified in the Create Key Pair Request Payload. Specific fields MAY only pertain to certain types of Managed
Cryptographic Objects.
The domain parameter Qlength correponds to the bit length
of parameter Q (refer to [FIPS186-3]
and [SP800-56A]).
Qlength applies to algorithms such as DSA and DH. The bit length of parameter P
(refer to [FIPS186-3]
and [SP800-56A])
is specified separately by setting the Cryptographic Length attribute.
Recommended Curve is applicable to elliptic curve
algorithms such as ECDSA, ECDH, and ECMQV.
|
Object
|
Encoding
|
Required
|
|
Cryptographic Domain Parameters
|
Structure
|
Yes
|
|
Qlength
|
Integer
|
No
|
|
Recommended Curve
|
Enumeration, see 9.1.3.2.5
|
No
|
Table 48:
Cryptographic Domain Parameters Attribute Structure
|
Shall always have a value
|
No
|
|
Initially set by
|
Client
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Re-key
|
|
Applies to Object Types
|
Asymmetric Keys, Templates
|
Table 49: Cryptographic Domain
Parameters Attribute Rules
The
type of a certificate (e.g., X.509, PGP, etc). The Certificate Type value SHALL be set by the server when the
certificate is created or registered and then SHALL NOT be changed or deleted
before the object is destroyed.
|
Object
|
Encoding
|
|
|
Certificate Type
|
Enumeration, see 9.1.3.2.6
|
|
Table 50: Certificate Type
Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Register, Certify,
Re-certify
|
|
Applies to Object Types
|
Certificates
|
Table 51: Certificate Type Attribute
Rules
The Certificate Identifier
attribute is a structure (see Table 52) used to provide the identification
of a certificate, containing the Issuer Distinguished Name (i.e., from the
Issuer field of the certificate) and the Certificate Serial Number (i.e., from
the Serial Number field of the certificate). The Certificate Identifier SHALL
be set by the server when the certificate is created or registered and then SHALL
NOT be changed or deleted before the object is destroyed.
|
Object
|
Encoding
|
REQUIRED
|
|
Certificate Identifier
|
Structure
|
|
|
Issuer
|
Text String
|
Yes
|
|
Serial Number
|
Text String
|
Yes (for X.509 certificates) / No (for
PGP certificates since they do not contain a serial number)
|
Table 52:
Certificate Identifier Attribute Structure
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Register, Certify,
Re-certify
|
|
Applies to Object Types
|
Certificates
|
Table 53: Certificate Identifier
Attribute Rules
The Certificate
Subject attribute is a structure (see Table 54) used to identify the
subject of a certificate, containing the Subject Distinguished Name (i.e., from
the Subject field of the certificate). It MAY
include one or more alternative names (e.g., email address, IP address, DNS
name) for the subject of the certificate (i.e., from the Subject Alternative
Name extension within the certificate). These values SHALL be set by the server
based on the information it extracts from the certificate that is created (as a
result of a Certify or a Re-certify operation) or registered (as part of a
Register operation) and SHALL NOT be changed or deleted before the object is
destroyed.
If the Subject Alternative Name extension is included
in the certificate and is marked CRITICAL (i.e., within the certificate itself), then it is possible to
issue an X.509 certificate where the subject field is left blank. Therefore an
empty string is an acceptable value for the Certificate Subject Distinguished
Name.
|
Object
|
Encoding
|
REQUIRED
|
|
Certificate Subject
|
Structure
|
|
|
Certificate Subject Distinguished Name
|
Text String
|
Yes, but MAY
be the empty string
|
|
Certificate Subject Alternative Name
|
Text String
|
No, MAY
be repeated
|
Table 54:
Certificate Subject Attribute Structure
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Register, Certify,
Re-certify
|
|
Applies to Object Types
|
Certificates
|
Table 55: Certificate Subject Attribute
Rules
The Certificate
Issuer attribute is a structure (see Table 57) used to identify the issuer
of a certificate, containing the Issuer Distinguished Name (i.e., from the
Issuer field of the certificate). It MAY
include one or more alternative names (e.g., email address, IP address, DNS
name) for the issuer of the certificate (i.e., from the Issuer Alternative Name
extension within the certificate). The server SHALL set these values based on
the information it extracts from a certificate that is created as a result of a
Certify or a Re-certify operation or is sent as part of a Register operation. These
values SHALL NOT be changed or deleted before the object is destroyed.
|
Object
|
Encoding
|
REQUIRED
|
|
Certificate Issuer
|
Structure
|
|
|
Certificate Issuer Distinguished Name
|
Text String
|
Yes
|
|
Certificate Issuer Alternative Name
|
Text String
|
No, MAY
be repeated
|
Table 56: Certificate Issuer Attribute Structure
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Register, Certify,
Re-certify
|
|
Applies to Object Types
|
Certificates
|
Table 57: Certificate Issuer Attribute Rules
The
Digest attribute is a structure (see Table 58) that contains the digest
value of the key or secret data (i.e., digest of the Key Material), certificate
(i.e., digest of the Certificate Value), or opaque object (i.e., digest of the
Opaque Data Value). Multiple digests MAY
be calculated using different algorithms. If an instance of this attribute
exists, then it SHALL be computed with the SHA-256 hashing algorithm; the
server MAY store additional
digests using the algorithms listed in Section 9.1.3.2.15. The digest(s) are static
and SHALL be set by the server when the object is created or registered,
provided that the server has access to the Key Material or the Digest Value
(possibly obtained via out-of-band mechanisms).
|
Object
|
Encoding
|
REQUIRED
|
|
Digest
|
Structure
|
|
|
Hashing Algorithm
|
Enumeration, see 9.1.3.2.15
|
Yes
|
|
Digest Value
|
Byte String
|
Yes, if the server has access to the Digest Value or
the Key Material (for keys and secret data), the Certificate Value (for
certificates) or the Opaque Data Value (for opaque objects).
|
Table 58:
Digest Attribute Structure
|
SHALL always have a value
|
Yes, if the server has access to the Digest Value or the Key Material
(for keys and secret data), the Certificate Value (for certificates) or the
Opaque Data Value (for opaque objects).
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects, Opaque Objects
|
Table 59: Digest Attribute
Rules
An
operation policy controls what entities MAY
perform which key management operations on the object. The content of the Operation
Policy Name attribute is the name of a policy object known to the key
management system and, therefore, is server dependent. The named policy objects
are created and managed using mechanisms outside the scope of the protocol. The
policies determine what entities MAY
perform specified operations on the object, and which of the object’s
attributes MAY be modified or
deleted. The Operation Policy Name attribute SHOULD be set when operations that
result in a new Managed Object on the server are executed. It is set either
explicitly or via some default set by the server, which then applies the named
policy to all subsequent operations on the object.
|
Object
|
Encoding
|
|
|
Operation Policy Name
|
Text String
|
|
Table 60: Operation Policy Name
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server or Client
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Objects
|
Table 61: Operation Policy Name
Attribute Rules
Some of the operations SHOULD
be allowed for any client at any time, without respect to operation policy.
These operations are:
·
Create
·
Create Key Pair
·
Register
·
Certify
·
Re-certify
·
Validate
·
Query
·
Cancel
·
Poll
3.13.2 Default
Operation Policy
A key management system implementation SHALL implement
at least one named operation policy, which is used for objects when the Operation
Policy attribute is not specified by the Client in operations that result
in a new Managed Object on the server, or in a template specified in these operations.
This policy is named default. It specifies the following rules for
operations on objects created or registered with this policy, depending on the
object type. For the profiles defined in [KMIP-Prof], the creator SHALL be as
defined in [KMIP-Prof].
3.13.2.1
Default
Operation Policy for Secret Objects
This
policy applies to Symmetric Keys, Private Keys, Split Keys, Secret Data, and
Opaque Objects.
|
Default Operation Policy for Secret Objects
|
|
Operation
|
Policy
|
|
Re-Key
|
Allowed to creator only
|
|
Derive Key
|
Allowed to creator only
|
|
Locate
|
Allowed to creator only
|
|
Check
|
Allowed to creator only
|
|
Get
|
Allowed to creator only
|
|
Get Attributes
|
Allowed to creator only
|
|
Get Attribute List
|
Allowed to creator only
|
|
Add Attribute
|
Allowed to creator only
|
|
Modify Attribute
|
Allowed to creator only
|
|
Delete Attribute
|
Allowed to creator only
|
|
Obtain Lease
|
Allowed to creator only
|
|
Get Usage Allocation
|
Allowed to creator only
|
|
Activate
|
Allowed to creator only
|
|
Revoke
|
Allowed to creator only
|
|
Destroy
|
Allowed to creator only
|
|
Archive
|
Allowed to creator only
|
|
Recover
|
Allowed to creator only
|
Table 62: Default Operation
Policy for Secret Objects
3.13.2.2
Default Operation Policy for Certificates and
Public Key Objects
This
policy applies to Certificates and Public Keys.
|
Default Operation Policy for Certificates and Public Key Objects
|
|
Operation
|
Policy
|
|
Locate
|
Allowed to all
|
|
Check
|
Allowed to all
|
|
Get
|
Allowed to all
|
|
Get Attributes
|
Allowed to all
|
|
Get Attribute List
|
Allowed to all
|
|
Add Attribute
|
Allowed to creator only
|
|
Modify Attribute
|
Allowed to creator only
|
|
Delete Attribute
|
Allowed to creator only
|
|
Obtain Lease
|
Allowed to all
|
|
Activate
|
Allowed to creator only
|
|
Revoke
|
Allowed to creator only
|
|
Destroy
|
Allowed to creator only
|
|
Archive
|
Allowed to creator only
|
|
Recover
|
Allowed to creator only
|
Table 63: Default Operation
Policy for Certificates and Public Key Objects
3.13.2.3 Default
Operation Policy for Template Objects
The operation policy specified as an attribute in the Register
operation for a template object is the operation policy used for objects
created using that template, and is not the policy used to control operations
on the template itself. There is no mechanism to specify a policy used to
control operations on template objects, so the default policy for template
objects is always used for templates created by clients using the Register
operation to create template objects.
|
Default Operation Policy for Private Template Objects
|
|
Operation
|
Policy
|
|
Locate
|
Allowed to creator only
|
|
Get
|
Allowed to creator only
|
|
Get Attributes
|
Allowed to creator only
|
|
Get Attribute List
|
Allowed to creator only
|
|
Add Attribute
|
Allowed to creator only
|
|
Modify Attribute
|
Allowed to creator only
|
|
Delete Attribute
|
Allowed to creator only
|
|
Destroy
|
Allowed to creator only
|
|
Any operation referencing the Template
using a Template-Attribute
|
Allowed to creator only
|
Table 64: Default Operation
Policy for Private Template Objects
In addition to private template objects (which are
controlled by the above policy, and which MAY
be created by clients or the server), publicly known and usable templates MAY be created and managed by the server, with a
default policy different from private template objects.
|
Default Operation Policy for Public Template Objects
|
|
Operation
|
Policy
|
|
Locate
|
Allowed to all
|
|
Get
|
Allowed to all
|
|
Get Attributes
|
Allowed to all
|
|
Get Attribute List
|
Allowed to all
|
|
Add Attribute
|
Disallowed to all
|
|
Modify Attribute
|
Disallowed to all
|
|
Delete Attribute
|
Disallowed to all
|
|
Destroy
|
Disallowed to all
|
|
Any operation referencing the Template
using a Template-Attribute
|
Allowed to all
|
Table 65: Default Operation
Policy for Public Template Objects
The Cryptographic Usage Mask defines the cryptographic
usage of a key. This is a bit mask that indicates to the client which
cryptographic functions MAY be
performed using the key, and which ones SHALL NOT be performed.
·
Sign
·
Verify
·
Encrypt
·
Decrypt
·
Wrap Key
·
Unwrap
Key
·
Export
·
MAC Generate
·
MAC Verify
·
Derive Key
·
Content Commitment
·
Key Agreement
·
Certificate Sign
·
CRL Sign
·
Generate Cryptogram
·
Validate Cryptogram
·
Translate Encrypt
·
Translate Decrypt
·
Translate Wrap
·
Translate Unwrap
This list takes into consideration values that MAY appear in the Key Usage extension in an X.509
certificate. However, the list does not consider the additional usages that MAY appear in the Extended Key Usage extension.
X.509 Key Usage values SHALL
be mapped to Cryptographic Usage Mask values in the following manner:
|
X.509 Key Usage to Cryptographic Usage Mask Mapping
|
|
X.509 Key
Usage Value
|
Cryptographic
Usage Mask Value
|
|
digitalSignature
|
Sign or Verify
|
|
contentCommitment
|
Content Commitment
(Non Repudiation)
|
|
keyEncipherment
|
Wrap Key or Unwrap Key
|
|
dataEncipherment
|
Encrypt or Decrypt
|
|
keyAgreement
|
Key Agreement
|
|
keyCertSign
|
Certificate Sign
|
|
cRLSign
|
CRL Sign
|
|
encipherOnly
|
Encrypt
|
|
decipherOnly
|
Decrypt
|
Table 66: X.509 Key Usage to
Cryptographic Usage Mask Mapping
|
Object
|
Encoding
|
|
|
Cryptographic Usage Mask
|
Integer
|
|
Table 67: Cryptographic Usage
Mask Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server or Client
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects, Templates
|
Table 68: Cryptographic Usage
Mask Attribute Rules
The Lease Time attribute
defines a time interval for a Managed Cryptographic Object beyond which the
client SHALL NOT use the object without obtaining another lease. This attribute
always holds the initial length of time allowed for a lease, and not the actual
remaining time. Once its lease expires, the client is only able to renew the
lease by calling Obtain Lease. A server SHALL store in this attribute the
maximum Lease Time it is able to serve and a client obtains the lease time
(with Obtain Lease) that is less than or equal to the maximum Lease Time. This
attribute is read-only for clients. It SHALL be modified by the server only.
|
Object
|
Encoding
|
|
|
Lease Time
|
Interval
|
|
Table 69: Lease Time Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects
|
Table 70: Lease Time Attribute
Rules
The Usage Limits attribute
is a mechanism for limiting the usage of a Managed Cryptographic
Object. It only applies to Managed Cryptographic Objects that are able
to be used for applying cryptographic protection and it SHALL only reflect their
usage for applying that protection (e.g., encryption, signing, etc.). This
attribute does not necessarily exist for all Managed Cryptographic Objects,
since some objects are able to be used without limit for cryptographically
protecting data, depending on client/server policies. Usage for processing
cryptographically-protected data (e.g., decryption, verification, etc.) is not
limited. The Usage Limits attribute has the three following fields:
·
Usage Limits Total – the total number of Usage Limits
Units allowed to be protected. This is the total value for the entire life of
the object and SHALL NOT be changed once the object begins to be used for applying
cryptographic protection.
·
Usage Limits Count – the currently remaining number
of Usage Limits Units allowed to be protected by the object.
·
Usage Limits Unit – The type of quantity for which
this structure specifies a usage limit (e.g., byte, object).
When
the attribute is initially set (usually during object creation or registration),
the Usage Limits Count is set to the Usage Limits Total value allowed for the
useful life of the object, and are decremented when the object is used. The server
SHALL ignore the Usage Limits Count value if the attribute is specified in an
operation that creates a new object. Changes made via the Modify Attribute
operation reflect corrections to the Usage Limits Total value, but they SHALL
NOT be changed once the Usage Limits Count value has changed by a Get Usage
Allocation operation. The Usage Limits Count value SHALL NOT be set or modified
by the client via the Add Attribute or Modify Attribute operations.
|
Object
|
Encoding
|
REQUIRED
|
|
Usage Limits
|
Structure
|
|
|
Usage
Limits Total
|
Long Integer
|
Yes
|
|
Usage
Limits Count
|
Long Integer
|
Yes
|
|
Usage
Limits Unit
|
Enumeration,
see 9.1.3.2.30
|
Yes
|
Table 71: Usage Limits
Attribute Structure
|
SHALL always
have a value
|
No
|
|
Initially
set by
|
Server (Total, Count, and
Unit) or Client (Total and/or Unit only)
|
|
Modifiable
by server
|
Yes
|
|
Modifiable
by client
|
Yes (Total and/or Unit only,
as long as Get Usage Allocation has not been performed)
|
|
Deletable
by client
|
Yes, as long as Get Usage
Allocation has not been performed
|
|
Multiple
instances permitted
|
No
|
|
When
implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Re-key, Get Usage Allocation
|
|
Applies to Object Types
|
Keys,
Templates
|
Table
72:
Usage Limits Attribute Rules
This
attribute is an indication of the State
of an object as known to the key management server. The State SHALL NOT be
changed by using the Modify Attribute operation on this attribute. The state SHALL
only be changed by the server as a part of other operations or other server
processes. An object SHALL be in one of the following states at any given time.
(Note: These states correspond to those described in [SP800-57-1]).
|
Figure 1: Cryptographic Object States
and Transitions
|
·
Pre-Active: The object exists but is
not yet usable for any cryptographic purpose.
·
Active: The object MAY
be used for all cryptographic purposes that are allowed by its Cryptographic
Usage Mask attribute and, if applicable, by its Process Start Date (see 3.20) and Protect Stop Date (see 3.21) attributes.
·
Deactivated: The object SHALL NOT be used for applying cryptographic
protection (e.g., encryption or signing), but, if permitted by the Cryptographic
Usage Mask attribute, then the object MAY
be used to process cryptographically-protected information (e.g., decryption or
verification), but only under extraordinary circumstances and when special permission is
granted.
·
Compromised: It is possible that the object has been compromised,
and SHOULD only be used to process cryptographically-protected information in a
client that is trusted to use managed objects that have been compromised.
·
Destroyed: The object is no longer usable for any purpose.
·
Destroyed
Compromised: The object is no longer
usable for any purpose; however its compromised status MAY
be retained for audit or security purposes.
State transitions occur as
follows:
1.
The transition
from a non-existent key to the Pre-Active state is caused by the creation of
the object. When an object is created or registered, it automatically goes from
non-existent to Pre-Active. If, however, the operation that creates or
registers the object contains an Activation Date that has already occurred, then
the state immediately transitions from Pre-Active to Active. In this case, the
server SHALL set the Activation Date attribute to the time when the operation
is received, or fail the request attempting to create or register the object,
depending on server policy. If the operation contains an Activation Date
attribute that is in the future, or contains no Activation Date, then the
Cryptographic Object is initialized in the key management system in the
Pre-Active state.
2. The transition from Pre-Active to Destroyed is caused
by a client issuing a Destroy operation. The server destroys the object when
(and if) server policy dictates.
3.
The transition
from Pre-Active to Compromised is caused by a client issuing a Revoke operation
with a Revocation Reason of Compromised.
4. The transition from
Pre-Active to Active SHALL occur in one of three ways:
·
The Activation
Date is reached.
·
A client successfully
issues a Modify Attribute operation, modifying the Activation Date to a date in
the past, or the current date.
·
A client issues an
Activate operation on the object. The server SHALL set the Activation Date to
the time the Activate operation is received.
5. The transition from Active to Compromised is caused by
a client issuing a Revoke operation with a Revocation Reason of Compromised.
6. The transition from Active to Deactivated SHALL occur
in one of three ways:
·
The object's
Deactivation Date is reached.
·
A client issues a
Revoke operation, with a Revocation Reason other than Compromised.
·
The client successfully
issues a Modify Attribute operation, modifying the Deactivation Date to a date
in the past, or the current date.
7. The transition from Deactivated to Destroyed is caused by
a client issuing a Destroy operation, or by a server, both in accordance with
server policy. The server destroys the object when (and if) server policy
dictates.
8. The transition from Deactivated to Compromised is caused
by a client issuing a Revoke operation with a Revocation Reason of Compromised.
9. The transition from Compromised to Destroyed
Compromised is caused by a client issuing a Destroy operation, or by a server,
both in accordance with server policy. The server destroys the object when (and
if) server policy dictates.
10. The transition from Destroyed to Destroyed Compromised
is caused by a client issuing a Revoke operation with a Revocation
Reason of Compromised.
Only the transitions described above are permitted.
|
Object
|
Encoding
|
|
|
State
|
Enumeration, see 9.1.3.2.17
|
|
Table 73: State Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
No, but only by the server in response to certain requests (see
above)
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair, Register, Derive Key, Activate, Revoke,
Destroy, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects
|
Table 74: State Attribute Rules
The Initial Date is the
date and time when the Managed Object was first created or registered at the
server. This time corresponds to state transition 1
(see Section 3.17). This attribute SHALL be set by
the server when the object is created or registered, and then SHALL NOT be
changed or
deleted before the object is destroyed.
This attribute is also set for non-cryptographic objects (e.g., templates) when
they are first registered with the server.
|
Object
|
Encoding
|
|
|
Initial Date
|
Date-Time
|
|
Table 75: Initial Date Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair, Register, Derive Key, Certify, Re-certify,
Re-key
|
|
Applies to Object Types
|
All Objects
|
Table 76: Initial Date
Attribute Rules
This
is the date and time when the Managed Cryptographic Object MAY begin to be used. This time corresponds to
state transition 4 (see Section 3.17). The object SHALL NOT be used for any cryptographic
purpose before the Activation Date has been reached. Once the state
transition from Pre-Active has occurred, then this attribute SHALL NOT be changed
or deleted before the object is destroyed .
|
Object
|
Encoding
|
|
|
Activation Date
|
Date-Time
|
|
Table 77: Activation Date
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server or Client
|
|
Modifiable by server
|
Yes, only while in Pre-Active state
|
|
Modifiable by client
|
Yes, only while in Pre-Active state
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair, Register, Derive Key, Activate Certify,
Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects, Templates
|
Table 78: Activation Date
Attribute Rules
This
is the date and time when a Managed Symmetric Key Object MAY begin to be used to process
cryptographically-protected information (e.g., decryption or unwrapping),
depending on the value of its Cryptographic Usage Mask attribute. The object SHALL
NOT be used for these cryptographic purposes before the Process Start Date
has been reached. This value MAY
be equal to or later than, but SHALL NOT precede, the Activation Date. Once the
Process Start Date has occurred, then this attribute SHALL NOT be changed or
deleted before the object is destroyed .
|
Object
|
Encoding
|
|
|
Process Start Date
|
Date-Time
|
|
Table 79: Process Start Date
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server or Client
|
|
Modifiable by server
|
Yes, only while in Pre-Active or Active state and as long as the
Process Start Date has been not reached.
|
|
Modifiable by client
|
Yes, only while in Pre-Active or Active state and as long as the
Process Start Date has been not reached.
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Register, Derive Key, Re-key
|
|
Applies to Object Types
|
Symmetric Keys, Split Keys of symmetric keys,
Templates
|
Table 80: Process Start Date
Attribute Rules
This
is the date and time when a Managed Symmetric Key Object SHALL NOT be used for applying
cryptographic protection (e.g., encryption or wrapping), depending on the value
of its Cryptographic Usage Mask attribute. This value MAY
be equal to or earlier than, but SHALL NOT be later than the Deactivation Date.
Once the Protect Stop Date has occurred, then this attribute SHALL NOT
be changed or deleted before the object is destroyed.
|
Object
|
Encoding
|
|
|
Protect Stop Date
|
Date-Time
|
|
Table 81: Protect Stop Date
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server or Client
|
|
Modifiable by server
|
Yes, only while in Pre-Active or Active state and as long as the
Protect Stop Date has not been reached.
|
|
Modifiable by client
|
Yes, only while in Pre-Active or Active state and as long as the Protect
Stop Date has not been reached.
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Register, Derive Key, Re-key
|
|
Applies to Object Types
|
Symmetric Keys, Split Keys of symmetric keys,
Templates
|
Table 82: Protect Stop Date
Attribute Rules
The
Deactivation Date is the date and
time when the Managed Cryptographic Object SHALL NOT be used for any purpose,
except for decryption, signature verification, or unwrapping, but only under
extraordinary circumstances and only when special permission is granted. This
time corresponds to state transition 6 (see
Section 3.17). This attribute SHALL NOT be changed or deleted before
the object is destroyed, unless the object is in the Pre-Active or Active state.
|
Object
|
Encoding
|
|
|
Deactivation Date
|
Date-Time
|
|
Table 83: Deactivation Date
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server or Client
|
|
Modifiable by server
|
Yes, only while in Pre-Active or Active state
|
|
Modifiable by client
|
Yes, only while in Pre-Active or Active state
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair, Register, Derive Key, Revoke Certify,
Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects, Templates
|
Table 84: Deactivation Date
Attribute Rules
The
Destroy Date is the date and time
when the Managed Object was destroyed. This time corresponds to state
transitions 2, 7, or 9 (see Section 3.17). This value is set by the server when the object is
destroyed due to the reception of a Destroy operation, or due to server policy
or out-of-band administrative action.
|
Object
|
Encoding
|
|
|
Destroy Date
|
Date-Time
|
|
Table 85: Destroy Date Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Destroy
|
|
Applies to Object Types
|
All Cryptographic Objects, Opaque Objects
|
Table
86:
Destroy Date Attribute Rules
The
Compromise Occurrence Date is the
date and time when the Managed Cryptographic Object was first believed to be
compromised. If it is not possible to estimate when the compromise occurred, then
this value SHOULD be set to the Initial Date for the object.
|
Object
|
Encoding
|
|
|
Compromise Occurrence Date
|
Date-Time
|
|
Table 87: Compromise Occurrence
Date Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Revoke
|
|
Applies to Object Types
|
All Cryptographic Objects, Opaque Object
|
Table 88: Compromise Occurrence
Date Attribute Rules
The
Compromise Date is the date and time
when the Managed Cryptographic Object entered into the compromised state. This
time corresponds to state transitions 3, 5, 8, or 10 (see Section 3.17). This time indicates when the key management system
was made aware of the compromise, not necessarily when the compromise occurred.
This attribute is set by the server when it receives a Revoke operation with a
Revocation Reason of Compromised, or due to server policy or out-of-band
administrative action.
|
Object
|
Encoding
|
|
|
Compromise Date
|
Date-Time
|
|
Table 89: Compromise Date
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Revoke
|
|
Applies to Object Types
|
All Cryptographic Objects, Opaque Object
|
Table 90: Compromise Date
Attribute Rules
The
Revocation Reason attribute is a
structure (see Table 91) used to indicate why the
Managed Cryptographic Object was revoked (e.g., “compromised”, “expired”, “no
longer used”, etc). This attribute is only changed by the server as a part of
the Revoke Operation.
The
Revocation Message is an OPTIONAL field that is used exclusively for
audit trail/logging purposes and MAY
contain additional information about why the object was revoked (e.g., “Laptop
stolen”, or “Machine decommissioned”).
|
Object
|
Encoding
|
REQUIRED
|
|
Revocation Reason
|
Structure
|
|
|
Revocation Reason Code
|
Enumeration, see 9.1.3.2.18
|
Yes
|
|
Revocation Message
|
Text String
|
No
|
Table 91:
Revocation Reason Attribute Structure
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Revoke
|
|
Applies to Object Types
|
All Cryptographic Objects, Opaque Object
|
Table 92: Revocation Reason
Attribute Rules
The
Archive Date is the date and time
when the Managed Object was placed in archival storage. This value is set by
the server as a part of the Archive operation. The server SHALL delete this
attribute whenever a Recover operation is performed.
|
Object
|
Encoding
|
|
|
Archive Date
|
Date-Time
|
|
Table 93: Archive Date
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
No
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Archive
|
|
Applies to Object Types
|
All Objects
|
Table
94:
Archive Date Attribute Rules
An
object MAY be part of a group of
objects. An object MAY belong to
more than one group of objects. To assign an object to a group of objects, the object
group name SHOULD be set into this attribute.
|
Object
|
Encoding
|
|
|
Object Group
|
Text String
|
|
Table 95: Object Group
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client or Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
Yes
|
|
Deletable by client
|
Yes
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Objects
|
Table 96: Object Group
Attribute Rules
The
Link attribute is a structure (see Table 97) used to create a link from one
Managed Cryptographic Object to another, closely related target Managed
Cryptographic Object. The link has a type, and the allowed types differ,
depending on the Object Type of the Managed Cryptographic Object, as listed
below. The Linked Object Identifier identifies the target Managed
Cryptographic Object by its Unique Identifier. The link contains information about
the association between the Managed Cryptographic Objects (e.g., the private
key corresponding to a public key; the parent certificate for a certificate in
a chain; or for a derived symmetric key, the base key from which it was derived).
Possible
values of Link Type in accordance with the Object Type of the Managed
Cryptographic Object are:
·
Private Key Link. For a Public
Key object: the private key corresponding to the public key.
·
Public Key Link. For a
Private Key object: the public key corresponding to the private key. For a
Certificate object: the public key contained in the certificate.
·
Certificate Link. For
Certificate objects: the parent certificate for a certificate in a certificate
chain. For Public Key objects: the corresponding certificate(s), containing the same public
key.
·
Derivation Base Object Link for a derived Symmetric Key object: the object(s) from which
the current symmetric key was derived.
·
Derived Key Link: the
symmetric key(s) that were derived from the current object.
·
Replacement Object Link.
For a Symmetric Key object: the key that resulted from the re-key of the current key. For a Certificate
object: the certificate that resulted from the re-certify. Note that there SHALL
be only one such replacement object per Managed Object.
·
Replaced Object Link. For a Symmetric Key object: the key that was
re-keyed to obtain the current key. For a Certificate object: the certificate
that was re-certified to obtain the current certificate.
The
Link attribute SHOULD be present for private keys and public keys for which a
certificate chain is stored by the server, and for certificates in a
certificate chain.
Note
that it is possible for a Managed Object to have multiple instances of the Link
attribute (e.g., a Private Key has links to the associated certificate, as well
as the associated public key; a Certificate object has links to both the public
key and to the certificate of the certification authority (CA) that signed the
certificate).
It
is also possible that a Managed Object does not have links to associated
cryptographic objects. This MAY occur
in cases where the associated key material is not available to the server or
client (e.g., the registration of a CA Signer certificate with a server, where
the corresponding private key is held in a different manner).
|
Object
|
Encoding
|
REQUIRED
|
|
Link
|
Structure
|
|
|
Link Type
|
Enumeration, see 9.1.3.2.19
|
Yes
|
|
Linked Object Identifier, see 3.1
|
Text String
|
Yes
|
Table 97:
Link Attribute Structure
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client or Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
Yes
|
|
Deletable by client
|
Yes
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Create Key Pair, Derive
Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Cryptographic Objects
|
Table
98:
Link Attribute Structure Rules
The
Application Specific Information attribute is a structure (see Table 99) used to store data specific
to the application(s) using the Managed Object. It consists of the following fields:
an Application Namespace and Application Data specific to that
application namespace.
Clients
MAY request to set (i.e., using
any of the operations that result in new Managed Object(s) on the server or
adding/modifying the attribute of an existing Managed Object) an instance of
this attribute with a particular Application Namespace while omitting
Application Data. In that case, if the server supports this namespace (as
indicated by the Query operation in Section 4.24), then it SHALL return a
suitable Application Data value. If the server does not support this namespace,
then an error SHALL be returned.
|
Object
|
Encoding
|
REQUIRED
|
|
Application Specific Information
|
Structure
|
|
|
Application Namespace
|
Text String
|
Yes
|
|
Application Data
|
Text String
|
Yes
|
Table 99:
Application Specific Information Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client or Server (only if the Application Data is omitted, in the
client request)
|
|
Modifiable by server
|
Yes (only if the Application Data is omitted in the client request)
|
|
Modifiable by client
|
Yes
|
|
Deletable by client
|
Yes
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Re-key, Re-certify
|
|
Applies to Object Types
|
All Objects
|
Table 100: Application Specific Information
Attribute Rules
The Contact Information
attribute is OPTIONAL, and its content is used for contact purposes only. It is
not used for policy enforcement. The attribute is set by the client or the
server.
|
Object
|
Encoding
|
|
|
Contact Information
|
Text String
|
|
Table 101: Contact Information
Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client or Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
Yes
|
|
Deletable by client
|
Yes
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Objects
|
Table 102: Contact Information
Attribute Rules
The Last Change Date attribute is a meta attribute that contains the
date and time of the last change to the contents or attributes of the specified
object.
|
Object
|
Encoding
|
|
|
Last Change Date
|
Date-Time
|
|
Table 103: Last Change Date
Attribute
|
SHALL always have a value
|
Yes
|
|
Initially set by
|
Server
|
|
Modifiable by server
|
Yes
|
|
Modifiable by client
|
No
|
|
Deletable by client
|
No
|
|
Multiple instances permitted
|
No
|
|
When implicitly set
|
Create, Create Key Pair,
Register, Derive Key, Activate, Revoke, Destroy, Archive, Recover, Certify,
Re-certify, Re-key, Add Attribute, Modify Attribute, Delete Attribute, Get
Usage Allocation
|
|
Applies to Object Types
|
All Objects
|
Table 104: Last Change Date
Attribute Rules
A Custom
Attribute is a client- or server-defined attribute intended for
vendor-specific purposes. It is created by the client and not interpreted by
the server, or is created by the server and MAY
be interpreted by the client. All custom attributes created by the client SHALL
adhere to a naming scheme, where the name of the attribute SHALL have a prefix
of 'x-'. All custom attributes created by the key management server SHALL
adhere to a naming scheme where the name of the attribute SHALL have a prefix
of 'y-'. The server SHALL NOT accept a client-created or modified attribute, where
the name of the attribute has a prefix of ‘y-‘. The tag type Custom Attribute is
not able to identify the particular attribute; hence such an attribute SHALL
only appear in an Attribute Structure with its name as defined in Section 2.1.1.
|
Object
|
Encoding
|
|
|
Custom Attribute
|
Any data type or structure. If a structure, then the structure SHALL
NOT include sub structures
|
The name of the attribute SHALL start with 'x-' or
'y-'.
|
Table 105 Custom Attribute
|
SHALL always have a value
|
No
|
|
Initially set by
|
Client or Server
|
|
Modifiable by server
|
Yes, for server-created attributes
|
|
Modifiable by client
|
Yes, for client-created attributes
|
|
Deletable by client
|
Yes, for client-created attributes
|
|
Multiple instances permitted
|
Yes
|
|
When implicitly set
|
Create, Create Key Pair, Register, Derive Key, Activate, Revoke,
Destroy, Certify, Re-certify, Re-key
|
|
Applies to Object Types
|
All Objects
|
Table
106:
Custom Attribute Rules
The following subsections
describe the operations that MAY
be requested by a key management client. Not all clients have to be capable of
issuing all operation requests; however any client that issues a specific
request SHALL be capable of understanding the response to the request. All
Object Management operations are issued in requests from clients to servers,
and results obtained in responses from servers to clients. Multiple operations MAY be combined within a batch, resulting in a
single request/response message pair.
A number of the operations
whose descriptions follow are affected by a mechanism referred to as the ID
Placeholder.
The key management server SHALL
implement a temporary variable called the ID Placeholder. This value consists
of a single Unique Identifier. It is a variable stored inside the server that
is only valid and preserved during the execution of a batch of operations. Once
the batch of operations has been completed, the ID Placeholder value SHALL be discarded
and/or invalidated by the server, so that subsequent requests do not find this
previous ID Placeholder available.
The ID Placeholder is
obtained from the Unique Identifier returned in response to the Create, Create
Pair, Register, Derive Key, Re-Key, Certify, Re-Certify, Locate, and Recover
operations. If any of these operations successfully completes and returns a
Unique Identifier, then the server SHALL copy this Unique Identifier into the
ID Placeholder variable, where it is held until the completion of the
operations remaining in the batched request or until a subsequent operation in
the batch causes the ID Placeholder to be replaced. If the Batch Error
Continuation Option is set to Stop and the Batch Order Option is set to true,
then subsequent operations in the batched request MAY
make use of the ID Placeholder by omitting the Unique Identifier field from the
request payloads for these operations.
Requests MAY contain attribute values to be assigned to the object.
This information is specified with a Template-Attribute (see Section 2.1.8) that contains zero or more template names and zero or more individual
attributes. If more than one template name is specified, and there is a
conflict between the single-instance attributes in the templates, then the
value in the last of the conflicting templates takes precedence. If there is a
conflict between the single-instance attributes in the request and the single-instance
attributes in a specified template, then the attribute values in the request
take precedence. For multi-value attributes, the union of attribute values is
used when the attributes are specified more than once.
Responses MAY contain attribute values that were not
specified in the request, but have been implicitly set by the server. This
information is specified with a Template-Attribute that contains one or more
individual attributes.
For any operations that
operate on Managed Objects already stored on the server, any archived object SHALL
first be made available by a Recover operation (see Section 4.22) before they MAY be specified
(i.e., as on-line objects).
4.1
Create
This operation requests the
server to generate a new symmetric key as a Managed Cryptographic Object. This operation is not used to create a Template
object (see Register operation, Section 4.3).
The request contains
information about the type of object being created, and some of the attributes
to be assigned to the object (e.g., Cryptographic Algorithm, Cryptographic
Length, etc). This information MAY
be specified by the names of Template objects that already exist.
The response contains the
Unique Identifier of the created object. The server SHALL copy the Unique
Identifier returned by this operation into the ID Placeholder variable.
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Object Type, see 3.3
|
Yes
|
Determines the type of object to be created.
|
|
Template-Attribute, see 2.1.8
|
Yes
|
Specifies desired object
attributes using templates and/or individual attributes.
|
Table 107: Create Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Object Type, see 3.3
|
Yes
|
Type of object created.
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the newly created
object.
|
|
Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of object
attributes with values that were not specified in the request, but have been
implicitly set by the key management server.
|
Table 108: Create Response
Payload
Table 109 indicates which attributes SHALL
be included in the Create request using the Template-Attribute object.
|
Attribute
|
REQUIRED
|
|
Cryptographic Algorithm,
see 3.4
|
Yes
|
|
Cryptographic Usage Mask,
see 3.14
|
Yes
|
Table
109:
Create Attribute Requirements
This operation requests the
server to generate a new public/private key pair and register the two
corresponding new Managed Cryptographic Objects.
The request contains
attributes to be assigned to the objects (e.g., Cryptographic Algorithm,
Cryptographic Length, etc). Attributes and Template Names MAY be specified for both keys at the same time by
specifying a Common Template-Attribute object in the request. Attributes not
common to both keys (e.g., Name, Cryptographic Usage Mask) MAY be specified using the Private Key
Template-Attribute and Public Key Template-Attribute objects in the request,
which take precedence over the Common Template-Attribute object.
A Link Attribute is
automatically created by the server for each object, pointing to the
corresponding object. The response contains the Unique Identifiers of both
created objects. The ID Placeholder value SHALL be set to the Unique Identifier
of the Private Key.
|
Request
Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Common Template-Attribute,
see 2.1.8
|
No
|
Specifies desired attributes in templates
and/or as individual attributes that apply to both the Private and Public Key
Objects.
|
|
Private Key
Template-Attribute, see 2.1.8
|
No
|
Specifies templates and/or attributes that
apply to the Private Key Object. Order of precedence applies.
|
|
Public Key
Template-Attribute, see 2.1.8
|
No
|
Specifies templates and/or
attributes that apply to the Public Key Object. Order of precedence applies.
|
Table 110: Create Key Pair
Request Payload
For
multi-instance attributes, the union of the values found in the templates and
attributes of the Common, Private, and Public Key Template-Attribute is used.
For single-instance attributes, the order of precedence is as follows:
1. attributes specified explicitly in the Private and
Public Key Template-Attribute, then
2. attributes specified via templates in the Private and
Public Key Template-Attribute, then
3. attributes specified explicitly in the Common
Template-Attribute, then
4. attributes specified via templates in the Common
Template-Attribute
If there are multiple
templates in the Common, Private, or Public Key Template-Attribute, then the last
value of the single-instance attribute that
conflict takes precedence.
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Private Key Unique
Identifier, see 3.1
|
Yes
|
The Unique Identifier of the newly created
Private Key object.
|
|
Public Key Unique
Identifier, see 3.1
|
Yes
|
The Unique Identifier of the newly created
Public Key object.
|
|
Private Key Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of attributes, for the
Private Key Object, with values that were not specified in the request, but
have been implicitly set by the key management server.
|
|
Public Key Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of
attributes, for the Public Key Object, with values that were not specified in
the request, but have been implicitly set by the key management server.
|
Table 111: Create Key Pair
Response Payload
Table 112 indicates which attributes SHALL
be included in the Create Key pair request using Template-Attribute objects, as
well as which attributes SHALL have the same value for the Private and Public
Key.
|
Attribute
|
REQUIRED
|
SHALL contain the same value for both
Private and Public Key
|
|
Cryptographic Algorithm,
see 3.4
|
Yes
|
Yes
|
|
Cryptographic
Length, see 3.5
|
No
|
Yes
|
|
Cryptographic Usage Mask,
see 3.14
|
Yes
|
No
|
|
Cryptographic Domain
Parameters, see 3.7
|
No
|
Yes
|
|
Cryptographic Parameters,
see 3.6
|
No
|
Yes
|
Table
112:
Create Key Pair Attribute Requirements
Setting the same Cryptographic Length value for both private
and public key does not imply that both keys are of equal length. For RSA,
Cryptographic Length corresponds to the bit length of the Modulus. For DSA and
DH algorithms, Cryptographic Length corresponds to the bit length of parameter
P, and the bit length of Q is set separately in the Cryptographic Domain
Parameters attribute. For ECDSA, ECDH, and ECMQV algorithms, Cryptographic
Length corresponds to the bit length of parameter Q.
This operation requests the
server to register a Managed Object that was created by the
client or obtained by the client through some other means, allowing the server
to manage the object. The arguments in the request are similar to those in the
Create operation, but also MAY contain
the object itself for storage by the server. Optionally, objects that are not to
be stored by the key management system MAY
be omitted from the request (e.g., private keys).
The request contains
information about the type of object being registered and some of the
attributes to be assigned to the object (e.g., Cryptographic Algorithm,
Cryptographic Length, etc). This information MAY
be specified by the use of a Template-Attribute object.
The response contains the
Unique Identifier assigned by the server to the registered object. The server SHALL
copy the Unique Identifier returned by this operations into the ID Placeholder
variable. The Initial Date attribute of the object SHALL be set to the current
time.
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Object Type, see 3.3
|
Yes
|
Determines the type of object being
registered.
|
|
Template-Attribute, see 2.1.8
|
Yes
|
Specifies desired object attributes using
templates and/or individual attributes.
|
|
Certificate, Symmetric Key, Private Key,
Public Key, Split Key, Template Secret Data or Opaque Object, see 2.2
|
No
|
The object being
registered. The object and attributes MAY
be wrapped. Some objects (e.g., Private Keys), MAY
be omitted from the request.
|
Table 113: Register Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the newly
registered object.
|
|
Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of object
attributes with values that were not specified in the request, but have been
implicitly set by the key management server.
|
Table 114: Register Response
Payload
If a Managed Cryptographic Object is registered, then the
following attributes SHALL be included in the Register request, either
explicitly, or via specification of a template that contains the attribute.
|
Attribute
|
REQUIRED
|
|
Cryptographic Algorithm,
see 3.4
|
Yes, MAY be omitted only if this information is encapsulated
in the Key Block. Does not apply to Secret Data. If present, then Cryptographic
Length below SHALL also be present.
|
|
Cryptographic Length, see 3.5
|
Yes, MAY be omitted only if this information is encapsulated
in the Key Block. Does not apply to Secret Data. If present, then Cryptographic Algorithm above SHALL
also be present.
|
|
Cryptographic Usage Mask,
see 3.14
|
Yes.
|
Table 115: Register Attribute
Requirements
This
request is used to generate a replacement key for an existing symmetric key. It
is analogous to the Create operation, except that attributes of the replacement
key are copied from the existing key, with the exception of the attributes
listed in Table 117.
As the replacement key takes over the
name attribute of the existing key, Re-key SHOULD only be performed once on a
given key.
The server SHALL
copy the Unique Identifier of the replacement key returned by this operation
into the ID Placeholder variable.
As a result of Re-key, the Link
attribute of the existing key is set to point to the replacement key and vice
versa.
An Offset MAY be used to indicate the difference between the
Initialization Date and the Activation Date of the replacement key. If no
Offset is specified, the Activation Date, Process Start Date, Protect Stop Date
and Deactivation Date values are copied from the existing key. If Offset is set and dates exist for the existing key,
then the dates of the replacement key SHALL be set based on the dates of the
existing key as follows:
|
Attribute in Existing Key
|
Attribute in Replacement Key
|
|
Initial Date (IT1)
|
Initial Date (IT2) > IT1
|
|
Activation Date (AT1)
|
Activation Date (AT2) = IT2+ Offset
|
|
Process Start Date (CT1)
|
Process Start Date = CT1+(AT2- AT1)
|
|
Protect Stop Date (TT1)
|
Protect Stop Date = TT1+(AT2- AT1)
|
|
Deactivation Date (DT1)
|
Deactivation Date = DT1+(AT2- AT1)
|
Table 116:
Computing New Dates from Offset during Re-key
Attributes that are not copied from the existing key
and are handled in a specific way for the replacement key are:
|
Attribute
|
Action
|
|
Initial Date, see 3.18
|
Set to the current time
|
|
Destroy Date, see 3.23
|
Not set
|
|
Compromise Occurrence Date,
see 3.24
|
Not set
|
|
Compromise Date, see 3.25
|
Not set
|
|
Revocation Reason, see 3.26
|
Not set
|
|
Unique Identifier, see 3.1
|
New value generated
|
|
Usage Limits, see 3.16
|
The Total value is copied from the existing
key, and the Count value is set to the Total value.
|
|
Name, see 3.2
|
Set to the name(s) of the existing key; all
name attributes are removed from the existing key.
|
|
State, see 3.17
|
Set based on attributes values, such as
dates, as shown in Table 116
|
|
Digest, see 3.12
|
Recomputed from the replacement key value
|
|
Link, see 3.29
|
Set to point to the existing key as the
replaced key
|
|
Last Change Date, see 3.32
|
Set to current time
|
Table 117:
Re-key Attribute Requirements
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
No
|
Determines the existing Symmetric Key being
re-keyed. If omitted, then the ID Placeholder value is used by the server as
the Unique Identifier.
|
|
Offset
|
No
|
An Interval object indicating the
difference between the Initialization Date and the Activation Date of the replacement
key to be created.
|
|
Template-Attribute, see 2.1.8
|
No
|
Specifies desired object
attributes using templates and/or individual attributes.
|
Table 118: Re-key Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the newly-created
replacement Symmetric Key.
|
|
Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of object
attributes with values that were not specified in the request, but have been
implicitly set by the key management server.
|
Table 119: Re-key Response
Payload
This
request is used to derive a symmetric key or Secret Data object from a key or
secret data that is already known to the key management system. The request SHALL only apply to Managed Cryptographic Objects that have the Derive Key bit set
in the Cryptographic Usage Mask attribute of the specified Managed Object
(i.e., are able to be used for key derivation). If the operation is issued for an
object that does not have this bit set, then the server SHALL return an error.
For all derivation methods, the client SHALL specify the desired length of the
derived key or Secret Data object using the Cryptographic Length attribute. If
a key is created, then the client SHALL specify both its Cryptographic Length
and Cryptographic Algorithm. If the specified length exceeds the output of the
derivation method, then the server SHALL return an error. Clients MAY derive multiple keys and IVs by requesting the
creation of a Secret Data object and specifying a Cryptographic Length that is
the total length of the derived object. The length SHALL NOT exceed the length
of the output returned by the chosen derivation method.
The
fields in the request specify the Unique Identifiers of the keys or Secret Data
objects to be used for derivation (e.g., some derivation methods MAY require multiple keys or Secret Data objects to
derive the result), the method to be used to perform the derivation, and any
parameters needed by the specified method. The method is specified as an
enumerated value. Currently defined derivation methods include:
·
PBKDF2 – This method is used to derive a symmetric key from a
password or pass phrase. The PBKDF2 method is published in [PKCS#5] and [RFC2898].
·
HASH – This method derives a key by computing a hash over the
derivation key or the derivation data.
·
HMAC – This method derives a key by computing an HMAC over the
derivation data.
·
ENCRYPT – This method derives a key by encrypting the derivation
data.
·
NIST800-108-C – This method derives a key by computing the KDF in Counter
Mode as specified in [SP800-108].
·
NIST800-108-F – This method derives a key by computing the KDF in Feedback
Mode as specified in [SP800-108].
·
NIST800-108-DPI – This method derives a key by computing the KDF in
Double-Pipeline Iteration Mode as specified in [SP800-108].
·
Extensions
The server SHALL perform the derivation function, and
then register the derived object as a new Managed Object, returning the new
Unique Identifier for the new object in the response. The server SHALL copy the
Unique Identifier returned by this operation into the ID Placeholder variable.
As a result of Derive Key, the Link attributes (i.e., Derived
Key Link in the objects from which the key is derived, and the Derivation Base
Object Link in the derived key) of all objects involved SHALL be set to point
to the corresponding objects.
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Object Type, see 3.3
|
Yes
|
Determines the type of object to be created.
|
|
Unique Identifier, see 3.1
|
Yes. MAY be repeated
|
Determines the object or objects to be used to derive a new key. At
most, two identifiers MAY be
specified: one for the derivation key and another for the secret data. Note
that the current value of the ID Placeholder SHALL NOT be used in place of a
Unique Identifier in this operation.
|
|
Derivation Method, see 9.1.3.2.20
|
Yes
|
An Enumeration object specifying the method to be used to derive the
new key.
|
|
Derivation Parameters, see below
|
Yes
|
A Structure object containing the parameters needed by the specified
derivation method.
|
|
Template-Attribute, see 2.1.8
|
Yes
|
Specifies desired object
attributes using templates and/or individual attributes; the length and
algorithm SHALL always be specified for the creation of a symmetric key.
|
Table 120: Derive Key Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the newly derived key or Secret Data object.
|
|
Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of object
attributes with values that were not specified in the request, but have been
implicitly set by the key management server.
|
Table 121: Derive Key Response
Payload
The Derivation Parameters for all derivation methods
consist of the following parameters, except PBKDF2, which requires two
additional parameters.
|
Object
|
Encoding
|
REQUIRED
|
|
Derivation
Parameters
|
Structure
|
Yes
|
|
Cryptographic Parameters, see 3.6
|
Structure
|
Yes, except for HMAC
derivation keys.
|
|
Initialization Vector
|
Byte String
|
No, depends on PRF and
mode of operation: empty IV is assumed if not provided.
|
|
Derivation
Data
|
Byte String
|
Yes, unless
the Unique Identifier of a Secret Data object is provided.
|
Table 122: Derivation Parameters
Structure (Except PBKDF2)
Cryptographic Parameters identify the
Pseudorandom Function (PRF) or the mode of operation of the PRF (e.g., if a key
is to be derived using the HASH derivation method, then clients are REQUIRED to
indicate the hash algorithm inside Cryptographic Parameters; similarly, if a
key is to be derived using AES in CBC mode, then clients are REQUIRED to indicate the
Block Cipher Mode). The server SHALL verify that the specified mode matches one
of the instances of Cryptographic Parameters set for the corresponding key. If
Cryptographic Parameters are omitted, then the server SHALL select the
Cryptographic Parameters with the lowest Attribute Index for the specified key.
If the corresponding key does not have any Cryptographic Parameters attribute,
or if no match is found, then an error is returned.
If a key is derived using HMAC, then the attributes of
the derivation key provide enough information about the PRF and the Cryptographic
Parameters are ignored.
Derivation Data is either the data to be encrypted,
hashed, or HMACed. For the NIST SP 800-108 methods [SP800-108], Derivation Data is Label||{0x00}||Context, where the all-zero byte is OPTIONAL.
Most derivation methods (e.g., ENCRYPT) require a
derivation key and the derivation data to be used. The HASH derivation method
requires either a derivation key or derivation data. Derivation data MAY either be explicitly provided by the client
with the Derivation Data field or implicitly provided by providing the Unique
Identifier of a Secret Data object. If both are provided, then an error SHALL
be returned.
The PBKDF2 derivation method requires two additional
parameters:
|
Object
|
Encoding
|
REQUIRED
|
|
Derivation Parameters
|
Structure
|
Yes
|
|
Cryptographic
Parameters, see 3.6
|
Structure
|
No, depends on the PRF
|
|
Initialization
Vector
|
Byte String
|
No, depends on the PRF
(if different than those defined in [PKCS#5]) and mode of operation: an empty IV is assumed if
not provided.
|
|
Derivation
Data
|
Byte String
|
Yes, unless the Unique
Identifier of a Secret Data object is provided.
|
|
Salt
|
Byte String
|
Yes
|
|
Iteration
Count
|
Integer
|
Yes
|
Table 123: PBKDF2 Derivation
Parameters Structure
This request is used to generate
a Certificate object for a public key. This request supports certification of a
new public key as well as certification of a public key that has already been
certified (i.e., certificate update). Only a single certificate SHALL be
requested at a time. Server support for this operation is OPTIONAL, as it
requires that the key management system have access to a certification
authority (CA). If the server does not support this operation, an error SHALL
be returned.
The Certificate Requests is
passed as a Byte String, which allows multiple certificate request types for
X.509 certificates (e.g., PKCS#10, PEM, etc) or PGP certificates to be
submitted to the server.
The generated Certificate
object whose
Unique Identifier is returned MAY
be obtained by the client via a Get operation in the same batch, using the ID Placeholder mechanism.
As a result of Certify, the
Link attribute of the Public Key and of the generated certificate SHALL be set
to point at each other.
The server SHALL copy the Unique Identifier of the generated
certificate returned by this operation into the ID Placeholder variable.
If the information in the
Certificate Request conflicts with the attributes specified in the
Template-Attribute, then the information in the Certificate Request takes
precedence.
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
No
|
The Unique Identifier of the Public Key
being certified. If omitted, then the ID Placeholder value is used by the
server as the Unique Identifier.
|
|
Certificate Request Type,
see 9.1.3.2.21
|
Yes
|
An Enumeration object specifying the type
of certificate request.
|
|
Certificate Request
|
Yes
|
A Byte String object with the certificate
request.
|
|
Template-Attribute, see 2.1.8
|
No
|
Specifies desired object
attributes using templates and/or individual attributes.
|
Table 124: Certify Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the generated Certificate
object.
|
|
Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of object
attributes with values that were not specified in the request, but have been
implicitly set by the key management server.
|
Table 125: Certify Response
Payload
This
request is used to renew an existing certificate for the same key pair. Only a
single certificate SHALL be renewed at a time. Server support for this operation is OPTIONAL, as it requires that the key
management system to have access to a certification authority (CA). If the
server does not support this operation, an error SHALL be returned.
The Certificate Request is
passed as a Byte String, which allows multiple certificate request types for X.509
certificates (e.g., PKCS#10, PEM, etc) or PGP certificates to be submitted to
the server.
The server SHALL copy the Unique Identifier of the new certificate returned by this
operation into the ID Placeholder
variable.
If the information in the
Certificate Request field in the request conflicts with the attributes
specified in the Template-Attribute, then the information in the Certificate
Request takes precedence.
As the new certificate takes over the name attribute of the
existing certificate, Re-certify SHOULD only be performed once on a given
(existing) certificate.
The Link attribute of the
existing certificate and of the new certificate are set to point at each other.
The Link attribute of the Public Key is changed to point to the new certificate.
An Offset MAY be used to
indicate the difference between the Initialization Date and the Activation Date
of the new certificate. If Offset is set, then the dates
of the new certificate SHALL be set based on the dates of the existing
certificate (if such dates exist) as follows:
|
Attribute in Existing
Certificate
|
Attribute in New
Certificate
|
|
Initial Date (IT1)
|
Initial Date (IT2) > IT1
|
|
Activation Date (AT1)
|
Activation Date (AT2) = IT2+ Offset
|
|
Deactivation Date (DT1)
|
Deactivation Date = DT1+(AT2- AT1)
|
Table 126: Computing
New Dates from Offset during Re-certify
Attributes that are not copied from the existing
certificate and that are handled in a specific way for the new certificate are:
|
Attribute
|
Action
|
|
Initial Date, see 3.18
|
Set to current time
|
|
Destroy Date, see 3.23
|
Not set
|
|
Revocation Reason, see 3.26
|
Not set
|
|
Unique Identifier, see 3.2
|
New value generated
|
|
Name, see 3.2
|
Set to the name(s) of the existing
certificate; all name attributes are removed from the existing certificate.
|
|
State, see 3.17
|
Set based on attributes values, such as
dates, as shown in Table 126
|
|
Digest, see 3.12
|
Recomputed from the new certificate value.
|
|
Link, see 3.29
|
Set to point to the existing certificate as
the replaced certificate.
|
|
Last Change Date, see 3.32
|
Set to current time
|
Table 127: Re-certify Attribute Requirements
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
No
|
The Unique Identifier of the Certificate
being renewed. If omitted, then the ID
Placeholder value is used by the server as the Unique Identifier.
|
|
Certificate Request Type,
see 9.1.3.2.21
|
Yes
|
An Enumeration object specifying the type
of certificate request.
|
|
Certificate Request
|
Yes
|
A Byte String object with the certificate
request.
|
|
Offset
|
No
|
An Interval object indicating the
difference between the Initialization Time of the new certificate and the
Activation Date of the new certificate.
|
|
Template-Attribute, see 2.1.8
|
No
|
Specifies desired object
attributes using templates and/or individual attributes.
|
Table 128: Re-certify Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the new
certificate.
|
|
Template-Attribute, see 2.1.8
|
No
|
An OPTIONAL list of object
attributes with values that were not specified in the request, but have been
implicitly set by the key management server.
|
Table 129: Re-certify Response
Payload
This
operation requests that the server search for one or more Managed Objects
depending on the attributes specified in the request. All attributes are
allowed to be used. However, Attribute Index values SHOULD NOT be specified in
the request. Attribute Index values that are provided SHALL be ignored by the Locate operation. The request MAY also contain a Maximum Items field,
which specifies the maximum number of objects to be returned. If the Maximum
Items field is omitted, then the server MAY
return all objects matched, or MAY
impose an internal maximum limit due to resource limitations.
If
more than one object satisfies the identification criteria specified in the
request, then the response MAY
contain Unique Identifiers for multiple Managed Objects. Returned objects SHALL
match all of the attributes in the request. If no objects match, then an
empty response payload is returned. If no attribute is specified in the
request, any object SHALL be deemed to match the Locate request.
The
server returns a list of Unique Identifiers of the found objects, which then MAY be retrieved using the Get operation. If the
objects are archived, then the Recover and Get operations are REQUIRED to be
used to obtain those objects. If a single Unique Identifier is returned to the
client, then the server SHALL copy the Unique Identifier returned by this
operation into the ID Placeholder variable.
If the Locate operation matches more than one object, and the Maximum
Items value is omitted in the request, or is set to a value larger than one,
then the server SHALL empty the ID Placeholder, causing any subsequent operations
that are batched with the Locate, and which do not specify a Unique Identifier
explicitly, to fail. This ensures that these batched operations SHALL proceed
only if a single object is returned by Locate.
Wild-cards or regular expressions (defined, e.g., in
[ISO/IEC 9945-2]) MAY be supported
by specific key management system implementations for matching attribute fields
when the field type is a Text String or a Byte String.
The Date attributes in the Locate request (e.g., Initial
Date, Activation Date, etc) are used to specify a time or a time range for the
search. If a single instance of a given Date attribute is used in the request (e.g.,
the Activation Date), then objects with the same Date attribute are considered
to be matching candidate objects. If two instances of the same Date attribute
are used (i.e., with two different values specifying a range), then objects for
which the Date attribute is inside or at a limit of the range are considered to
be matching candidate objects. If a Date attribute is set to its largest
possible value, then it is equivalent to an undefined attribute. The KMIP Usage
Guide [KMIP-UG] provides examples.
When the Cryptographic Usage Mask attribute is
specified in the request, candidate objects are compared against this field via
an operation that consists of a logical AND
of the requested mask with the mask in the candidate object, and then a
comparison of the resulting value with the requested mask. For example, if the
request contains a mask value of 10001100010000, and a candidate object mask
contains 10000100010000, then the logical AND
of the two masks is 10000100010000, which is compared against the mask value in
the request (10001100010000) and the match fails. This means that a matching
candidate object has all of the bits set in its mask that are set in the
requested mask, but MAY have
additional bits set.
When the Usage Allocation attribute is specified in the
request, matching candidate objects SHALL have an Object or Byte Count and
Total Objects or Bytes equal to or larger than the values specified in the
request.
When an attribute that is defined as a structure is
specified, all of the structure fields are not REQUIRED to be specified. For
instance, for the Link attribute, if the Linked Object Identifier value is
specified without the Link Type value, then matching candidate objects have the
Linked Object Identifier as specified, irrespective of their Link Type.
The Storage Status Mask field (see Section 9.1.3.3.2) is used to indicate whether
only on-line objects, only archived objects, or both on-line and archived
objects are to be searched. Note that the server MAY
store attributes of archived objects in order to expedite Locate operations that
search through archived objects.
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Maximum Items
|
No
|
An Integer object that indicates the
maximum number of object identifiers the server MAY
return.
|
|
Storage Status Mask, see 9.1.3.3.2
|
No
|
An Integer object (used as a bit mask) that
indicates whether only on-line objects, only archived objects, or both
on-line and archived objects are to be searched. If omitted, then on-line
only is assumed.
|
|
Attribute, see 3
|
No, MAY
be repeated
|
Specifies an attribute and
its value(s) that are REQUIRED to match those in a candidate object
(according to the matching rules defined above).
|
Table 130: Locate Request
Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
No, MAY
be repeated
|
The Unique Identifier of
the located objects.
|
Table 131: Locate Response
Payload
This operation requests that the server check for the
use of a Managed Object according to values specified in the request. This
operation SHOULD only be used when placed in a batched set of operations,
usually following a Locate, Create, Create Pair, Derive Key, Certify,
Re-Certify or Re-Key operation, and followed by a Get operation.
If the server determines
that the client is allowed to use the object according to the specified attributes,
then the server returns the Unique Identifier of the object.
If the server determines
that the client is not allowed to use the object according to the specified
attributes, then the server empties the ID Placeholder and does not return the
Unique Identifier, and the operation returns the set of attributes specified in
the request that caused the server policy denial. The only attributes returned
are those that resulted in the server determining that the client is not
allowed to use the object, thus allowing the client to determine how to
proceed. The operation also returns a failure, and the server SHALL ignore any
subsequent operations in the batch.
The additional objects that MAY be specified in the request are limited to:
·
Usage Limits Count
(see Section 3.16) – The request MAY contain
the usage amount that the client deems necessary to complete its needed
function. This does not require that any subsequent Get Usage Allocation
operations request this amount. It only means that the client is ensuring that
the amount specified is available.
·
Cryptographic
Usage Mask – This is used to specify the cryptographic operations for which the
client intends to use the object (see Section 3.14). This allows the server to determine if the policy allows this client to
perform these operations with the object. Note that this MAY be a different value from the one specified in
a Locate operation that
precedes this operation. Locate, for example, MAY
specify a Cryptographic Usage Mask requesting a key that MAY be used for both Encryption and Decryption, but
the value in the Check operation MAY
specify that the client is only using the key for Encryption at this time.
·
Lease Time – This
specifies a desired lease time (see Section 3.15). The client MAY use this to
determine if the server allows the client to use the object with the specified
lease or longer. Including this attribute in the Check operation does not
actually cause the server to grant a lease, but only indicates that the
requested lease time value MAY be
granted if requested by a subsequent, batched, Obtain Lease operation.
Note that these objects are
not encoded in an Attribute structure as shown in Section 2.1.1
|
Request Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
No
|
Determines the object being checked. If
omitted, then the ID Placeholder value is used by the server as the Unique
Identifier.
|
|
Usage Limits Count, see 3.16
|
No
|
Specifies the number of Usage
Limits Units to be protected to be checked against server policy.
|
|
Cryptographic Usage Mask, see 3.14
|
No
|
Specifies the Cryptographic Usage for which
the client intends to use the object.
|
|
Lease Time, see 3.15
|
No
|
Specifies a Lease Time
value that the Client is asking the server to validate against server policy.
|
Table 132: Check Request Payload
|
Response Payload
|
|
Object
|
REQUIRED
|
Description
|
|
Unique Identifier, see 3.1
|
Yes
|
The Unique Identifier of the object.
|
|
Usage Limits Count, see 3.16
|
No
|
Returned by the Server if the Usage Limits value specified in the
Request Payload is larger than the value that the server policy allows.
|
|
Cryptographic Usage Mask, see 3.14
|
No
|
Returned by the Server if the Cryptographic Usage Mask specified in
the Request Payload is rejected by the server for policy violation.
|
