This stage:

https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.docx (Authoritative)

https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.html

https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.pdf

Previous stage:

N/A

 

This stage:

https://docs.oasis-open.org/kmip/kmip-spec/v3.0/kmip-spec-v3.0.docx  (Authoritative)

https://docs.oasis-open.org/kmip/kmip-spec/v3.0/kmip-spec-v3.0.html

https://docs.oasis-open.org/kmip/kmip-spec/v3.0/kmip-spec-v3.0.pdf

Technical Committee:

OASIS Key Management Interoperability Protocol (KMIP) TC

Chairs:

Greg Scott (greg.scott@cryptsoft.com), Cryptsoft Pty Ltd.

Judith Furlong (Judith.Furlong@dell.com), Dell

Editors:

Greg Scott (greg.scott@cryptsoft.com), Cryptsoft Pty Ltd.

Tony Cox (tony.cox@tclogic.com.au), TC Logic

Related work:

This specification replaces or supersedes:

·       Key Management Interoperability Protocol Specification Version 2.1. Edited by Tony Cox and Charles White. OASIS Standard. Latest stage: https://docs.oasis-open.org/kmip/kmip-spec/v2.1/kmip-spec-v2.1.html

This specification is related to:

·       Key Management Interoperability Protocol Profiles Version 3.0. Edited by Tim Chevalier and Tim Hudson. Latest stage: https://docs.oasis-open.org/kmip/kmip-profiles/v3.0/kmip-profiles-v3.0.html

·       Key Management Interoperability Protocol Test Cases Version 3.0. Work in Progress.

·       Key Management Interoperability Protocol Usage Guide Version 3.0. Work in Progress.

Abstract:

This document is intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

Status:

This document was last revised or approved by the OASIS Key Management Interoperability Protocol (KMIP) TC on the above date. The level of approval is also listed above. Check the “Latest stage” location noted above for possible later revisions of this document. Any other numbered Versions and other technical work produced by the Technical Committee (TC) are listed at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip#technical.

Comments from TC members should be sent directly to the TC's mailing list. Comments may be submitted to the project by any other person through the use of the project’s Comment Facility: https://groups.oasis-open.org/communities/community-home?CommunityKey=2b5e5c66-cc41-4aa5-92ee-018f5aa7dfc4

This specification is provided under the RF on RAND Terms Mode of the OASIS IPR Policy, the mode chosen when the Technical Committee was established. For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the TC’s web page (https://www.oasis-open.org/committees/kmip/ipr.php).

Key words:

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] and [RFC8174] when, and only when, they appear in all capitals, as shown here.

 

Note that any machine-readable content (Computer Language Definitions) declared Normative for this Work Product is provided in separate plain text files. In the event of a discrepancy between any such plain text file and display content in the Work Product's prose narrative document(s), the content in the separate plain text file prevails.

Citation format:

When referencing this specification, the following citation format should be used:

[kmip-spec-v3.0]

Key Management Interoperability Protocol Specification Version 3.0. Edited by Greg Scott and Tony Cox. 23 August 2024. Committee Specification Draft 01. https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.html. Latest Stage: https://docs.oasis-open.org/kmip/kmip-spec/v3.0/kmip-spec-v3.0.html.

 

Notices:

Copyright © OASIS Open 2024. All Rights Reserved.

Distributed under the terms of the OASIS IPR Policy, [https://www.oasis-open.org/policies-guidelines/ipr/]. For complete copyright information please see the full Notices section in an Appendix below.

 

Copyright © OASIS Open 2024. All Rights Reserved.

All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.

This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.

OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.

OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.

The name "OASIS" is a trademark of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see https://www.oasis-open.org/policies-guidelines/trademark for above guidance.

1      Introduction. 13

1.1 IPR Policy. 13

1.2 Terminology. 13

1.3 Normative References. 16

1.4 Non-Normative References. 19

1.5 Item Data Types. 20

2      Objects. 21

2.1 System Objects. 21

2.1.1 User 21

2.1.2 Group. 21

2.1.3 Credentials. 22

2.2 User Objects. 24

2.2.1 Certificate. 24

2.2.2 Certificate Request 25

2.2.3 Opaque Object 25

2.2.4 PGP Key. 26

2.2.5 Private Key. 27

2.2.6 Public Key. 27

2.2.7 Secret Data. 27

2.2.8 Split Key. 28

2.2.9 Symmetric Key. 29

3      Object Data Structures. 30

3.1 Key Block. 30

3.2 Key Value. 31

3.3 Key Wrapping Data. 31

3.4 Transparent Symmetric Key. 33

3.5 Transparent DSA Private Key. 33

3.6 Transparent DSA Public Key. 33

3.7 Transparent RSA Private Key. 33

3.8 Transparent RSA Public Key. 34

3.9 Transparent DH Private Key. 34

3.10 Transparent DH Public Key. 34

3.11 Transparent EC Private Key. 35

3.12 Transparent EC Public Key. 35

4      Object Attributes. 36

4.1 Activation Date. 37

4.2 Alternative Name. 38

4.3 Always Sensitive. 38

4.4 Application Specific Information. 39

4.5 Archive Date. 40

4.6 Certificate Attributes. 40

4.7 Certificate Type. 41

4.8 Certificate Length. 42

4.9 Comment 42

4.10 Compromise Date. 43

4.11 Compromise Occurrence Date. 43

4.12 Contact Information. 44

4.13 Counters. 44

4.13.1 Certify Counter 44

4.13.2 Decrypt Counter 45

4.13.3 Encrypt Counter 45

4.13.4 Sign Counter 46

4.13.5 Signature Verify Counter 46

4.14 Credential Type. 47

4.15 Cryptographic Algorithm.. 47

4.16 Cryptographic Domain Parameters. 48

4.17 Cryptographic Length. 49

4.18 Cryptographic Parameters. 49

4.19 Cryptographic Usage Mask. 51

4.20 Deactivation Date. 51

4.21 Deactivation Reason. 52

4.22 Description. 53

4.23 Destroy Date. 53

4.24 Digest 53

4.25 Digital Signature Algorithm.. 54

4.26 Extractable. 55

4.27 Fresh. 55

4.28 Initial Date. 56

4.29 Key Format Type. 56

4.30 Key Part Identifier 57

4.31 Key Value Location. 58

4.32 Key Value Present 58

4.33 Last Change Date. 59

4.34 Lease Time. 59

4.35 Links. 60

4.35.1 Certificate Link. 61

4.35.2 Certificate Request Link. 61

4.35.3 Child Link. 62

4.35.4 Credential Link. 62

4.35.5 Derivation Base Object Link. 63

4.35.6 Derived Object Link. 63

4.35.7 Group Link. 64

4.35.8 Joined Split Key Parts Link. 64

4.35.9 Next Link. 65

4.35.10 Parent Link. 65

4.35.11 Password Link. 66

4.35.12 PKCS#12 Certificate Link. 67

4.35.13 PKCS#12 Password Link. 67

4.35.14 Previous Link. 68

4.35.15 Private Key Link. 68

4.35.16 Public Key Link. 69

4.35.17 Replaced Object Link. 69

4.35.18 Replacement Object Link. 70

4.35.19 Split Key Base Link. 70

4.35.20 Wrapping Key Link. 71

4.36 Name. 71

4.37 Never Extractable. 72

4.38 NIST Key Type. 72

4.39 NIST Security Category. 73

4.40 Object Class. 73

4.41 Object Type. 74

4.42 Opaque Data Type. 74

4.43 Original Creation Date. 75

4.44 OTP Counter 75

4.45 PKCS#12 Friendly Name. 76

4.46 Process Start Date. 76

4.47 Protect Stop Date. 77

4.48 Protection Level 78

4.49 Protection Period. 78

4.50 Protection Storage Mask. 78

4.51 Quantum Safe. 79

4.52 Random Number Generator 79

4.53 Revocation Reason. 80

4.54 Rotate Automatic. 81

4.55 Rotate Date. 81

4.56 Rotate Generation. 82

4.57 Rotate Interval 82

4.58 Rotate Latest 83

4.59 Rotate Name. 83

4.60 Rotate Offset 84

4.61 Sensitive. 84

4.62 Short Unique Identifier 85

4.63 Split Key Polynomial 85

4.64 Split Key Method. 86

4.65 Split Key Parts. 86

4.66 Split Key Threshold. 87

4.67 State. 87

4.68 Unique Identifier 90

4.69 Usage Limits. 92

4.70 Vendor Attribute. 92

4.71 X.509 Certificate Identifier 93

4.72 X.509 Certificate Issuer 94

4.73 X.509 Certificate Subject 94

5      Attribute Data Structures. 96

5.1 Attributes. 96

5.2 Common Attributes. 96

5.3 Private Key Attributes. 96

5.4 Public Key Attributes. 96

5.5 Attribute Reference. 97

5.6 Current Attribute. 97

5.7 New Attribute. 97

6      Operations. 98

6.1 Client-to-Server Operations. 98

6.1.1 Activate. 99

6.1.2 Add Attribute. 99

6.1.3 Adjust Attribute. 100

6.1.4 Archive. 101

6.1.5 Cancel 102

6.1.6 Certify. 102

6.1.7 Check. 103

6.1.8 Create. 105

6.1.9 Create Credential 106

6.1.10 Create Group. 107

6.1.11 Create Key Pair 108

6.1.12 Create Split Key. 110

6.1.13 Create User 111

6.1.14 Deactivate. 112

6.1.15 Decrypt 113

6.1.16 Delegated Login. 115

6.1.17 Delete Attribute. 115

6.1.18 Derive Key. 116

6.1.19 Destroy. 118

6.1.20 Discover Versions. 118

6.1.21 Encrypt 119

6.1.22 Export 121

6.1.23 Get 122

6.1.24 Get Attributes. 123

6.1.25 Get Attribute List 124

6.1.26 Get Constraints. 125

6.1.27 Get Usage Allocation. 126

6.1.28 Hash. 126

6.1.29 Import 127

6.1.30 Interop. 129

6.1.31 Join Split Key. 129

6.1.32 Locate. 130

6.1.33 Log. 133

6.1.34 Login. 133

6.1.35 Logout 134

6.1.36 MAC. 135

6.1.37 MAC Verify. 136

6.1.38 Modify Attribute. 138

6.1.39 Obliterate. 139

6.1.40 Obtain Lease. 139

6.1.41 Ping. 140

6.1.42 PKCS#11. 141

6.1.43 Poll 142

6.1.44 Process. 142

6.1.45 Query. 143

6.1.46 Query Asynchronous Requests. 146

6.1.47 Recover 147

6.1.48 Register 147

6.1.49 Revoke. 149

6.1.50 Re-certify. 150

6.1.51 Re-key. 151

6.1.52 Re-key Key Pair 153

6.1.53 Re-Provision. 156

6.1.54 RNG Retrieve. 157

6.1.55 RNG Seed. 157

6.1.56 Set Attribute. 158

6.1.57 Set Constraints. 159

6.1.58 Set Defaults. 159

6.1.59 Set Endpoint Role. 160

6.1.60 Sign. 161

6.1.61 Signature Verify. 162

6.1.62 Validate. 164

6.2 Server-to-Client Operations. 165

6.2.1 Discover Versions. 165

6.2.2 Notify. 166

6.2.3 Put 167

6.2.4 Query. 168

6.2.5 Set Endpoint Role. 170

7      Operations Data Structures. 171

7.1 Asynchronous Correlation Values. 171

7.2 Asynchronous Request 171

7.3 Authenticated Encryption Additional Data. 171

7.4 Authenticated Encryption Tag. 171

7.5 Capability Information. 172

7.6 Constraint 172

7.7 Constraints. 172

7.8 Correlation Value. 173

7.9 Credential Information. 173

7.10 Data. 173

7.11 Data Length. 173

7.12 Defaults Information. 174

7.13 Derivation Parameters. 174

7.14 Extension Information. 175

7.15 Final Indicator 175

7.16 Interop Function. 175

7.17 Interop Identifier 176

7.18 Init Indicator 176

7.19 Key Wrapping Specification. 176

7.20 Log Message. 177

7.21 MAC Data. 177

7.22 Objects. 177

7.23 Object Defaults. 177

7.24 Object Groups. 178

7.25 Object Types. 178

7.26 Operations. 178

7.27 PKCS#11 Function. 178

7.28 PKCS#11 Input Parameters. 179

7.29 PKCS#11 Interface. 179

7.30 PKCS#11 Output Parameters. 179

7.31 PKCS#11 Return Code. 179

7.32 Profile Information. 179

7.33 Profile Version. 180

7.34 Protection Storage Masks. 180

7.35 Right 180

7.36 Rights. 181

7.37 RNG Parameters. 181

7.38 Server Information. 182

7.39 Signature Data. 182

7.40 Ticket 182

7.41 Usage Limits. 182

7.42 Validation Information. 183

8      Messages. 184

8.1 Requests. 184

8.1.1 Request Message. 184

8.1.2 Request Header 184

8.1.3 Request Batch Item.. 185

8.2 Responses. 185

8.2.1 Response Message. 185

8.2.2 Response Header 185

8.2.3 Response Batch Item.. 186

9      Message Data Structures. 187

9.1 Asynchronous Correlation Value. 187

9.2 Asynchronous Indicator 187

9.3 Attestation Capable Indicator 187

9.4 Authentication. 187

9.5 Batch Error Continuation Option. 188

9.6 Batch Item.. 188

9.7 Correlation Value (Client) 188

9.8 Correlation Value (Server) 188

9.9 Credential 189

9.10 Maximum Response Size. 191

9.11 Message Extension. 191

9.12 Nonce. 191

9.13 Operation. 191

9.14 Protocol Version. 192

9.15 Result Message. 192

9.16 Result Reason. 192

9.17 Result Status. 192

9.18 Time Stamp. 193

10    Message Protocols. 194

10.1 TTLV. 194

10.1.1 Tag. 194

10.1.2 Type. 194

10.1.3 Length. 195

10.1.4 Value. 195

10.1.5 Padding. 195

10.2 Other Message Protocols. 196

10.2.1 HTTPS. 196

10.2.2 JSON. 196

10.2.3 XML. 196

10.3 Authentication. 196

10.4 Transport 196

11    Enumerations. 197

11.1 Adjustment Type Enumeration. 197

11.2 Alternative Name Type Enumeration. 197

11.3 Asynchronous Indicator Enumeration. 198

11.4 Attestation Type Enumeration. 198

11.5 Batch Error Continuation Option Enumeration. 198

11.6 Block Cipher Mode Enumeration. 199

11.7 Cancellation Result Enumeration. 200

11.8 Certificate Request Type Enumeration. 201

11.9 Certificate Type Enumeration. 201

11.10 Client Registration Method Enumeration. 201

11.11 Credential Type Enumeration. 202

11.12 Cryptographic Algorithm Enumeration. 202

11.13 Data Enumeration. 205

11.14 Deactivation Reason Code Enumeration. 205

11.15 Derivation Method Enumeration. 206

11.16 Destroy Action Enumeration. 207

11.17 Digital Signature Algorithm Enumeration. 207

11.18 DRBG Algorithm Enumeration. 208

11.19 Encoding Option Enumeration. 208

11.20 Endpoint Role Enumeration. 208

11.21 Ephemeral Enumeration. 209

11.22 FIPS186 Variation Enumeration. 209

11.23 Hashing Algorithm Enumeration. 210

11.24 Interop Function Enumeration. 210

11.25 Item Type Enumeration. 211

11.26 Key Compression Type Enumeration. 212

11.27 Key Format Type Enumeration. 212

11.28 Key Role Type Enumeration. 213

11.29 Key Value Location Type Enumeration. 214

11.30 Key Wrap Type Enumeration. 214

11.31 Mask Generator Enumeration. 215

11.32 NIST Key Type Enumeration. 215

11.33 Object Class Enumeration. 216

11.34 Object Type Enumeration. 216

11.35 Opaque Data Type Enumeration. 217

11.36 Operation Enumeration. 217

11.37 OTP Algorithm Enumeration. 219

11.38 Padding Method Enumeration. 219

11.39 PKCS#11 Function Enumeration. 219

11.40 PKCS#11 Return Code Enumeration. 219

11.41 Processing Stage Enumeration. 220

11.42 Profile Name Enumeration. 220

11.43 Protection Level Enumeration. 221

11.44 Put Function Enumeration. 221

11.45 Query Function Enumeration. 222

11.46 Recommended Curve Enumeration. 223

11.47 Result Reason Enumeration. 225

11.48 Result Status Enumeration. 230

11.49 Revocation Reason Code Enumeration. 230

11.50 RNG Algorithm Enumeration. 231

11.51 RNG Mode Enumeration. 231

11.52 Secret Data Type Enumeration. 231

11.53 Shredding Algorithm Enumeration. 232

11.54 Split Key Method Enumeration. 232

11.55 Split Key Polynomial Enumeration. 232

11.56 State Enumeration. 232

11.57 Tag Enumeration. 233

11.58 Ticket Type Enumeration. 245

11.59 Unique Identifier Enumeration. 245

11.60 Unwrap Mode Enumeration. 246

11.61 Usage Limits Unit Enumeration. 247

11.62 Validity Indicator Enumeration. 247

11.63 Wrapping Method Enumeration. 247

11.64 Validation Authority Type Enumeration. 248

11.65 Validation Type Enumeration. 248

12    Bit Masks. 249

12.1 Cryptographic Usage Mask. 249

12.2 Protection Storage Mask. 251

12.3 Storage Status Mask. 251

12.4 Object Class Mask. 251

13    Algorithm Implementation. 252

13.1 Split Key Algorithms. 252

14    KMIP Client and Server Implementation Conformance. 253

14.1 KMIP Client Implementation Conformance. 253

14.2 KMIP Server Implementation Conformance. 253

Appendix A. Acknowledgments. 254

Appendix B. Acronyms. 256

Appendix C. List of Figures and Tables. 259

Appendix D. Revision History. 274

Appendix E. Notices. 276

 

 

This document is intended as a specification of the protocol used for the communication (request and response messages) between clients and servers to perform certain management operations on objects stored and maintained by a key management system. These objects are referred to as Managed Objects in this specification. They include symmetric and asymmetric cryptographic keys and digital certificates. Managed Objects are managed with operations that include the ability to generate cryptographic keys, register objects with the key management system, obtain objects from the system, destroy objects from the system, and search for objects maintained by the system. Managed Objects also have associated attributes, which are named values stored by the key management system and are obtained from the system via operations. Certain attributes are added, modified, or deleted by operations.

This specification is complemented by several other documents. The KMIP Usage Guide [KMIP-UG] provides illustrative information on using the protocol. The KMIP Profiles Specification [KMIP-Prof] provides a normative set of base level conformance profiles and authentication suites that include the specific tests used to test conformance with the applicable KMIP normative documents. The KMIP Test Cases [KMIP-TC] provides samples of protocol messages corresponding to a set of defined test cases that are also used in conformance testing.

This specification defines the KMIP protocol version major 2 and minor 1 (see 6.1).

1.1 IPR Policy

This specification is provided under the RF on RAND Terms Mode of the OASIS IPR Policy, the mode chosen when the Technical Committee was established. For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the TC’s web page (https://www.oasis-open.org/committees/kmip/ipr.php).

1.2 Terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].

For acronyms used in this document, see Appendix B. For definitions not found in this document, see [SP800-57-1].

Term	Definition
Archive	To place information not accessed frequently into long-term storage.
Asymmetric key pair (key pair)	A public key and its corresponding private key; a key pair is used with a public key algorithm.
Authentication	A process that establishes the origin of information, or determines an entity’s identity.
Authentication code	A cryptographic checksum based on a security function.
Authorization	Access privileges that are granted to an entity; conveying an “official” sanction to perform a security function or activity.
Certificate length	The length (in bytes) of an X.509 public key certificate.
Certification authority	The entity in a Public Key Infrastructure (PKI) that is responsible for issuing certificates, and exacting compliance to a PKI policy.
Ciphertext	Data in its encrypted form.
Compromise	The unauthorized disclosure, modification, substitution or use of sensitive data (e.g., keying material and other security-related information).
Confidentiality	The property that sensitive information is not disclosed to unauthorized entities.
Cryptographic algorithm	A well-defined computational procedure that takes variable inputs, including a cryptographic key and produces an output.
Cryptographic key (key)	A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples include: 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature, 5. The computation of an authentication code from data, and 6. The verification of an authentication code from data and a received authentication code.
Decryption	The process of changing ciphertext into plaintext using a cryptographic algorithm and key.
Digest (or hash)	The result of applying a hashing algorithm to information.
Digital signature (signature)	The result of a cryptographic transformation of data that, when properly implemented with supporting infrastructure and policy, provides the services of: 1. origin authentication 2. data integrity, and 3. signer non-repudiation.
Digital Signature Algorithm	A cryptographic algorithm used for digital signature.
Encryption	The process of changing plaintext into ciphertext using a cryptographic algorithm and key.
Hashing algorithm (or hash algorithm, hash function)	An algorithm that maps a bit string of arbitrary length to a fixed length bit string. Approved hashing algorithms satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.
Integrity	The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner.
Key derivation (derivation)	A function in the lifecycle of keying material; the process by which one or more keys are derived from: 1) Either a shared secret from a key agreement computation or a pre-shared cryptographic key, and 2) Other information.
Key management	The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction.
Key wrapping (wrapping)	A method of encrypting and/or MACing/signing keys.
Message Authentication Code (MAC)	A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data.
PGP Key	A RFC 4880-compliant container of cryptographic keys and associated metadata.  Usually text-based (in PGP-parlance, ASCII-armored).
Private key	A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and is not made public. The private key is associated with a public key. Depending on the algorithm, the private key MAY be used to: 1. Compute the corresponding public key, 2. Compute a digital signature that can be verified by the corresponding public key, 3. Decrypt data that was encrypted by the corresponding public key, or 4. Compute a piece of common shared data, together with other information.
Profile	A specification of objects, attributes, operations, message elements and authentication methods to be used in specific contexts of key management server and client interactions (see [KMIP-Prof]).
Public key	A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and that MAY be made public. The public key is associated with a private key. The public key MAY be known by anyone and, depending on the algorithm, MAY be used to: 1. Verify a digital signature that is signed by the corresponding private key, 2. Encrypt data that can be decrypted by the corresponding private key, or 3. Compute a piece of shared data.
Public key certificate (certificate)	A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity.
Public key cryptographic algorithm	A cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that determining the private key from the public key is computationally infeasible.
Public Key Infrastructure	A framework that is established to issue, maintain and revoke public key certificates.
Recover	To retrieve information that was archived to long-term storage.
Split Key	A process by which a cryptographic key is split into n multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of k (where k is less than or equal to n) components is necessary to construct the original key, then knowledge of any k-1 key components provides no information about the original key other than, possibly, its length.
Symmetric key	A single cryptographic key that is used with a secret (symmetric) key algorithm.
Symmetric key algorithm	A cryptographic algorithm that uses the same secret (symmetric) key for an operation and its inverse (e.g., encryption and decryption).
X.509 certificate	The ISO/ITU-T X.509 standard defined two types of certificates – the X.509 public key certificate, and the X.509 attribute certificate. Most commonly (including this document), an X.509 certificate refers to the X.509 public key certificate.
X.509 public key certificate	The public key for a user (or device) and a name for the user (or device), together with some other information, rendered un-forgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard.

Table 1: Terminology

1.3 Normative References

[AWS-SIGV4]         Authenticating Requests (AWS Signature Version 4) https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.htm

[CHACHA]             D. J. Bernstein. ChaCha, a variant of Salsa20. https://cr.yp.to/chacha/chacha-20080128.pdf

[ECC-Brainpool]    ECC Brainpool Standard Curves and Curve Generation v. 1.0.19.10.2005, https://web.archive.org/web/20180408010242/http://www.ecc-brainpool.org/download/Domain-parameters.pdf.

[FIPS180-4]            Secure Hash Standard (SHS), FIPS PUB 180-4, August 2015, https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf.

[FIPS186-4]            Digital Signature Standard (DSS), FIPS PUB 186-4, July 2013, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.

[FIPS197]               Advanced Encryption Standard, FIPS PUB 197, November 2001, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

[FIPS198-1]            The Keyed-Hash Message Authentication Code (HMAC), FIPS PUB 198-1, July 2008, http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf.

[FIPS202]               SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, August 2015. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf

[FIPS203]               Module-Lattice-Based Key-Encapsulation Mechanism Standard, August 2024. https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.203.pdf

[FIPS204]               Module-Lattice-Based Digital Signature Standard, August 2024. https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.204.pdf

[FIPS205]               Stateless Hash-Based Digital Signature Standard, August 2024. https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.205.pdf

[IEEE1003-1]          IEEE Std 1003.1, Standard for information technology - portable operating system interface (POSIX). Shell and utilities, 2004.

[ISO16609]             ISO, Banking -- Requirements for message authentication using symmetric techniques, ISO 16609, 2012.

[ISO9797-1]            ISO/IEC, Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher, ISO/IEC 9797-1, 2011.

[KMIP-Prof]            Key Management Interoperability Protocol Profiles Version 3.0. Edited by Tim Hudson and Tim Chevalier. Latest version: Work in Progress

[PKCS#1]               RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard, June 14, 2002, https://tools.ietf.org/html/rfc8017.

[PKCS#5]               RSA Laboratories, PKCS #5 v2.1: Password-Based Cryptography Standard, October 5, 2006, https://tools.ietf.org/html/rfc8018.

[PKCS#8]               RSA Laboratories, PKCS#8 v1.2: Private-Key Information Syntax Standard, November 1, 1993, https://tools.ietf.org/html/rfc5958.

[PKCS#10]             RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard, May 26, 2000, https://tools.ietf.org/html/rfc2986

[PKCS#11]             OASIS PKCS#11 Cryptographic Token Interface Base Specification Version 3.0

[POLY1305]           Daniel J. Bernstein. The Poly1305-AES Message-Authentication Code. In Henri Gilbert and Helena Handschuh, editors, Fast Software Encryption: 12th International Workshop, FSE 2005, Paris, France, February 21-23, 2005, Revised Selected Papers, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005.

[RFC1319]              B. Kaliski, The MD2 Message-Digest Algorithm, IETF RFC 1319, Apr 1992, http://www.ietf.org/rfc/rfc1319.txt.

[RFC1320]              R. Rivest, The MD4 Message-Digest Algorithm, IETF RFC 1320, April 1992, http://www.ietf.org/rfc/rfc1320.txt.

[RFC1321]              R. Rivest, The MD5 Message-Digest Algorithm, IETF RFC 1321, April 1992, http://www.ietf.org/rfc/rfc1321.txt.

[RFC1421]              J. Linn, Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures, IETF RFC 1421, February 1993, http://www.ietf.org/rfc/rfc1421.txt.

[RFC1424]              B. Kaliski, Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services, IETF RFC 1424, Feb 1993, http://www.ietf.org/rfc/rfc1424.txt.

[RFC2104]              H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-Hashing for Message Authentication, IETF RFC 2104, February 1997, http://www.ietf.org/rfc/rfc2104.txt.

[RFC2119]              Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, March 1997. http://www.ietf.org/rfc/rfc2119.txt.

[RFC2898]              B. Kaliski, PKCS #5: Password-Based Cryptography Specification Version 2.0, IETF RFC 2898, September 2000, http://www.ietf.org/rfc/rfc2898.txt.

[RFC2986]              M. Nystrom and B. Kaliski, PKCS #10:  Certification Request Syntax Specification Version 1.7, IETF RFC2986, November 2000, http://www.rfc-editor.org/rfc/rfc2986.txt.

[RFC3447]              J. Jonsson, B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, IETF RFC 3447, Feb 2003, http://www.ietf.org/rfc/rfc3447.txt.

[RFC3629]              F. Yergeau, UTF-8, a transformation format of ISO 10646, IETF RFC 3629, November 2003, http://www.ietf.org/rfc/rfc3629.txt.

[RFC3686]              R. Housley, Using Advanced Encryption Standard (AES) Counter Mode with IPsec Encapsulating Security Payload (ESP), IETF RFC 3686, January 2004, http://www.ietf.org/rfc/rfc3686.txt.

[RFC4210]              C. Adams, S. Farrell, T. Kause and T. Mononen, Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP), IETF RFC 4210, September 2005, http://www.ietf.org/rfc/rfc4210.txt.

[RFC4211]              J. Schaad, Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF), IETF RFC 4211, September 2005, http://www.ietf.org/rfc/rfc4211.txt.

[RFC4226]              D. M’Raihi, M. Bellare, F. Hoornaert, D. Naccache, O. Ranen, HOTP: An HMACBased One-Time Password Algorithm, IETF RFC 4226, December 2005, http://www.ietf.org/rfc/rfc4226.txt.

[RFC4880]              J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer, OpenPGP Message Format, IETF RFC 4880, November 2007, http://www.ietf.org/rfc/rfc4880.txt.

[RFC4949]              R. Shirey, Internet Security Glossary, Version 2, IETF RFC 4949, August 2007, http://www.ietf.org/rfc/rfc4949.txt.

[RFC5272]              J. Schaad and M. Meyers, Certificate Management over CMS (CMC), IETF RFC 5272, June 2008, http://www.ietf.org/rfc/rfc5272.txt.

[RFC5280]              D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, Internet X.509 Public Key Infrastructure Certificate, IETF RFC 5280, May 2008, http://www.ietf.org/rfc/rfc5280.txt.

[RFC5639]              M. Lochter, J. Merkle, Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation, IETF RFC 5639, March 2010, http://www.ietf.org/rfc/rfc5639.txt.

[RFC5869]              H. Krawczyk, HMAC-based Extract-and-Expand Key Derivation Function (HKDF), IETF RFC5869, May 2010, https://tools.ietf.org/html/rfc5869

[RFC5958]              S. Turner, Asymmetric Key Packages, IETF RFC5958, August 2010, https://tools.ietf.org/rfc/rfc5958.txt

[RFC6238]              D. M’Raihi, S. Machani, M. Pei, J. Rydell, TOTP: Time-Based One-Time Password Algorithm, IETF RFC 6238, May 2011, http://www.ietf.org/rfc/rfc6238.txt

[RFC6402]              J. Schaad, Certificate Management over CMS (CMC) Updates, IETF RFC6402, November 2011, http://www.rfc-editor.org/rfc/rfc6402.txt.

[RFC6818]              P. Yee, Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, IETF RFC6818, January 2013, http://www.rfc-editor.org/rfc/rfc6818.txt.

[RFC7778]              A. Langley, M. Hamburg, S. Turner Elliptic Curves for Security, IETF RFC7748, January 2016, https://tools.ietf.org/html/rfc7748

[RFC9562]              K. Davis, B. Peabody, P. Leach Universally Unique Identifiers (UUIDs), IETF RFC9562, May 2024, https://tools.ietf.org/html/rfc9562

[SEC2]                   SEC 2: Recommended Elliptic Curve Domain Parameters, http://www.secg.org/SEC2-Ver-1.0.pdf.

[SP800-38A]           M. Dworkin, Recommendation for Block Cipher Modes of Operation – Methods and Techniques, NIST Special Publication 800-38A, December 2001, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf

[SP800-38B]           M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B, May 2005, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf

[SP800-38C]           M. Dworkin, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, May 2004, updated July 2007 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf

[SP800-38D]           M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D, Nov 2007, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf.

[SP800-38E]           M. Dworkin, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices, NIST Special Publication 800-38E, January 2010, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf.

[SP800-56A]           E. Barker, L. Chen, A. Roginsky and M. Smid, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, NIST Special Publication 800-56A Revision 2, May 2013, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf.

[SP800-57-1]          E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, Recommendations for Key Management - Part 1: General (Revision 3), NIST Special Publication 800-57 Part 1 Revision 3, July 2012, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf.

[SP800-108]           L. Chen, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), NIST Special Publication 800-108, Oct 2009, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf.

[X.509]                   International Telecommunication Union (ITU)–T, X.509:  Information technology – Open systems interconnection – The Directory:  Public-key and attribute certificate frameworks, November 2008, https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.509-201910-I!!PDF-E&type=items.

[X9.24-1]                ANSI, X9.24 - Retail Financial Services Symmetric Key Management - Part 1: Using Symmetric Techniques, 2009.

[X9.31]                   ANSI, X9.31: Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), September 1998.

[X9.42]                   ANSI, X9.42: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, 2003.

[X9.62]                   ANSI, X9.62: Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005.

[X9.63]                   ANSI, X9.63: Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography, 2011.

[X9.102]                 ANSI, X9.102: Symmetric Key Cryptography for the Financial Services Industry - Wrapping of Keys and Associated Data, 2008.

[X9 TR-31]              ANSI, X9 TR-31: Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms, 2010.

1.4 Non-Normative References

[ISO/IEC 9945-2]    The Open Group, Regular Expressions, The Single UNIX Specification version 2, 1997, ISO/IEC 9945-2:1993, http://www.opengroup.org/onlinepubs/007908799/xbd/re.html.

[KMIP-UG]             Key Management Interoperability Protocol Usage Guide Version 3.0. Work in progress.

[KMIP-TC]              Key Management Interoperability Protocol Test Cases Version 3.0. Edited by Tim Hudson and Mark Joseph. Latest version: Work in Progress

[RFC6151]              S. Turner and L. Chen, Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms, IETF RFC6151, March 2011, http://www.rfc-editor.org/rfc/rfc6151.txt.

[w1979]                  A. Shamir, How to share a secret, Communications of the ACM, vol. 22, no. 11, pp. 612-613, November 1979.

[RFC7292]              K. Moriarty, M. Nystrom, S. Parkinson, A. Rusch, M. Scott. PKCS #12: Personal Information Exchange Syntax v1.1, July 2014, https://tools.ietf.org/html/rfc7292

1.5 Item Data Types

The following are the data types of which all items (Objects, Attributes and Messages) are composed of Integer, Long Integer, Big Integer, Enumeration, Boolean, Text String, Byte String, Date Time, Interval, Date Time Extended, and Structure.

A Key Management System operates on different classes of objects – objects that are subjects of key

management operations (User Objects) and objects that support the operation of the key management

system (System Objects).

All objects within the key management system SHALL have a minimum set of attributes.

Table 2: Minimum required Object attributes

2.1 System Objects

System Objects are objects that support the operation of the key management system.

All System Objects SHALL have an Object Class of System.

Special authentication and authorization SHOULD be enforced when creating or destroying System Objects or when setting, modifying or deleting attributes of System Objects.

2.1.1 User

A user of the key management system.

All User objects within the key management system a minimum set of attributes.

Table 3: Required User Aattributes

2.1.2 Group

A collection of objects within the key management system.

All Group objects within the key management system a minimum set of attributes.

Table 4: Required Group Attributes

2.1.3 Credentials

For each type of Credential in the key management system, there is a corresponding System Object that provides the necessary information for use of the credential by the system for identification or authentication purposes.

2.1.3.1 Password Credential

For the Credential Type of Password, the information required for validating a user-provided password may be supplied in the following methods:

·       The Password field specifies the secret

·       The Password Link attribute references a Secret Data managed object that specifies the secret.

·       The Salted Password and Password Salt Algorithm combined with the optional Password Salt provides an algorithm-based comparison mechanism

One of the above methods SHALL be specified.

If the server stores a salted version of the password rather than the plaintext password then the Password Salt algorithm specifies the salting algorithm and the Password Salt is the optional parameter along with the Password to the salting algorithm and the Salted Password is the result of salting algorithm. If the password is stored in salted form the Password field SHALL NOT be specified.

If the Interation Count is unspecified, the value SHALL default to 100.

The client may either specify the password (in plaintext) or provide sufficient other fields to enable secure initialization.

Table 5: Password Credential Structure

Table 6: Password Credential Attributes

2.1.3.2 Device Credential

For the Credential Type of Device, one or a combination of the Device Serial Number, Network Identifier, Machine Identifier, and Media Identifier SHALL be unique. Server implementations MAY enforce policies on uniqueness for individual fields. A shared secret or password MAY also be used to authenticate the client. The client SHALL provide at least one field.

Table 7: Device Credential Structure

Table 8: Device Credential Attributes

2.1.3.3 One Time Password Credential

If the Credential Type in the Credential is One Time Password, then Credential Value is a structure. The Username field identifies the client, and the Password field is a secret that authenticates the client. The One Time Password field contains a one time password (OTP) which may only be used for a single authentication.

 

Table 9: One Time Password Credential Structure

Table 10: One Time Password Credential Attributes

2.1.3.4 Hashed Password Credential

If the Credential Type in the Credential is Hashed Password, then Credential Value is a structure. The Username field identifies the client. The timestamp is the current timestamp used to produce the hash and SHALL monotonically increase. The Hashing Algorithm SHALL default to SHA 256. The Hashed Password is defined as:

Hashed Password = Hash(S1 || Timestamp) || S2

Where:

·       S1 = Hash(Username || Password)

·       S2 = Hash(Password || Username)  

Table 11: Hashed Password Credential Structure

Table 12: Hashed Password Credential Attributes

2.2 User Objects

Managed Objects are objects that are the subjects of key management operations. Managed Cryptographic Objects are the subset of Managed Objects that contain cryptographic material.

All User Objects SHALL have an Object Class of User.

2.2.1 Certificate

A Managed Cryptographic Object that is a digital certificate. It is a DER-encoded X.509 public key certificate.

All Certificate objects within the key management system SHALL have a minimum set of attributes.

Table 13: Minimum required Certificate Object attributes

 

Table 14: Certificate Object Structure

2.2.2 Certificate Request

A Managed Cryptographic Object containing the Certificate Request.

All Certificate Request objects within the key management system SHALL have a minimum set of attributes.

Table 15: Minimum required Certificate Request Object attributes

 

Table 16: Certificate Request Structure

2.2.3 Opaque Object

A Managed Object that the key management server is possibly not able to interpret. The context information for this object MAY be stored and retrieved using Custom Attributes.

An Opaque Object MAY be a Managed Cryptographic Object depending on the client context of usage and as such is treated in the same manner as a Managed Cryptographic Object for handling of attributes.

All Opaque Object objects within the key management system SHALL have a minimum set of attributes.

Table 17: Minimum required Opaque Object Object attributes

 

Table 18: Opaque Object Structure

2.2.4 PGP Key

A Managed Cryptographic Object that is a text-based representation of a PGP key. The Key Block field, indicated below, will contain the ASCII-armored export of a PGP key in the format as specified in RFC 4880. It MAY contain only a public key block, or both a public and private key block. Two different versions of PGP keys, version 3 and version 4, MAY be stored in this Managed Cryptographic Object.

KMIP implementers SHOULD treat the Key Block field as an opaque blob. PGP-aware KMIP clients SHOULD take on the responsibility of decomposing the Key Block into other Managed Cryptographic Objects (Public Keys, Private Keys, etc.).

All PGP Key objects within the key management system SHALL have a minimum set of attributes.

Table 19: Minimum required PGP Key Object attributes

 

Table 20: PGP Key Object Structure

2.2.5 Private Key

A Managed Cryptographic Object that is the private portion of an asymmetric key pair.

All Private Key objects within the key management system SHALL have a minimum set of attributes.

Table 21: Minimum required Private Key Object attributes

 

Table 22: Private Key Object Structure

2.2.6 Public Key

A Managed Cryptographic Object that is the public portion of an asymmetric key pair. This is only a public key, not a certificate.

All Public Key objects within the key management system SHALL have a minimum set of attributes.

Table 23: Minimum required Public Key Object attributes

 

Table 24: Public Key Object Structure

2.2.7 Secret Data

A Managed Cryptographic Object containing a shared secret value that is not a key or certificate (e.g., a password). The Key Block of the Secret Data object contains a Key Value of the Secret Data Type. The Key Value MAY be wrapped.

All Secret Data objects within the key management system SHALL have a minimum set of attributes.

Table 25: Minimum required Secret Data Object attributes

 

Table 26: Secret Data Object Structure

2.2.8 Split Key

A Managed Cryptographic Object that is a Split Key. A split key is a secret, usually a symmetric key or a private key that has been split into a number of parts, each of which MAY then be distributed to several key holders, for additional security. The Split Key Parts field indicates the total number of parts, and the Split Key Threshold field indicates the minimum number of parts needed to reconstruct the entire key. The Key Part Identifier indicates which key part is contained in the cryptographic object, and SHALL be at least 1 and SHALL be less than or equal to Split Key Parts.

All Split Key objects within the key management system SHALL have a minimum set of attributes.

Table 27: Minimum required Split Key Object attributes

 

Table 28: Split Key Object Structure

2.2.9 Symmetric Key

A Managed Cryptographic Object that is a symmetric key.

All Symmetric Key objects within the key management system SHALL have a minimum set of attributes.

Table 29: Minimum required Symmetric Key Object attributes

 

Table 30: Symmetric Key Object Structure

3.1 Key Block

A Key Block object is a structure used to encapsulate all of the information that is closely associated with a cryptographic key.

The Key Block MAY contain the Key Compression Type, which indicates the format of the elliptic curve public key. By default, the public key is uncompressed.

The Key Block also has the Cryptographic Algorithm and the Cryptographic Length of the key contained in the Key Value field. Some example values are:

Table 31: Key Block Cryptographic Algorithm & Length Description

The Key Block SHALL contain a Key Wrapping Data structure if the key in the Key Value field is wrapped (i.e., encrypted, or MACed/signed, or both).

Table 32: Key Block Object Structure

3.2 Key Value

The Key Value is used only inside a Key Block and is either a Byte String or a:

·       The Key Value structure contains the key material, either as a byte string or as a Transparent Key structure, and OPTIONAL attribute information that is associated and encapsulated with the key material. This attribute information differs from the attributes associated with Managed Objects, and is obtained via the Get Attributes operation, only by the fact that it is encapsulated with (and possibly wrapped with) the key material itself.

·       The Key Value Byte String is either the wrapped TTLV-encoded Key Value structure, or the wrapped un-encoded value of the Byte String Key Material field.

Table 33: Key Value Object Structure

3.3 Key Wrapping Data

The Key Block MAY also supply OPTIONAL information about a cryptographic key wrapping mechanism used to wrap the Key Value. This consists of a Key Wrapping Data structure. It is only used inside a Key Block.

This structure contains fields for:

Table 34: Key Wrapping Data Structure Description

If wrapping is used, then the whole Key Value structure is wrapped unless otherwise specified by the Wrapping Method. The algorithms used for wrapping are given by the Cryptographic Algorithm attributes of the encryption key and/or MAC/signature key; the block-cipher mode, padding method, and hashing algorithm used for wrapping are given by the Cryptographic Parameters in the Encryption Key Information and/or MAC/Signature Key Information, or, if not present, from the Cryptographic Parameters attribute of the respective key(s). Either the Encryption Key Information or the MAC/Signature Key Information (or both) in the Key Wrapping Data structure SHALL be specified.

Table 35: Key Wrapping Data Object Structure

The structures of the Encryption Key Information  and the MAC/Signature Key Information  are as follows:

Table 36: Encryption Key Information Object Structure

Table 37: MAC/Signature Key Information Object Structure

3.4 Transparent Symmetric Key

If the Key Format Type in the Key Block is Transparent Symmetric Key, then Key Material is a structure.

Table 38: Key Material Object Structure for Transparent Symmetric Keys

3.5 Transparent DSA Private Key

If the Key Format Type in the Key Block is Transparent DSA Private Key, then Key Material is a structure.

Table 39: Key Material Object Structure for Transparent DSA Private Keys

3.6 Transparent DSA Public Key

If the Key Format Type in the Key Block is Transparent DSA Public Key, then Key Material is a structure.

Table 40: Key Material Object Structure for Transparent DSA Public Keys

3.7 Transparent RSA Private Key

If the Key Format Type in the Key Block is Transparent RSA Private Key, then Key Material is a structure.

Table 41: Key Material Object Structure for Transparent RSA Private Keys

One of the following SHALL be present (refer to [PKCS#1]):

·       Private Exponent,

·       P and Q (the first two prime factors of Modulus), or

·       Prime Exponent P and Prime Exponent Q.

3.8 Transparent RSA Public Key

If the Key Format Type in the Key Block is Transparent RSA Public Key, then Key Material is a structure.

Table 42: Key Material Object Structure for Transparent RSA Public Keys

3.9 Transparent DH Private Key

If the Key Format Type in the Key Block is Transparent DH Private Key, then Key Material is a structure.

Table 43: Key Material Object Structure for Transparent DH Private Keys

3.10 Transparent DH Public Key

If the Key Format Type in the Key Block is Transparent DH Public Key, then Key Material is a.

Table 44: Key Material Object Structure for Transparent DH Public Keys

3.11 Transparent EC Private Key

If the Key Format Type in the Key Block is Transparent EC Private Key, then Key Material is a structure.

Table 45: Key Material Object Structure for Transparent EC Private Keys

3.12 Transparent EC Public Key

If the Key Format Type in the Key Block is Transparent EC Public Key, then Key Material is a structure.

Table 46: Key Material Object Structure for Transparent EC Public Keys

 

The following subsections describe the attributes that are associated with Managed Objects. Attributes that an object MAY have multiple instances of are referred to as multi-instance attributes. All instances of an attribute SHOULD have a different value. Similarly, attributes which an object SHALL only have at most one instance of are referred to as single-instance attributes. Attributes are able to be obtained by a client from the server using the Get Attribute operation. Some attributes are able to be set by the Add Attribute operation or updated by the Modify Attribute operation, and some are able to be deleted by the Delete Attribute operation if they no longer apply to the Managed Object. Read-only attributes are attributes that SHALL NOT be modified by either server or client, and that SHALL NOT be deleted by a client.

When attributes are returned by the server (e.g., via a Get Attributes operation), the attribute value returned SHALL NOT differ for different clients unless specifically noted against each attribute.

The first table in each subsection contains the attribute name in the first row. This name is the canonical name used when managing attributes using the Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, and Delete Attribute operations.

A server SHALL NOT delete attributes without receiving a request from a client until the object is destroyed. After an object is destroyed, the server MAY retain all, some or none of the object attributes, depending on the object type and server policy.

The second table in each subsection lists certain attribute characteristics (e.g., “SHALL always have a value. The server policy MAY further restrict these attribute characteristics.

Table 47: Attribute Rules

There are default values for some mandatory attributes of Cryptographic Objects. The values in use by a particular server are available via Query. KMIP servers SHALL supply values for these attributes if the client omits them.

Table 48: Default Cryptographic Parameters

All characters within an Attribute Name are significant. A server SHALL NOT trim leading or trailing whitespace from Attribute Names if the client uses attributes of this format.

4.1 Activation Date

The Activation Date attribute contains the date and time when the Managed Object MAY begin to be used. This time corresponds to state transition. The object SHALL NOT be used for any cryptographic purpose before the Activation Date has been reached. Once the state transition from Pre-Active has occurred, then this attribute SHALL NOT be changed or deleted before the object is destroyed.

Table 49: Activation Date Attribute

Table 50: Activation Date Attribute Rules

4.2 Alternative Name

The Alternative Name attribute is used to identify and locate the object. This attribute is assigned by the client, and the Alternative Name Value is intended to be in a form that humans are able to interpret. The key management system MAY specify rules by which the client creates valid alternative names. Clients are informed of such rules by a mechanism that is not specified by this standard. Alternative Names MAY NOT be unique within a given key management server.

Table 51: Alternative Name Attribute Structure

Table 52: Alternative Name Attribute Rules

4.3 Always Sensitive

The server SHALL create this attribute, and set it to True if the Sensitive attribute has always been True. The server SHALL set it to False if the Sensitive attribute has ever been set to False.

Table 53: Always Sensitive Attribute

Table 54: Always Sensitive Attribute Rules

4.4 Application Specific Information

The Application Specific Information attribute is a structure used to store data specific to the application(s) using the Managed Object. It consists of the following fields: an Application Namespace and Application Data specific to that application namespace.

Clients MAY request to set (i.e., using any of the operations that result in new Managed Object(s) on the server or adding/modifying the attribute of an existing Managed Object an instance of this attribute with a particular Application Namespace while omitting Application Data. In that case, if the server supports this namespace (as indicated by the Query operation), then it SHALL return a suitable Application Data value. If the server does not support this namespace, then an error SHALL be returned.

 

Table 55: Application Specific Information Attribute

 

Table 56: Application Specific Information Attribute Rules

4.5 Archive Date

The Archive Date attribute is the date and time when the Managed Object was placed in archival storage. This value is set by the server as a part of the Archive operation. The server SHALL delete this attribute whenever a Recover operation is performed.

Table 57: Archive Date Attribute

Table 58: Archive Date Attribute Rules

4.6 Certificate Attributes

The Certificate Attributes are the various items included in a certificate or certificate request. The following list is based on RFC2253.

Table 59: Certificate Attributes (Subject)

The Certificate Attributes are the various items included in a certificate. The following list is based on RFC2253.

Table 60: Certificate Attributes (Issuer)

 

Table 61: Certificate Attribute Rules

4.7 Certificate Type

The Certificate Type attribute is a type of certificate (e.g., X.509).

The Certificate Type value SHALL be set by the server when the certificate is created or registered and then SHALL NOT be changed or deleted before the object is destroyed.

Table 62: Certificate Type Attribute

Table 63: Certificate Type Attribute Rules

4.8 Certificate Length

The Certificate Length attribute is the length in bytes of the Certificate object. The Certificate Length SHALL be set by the server when the object is created or registered, and then SHALL NOT be changed or deleted before the object is destroyed.

Table 64: Certificate Length Attribute

Table 65: Certificate Length Attribute Rules

4.9 Comment

The Comment attribute is used for descriptive purposes only. It is not used for policy enforcement. The attribute is set by the client or the server.

 

Table 66: Comment Attribute

Table 67: Comment Rules

4.10 Compromise Date

The Compromise Date attribute contains the date and time when the Managed Cryptographic Object entered into the compromised state. This time corresponds to state transitions 3, 5, 8, or 10. This time indicates when the key management system was made aware of the compromise, not necessarily when the compromise occurred. This attribute is set by the server when it receives a Revoke operation with a Revocation Reason containing a Revocation Reason Code of Compromised code, or due to server policy or out-of-band administrative action.

Table 68: Compromise Date Attribute

Table 69: Compromise Date Attribute Rules

4.11 Compromise Occurrence Date

The Compromise Occurrence Date attribute is the date and time when the Managed Object was first believed to be compromised. If it is not possible to estimate when the compromise occurred, then this value SHOULD be set to the Initial Date for the object.

Table 70: Compromise Occurrence Date Attribute

Table 71: Compromise Occurrence Date Attribute Rules

4.12 Contact Information

The Contact Information attribute is used for descriptive purposes only. It is not used for policy enforcement. The attribute is set by the client or the server.

Table 72: Contact Information Attribute

Table 73: Contact Information Attribute Rules

4.13 Counters

There are object attributes with name suffixes that identify themselves as “Counter” attributes.  These attributes serve to record a successful instance of usage of an object as the subject of a KMIP operation. The prefix of the attribute name states the nature of the counter (which operation). Modification of this attribute is performed by the server via incrementing the counter value on each instance of “use”.

 “Counter” attributes SHALL be present for Certificates, Certificate Requests, Private keys, Public keys and Symmetric keys.

4.13.1 Certify Counter

The Certify Counter attribute is recorded against a given object and records each instance of a successful certify operation being performed on that object.

The Certify Counter SHALL be incremented upon completion of a successful Certify or Recertify operation.

Table 74: Certify Counter Attribute

Table 75: Certify Counter Attribute Rules

4.13.2 Decrypt Counter

The Decrypt Counter attribute is recorded against a given object and records each incidence of a successful decrypt operation being performed using that object.

The Decrypt Counter SHALL be incremented upon completion of a successful Decrypt operation.

Table 76: Decrypt Counter Attribute

Table 77: Decrypt Counter Attribute Rules

4.13.3 Encrypt Counter

The Encrypt Counter attribute is recorded against a given object and records each incidence of a successful encrypt operation being performed using that object.

The Encrypt Counter SHALL be incremented upon completion of a successful Encrypt operation.

Table 78: Encrypt Counter Attribute

Table 79: Encrypt Counter Attribute Rules

4.13.4 Sign Counter

The Sign Counter attribute is recorded against a object and records each incidence of a successful sign operation being performed using that object.

The Sign Counter SHALL be incremented upon completion of a successful Sign operation.

Table 80: Sign Counter Attribute

Table 81: Sign Counter Attribute Rules

4.13.5 Signature Verify Counter

The Signature Verify Counter attribute is recorded against an object and records each incidence of a successful Signature Verify operation being performed on that object.

The Signature Verify Counter SHALL be incremented upon completion of a successful Signature Verify operation.

Table 82: Signature Verify Counter Attribute

Table 83: Signature Verify Counter Attribute Rules

4.14 Credential Type

The Credential Type of a System Object SHALL be set by the server when the object is created and then SHALL NOT be changed or deleted before the object is destroyed.

Table 84: Credential Type Attribute

Table 85: Credential Type Attribute Rules

4.15 Cryptographic Algorithm

The Cryptographic Algorithm of an object. The Cryptographic Algorithm of a Certificate object identifies the algorithm for the public key contained within the Certificate. The digital signature algorithm used to sign the Certificate is identified in the Digital Signature Algorithm attribute. This attribute SHALL be set by the server when the object is created or registered and then SHALL NOT be changed or deleted before the object is destroyed.

Table 86: Cryptographic Algorithm Attribute

Table 87: Cryptographic Algorithm Attribute Rules

4.16 Cryptographic Domain Parameters

The Cryptographic Domain Parameters attribute is a structure that contains fields that MAY need to be specified in the Create Key Pair Request Payload. Specific fields MAY only pertain to certain types of Managed Cryptographic Objects.

The domain parameter Qlength correponds to the bit length of parameter Q (refer to [RFC7778], [SEC2] and [SP800-56A]).

Qlength applies to algorithms such as DSA and DH. The bit length of parameter P (refer to to [RFC7778], [SEC2] and [SP800-56A]) is specified separately by setting the Cryptographic Length attribute.

Recommended Curve is applicable to elliptic curve algorithms such as ECDSA, ECDH, and ECMQV.

Table 88: Cryptographic Domain Parameters Attribute Structure

 

Table 89: Cryptographic Domain Parameters Attribute Rules

4.17 Cryptographic Length

For keys, Cryptographic Length is the length in bits of the clear-text cryptographic key material of the Managed Cryptographic Object. For certificates, Cryptographic Length is the length in bits of the public key contained within the Certificate. This attribute SHALL be set by the server when the object is created or registered, and then SHALL NOT be changed or deleted before the object is destroyed.

Table 90: Cryptographic Length Attribute

Table 91: Cryptographic Length Attribute Rules

4.18 Cryptographic Parameters

The Cryptographic Parameters attribute is a structure that contains a set of OPTIONAL fields that describe certain cryptographic parameters to be used when performing cryptographic operations using the object. Specific fields MAY pertain only to certain types of Managed Objects. The Cryptographic Parameters attribute of a Certificate object identifies the cryptographic parameters of the public key contained within the Certificate.

The Cryptographic Algorithm is also used to specify the parameters for cryptographic operations. For operations involving digital signatures, either the Digital Signature Algorithm can be specified or the Cryptographic Algorithm and Hashing Algorithm combination can be specified.

Random IV can be used to request that the KMIP server generate an appropriate IV for a cryptographic operation that uses an IV. The generated Random IV is returned in the response to the cryptographic operation.

IV Length is the length of the Initialization Vector in bits. This parameter SHALL be provided when the specified Block Cipher Mode supports variable IV lengths such as CTR or GCM.

Tag Length is the length of the authenticator tag in bytes. This parameter SHALL be provided when the Block Cipher Mode is GCM.

The IV used with counter modes of operation (e.g., CTR and GCM) cannot repeat for a given cryptographic key. To prevent an IV/key reuse, the IV is often constructed of three parts: a fixed field, an invocation field, and a counter as described in [SP800-38A] and [SP800-38D]. The Fixed Field Length is the length of the fixed field portion of the IV in bits. The Invocation Field Length is the length of the invocation field portion of the IV in bits. The Counter Length is the length of the counter portion of the IV in bits.

Initial Counter Value is the starting counter value for CTR mode (for [RFC3686] it is 1).

Table 92: Cryptographic Parameters Attribute Structure

 

Table 93: Cryptographic Parameters Attribute Rules

4.19 Cryptographic Usage Mask

The Cryptographic Usage Mask attribute defines the cryptographic usage of a key. This is a bit mask that indicates to the client which cryptographic functions MAY be performed using the key, and which ones SHALL NOT be performed.

The State of a managed object SHALL also be checked prior to depending on the Cryptographic Usage Mask as the mask represents the permitted usage subject to the State of the managed object. Changes to an object State SHALL NOT change the Cryptographic Usage Mask.

 

Table 94: Cryptographic Usage Mask Attribute

Table 95: Cryptographic Usage Mask Attribute Rules

4.20 Deactivation Date

The Deactivation Date attribute is the date and time when the Managed Object SHALL NOT be used for any purpose, except for decryption, signature verification, or unwrapping, but only under extraordinary circumstances and only when special permission is granted. This time corresponds to state transition 6. This attribute SHALL NOT be changed or deleted before the object is destroyed, unless the object is in the Pre-Active or Active state.

Table 96: Deactivation Date Attribute

Table 97: Deactivation Date Attribute Rules

4.21 Deactivation Reason

The Deactivation Reason attribute records the reason for an object’s deactivation (e.g., “Usage limit reached”, “Validity Date” passed, etc).

The Deactivation Message is an OPTIONAL field that is used exclusively for audit trail/logging purposes and MAY contain additional information about why the object was deactivated (e.g., “Machine decommissioned”).

Table 98: Deactivation Reason Attribute

Table 99: Deactivation Reason Attribute Rules

4.22 Description

The Description attribute is used for descriptive purposes only. It is not used for policy enforcement. The attribute is set by the client or the server.

 

Table 100: Description Attribute

Table 101: Description Attribute Rules

4.23 Destroy Date

The Destroy Date attribute is the date and time when the Managed Object was destroyed. This time corresponds to state transitions 2, 7, or 9  This value is set by the server when the object is destroyed due to the reception of a Destroy operation, or due to server policy or out-of-band administrative action.

Table 102: Destroy Date Attribute

Table 103: Destroy Date Attribute Rules

4.24 Digest

The Digest attribute is a structure that contains the digest value of the key or secret data (i.e., digest of the Key Material), certificate (i.e., digest of the Certificate Value), or opaque object (i.e., digest of the Opaque Data Value). If the Key Material is a Byte String, then the Digest Value SHALL be calculated on this Byte String. If the Key Material is a structure, then the Digest Value SHALL be calculated on the TTLV-encoded Key Material structure. The Key Format Type field in the Digest attribute indicates the format of the Managed Object from which the Digest Value was calculated. Multiple digests MAY be calculated using different algorithms and/or key format types. If this attribute exists, then it SHALL have a mandatory attribute instance computed with the SHA-256 hashing algorithm and the default Key Value Format for this object type and algorithm. Clients may request via supplying a non-default Key Format Value attribute on operations that create a Managed Object, and the server SHALL produce an additional Digest attribute for that Key Value Type. The digest(s) are static and SHALL be set by the server when the object is created or registered, provided that the server has access to the Key Material or the Digest Value (possibly obtained via out-of-band mechanisms).

Table 104: Digest Attribute Structure

Table 105: Digest Attribute Rules

4.25 Digital Signature Algorithm

The Digital Signature Algorithm attribute identifies the digital signature algorithm associated with a digitally signed object (e.g., Certificate).  This attribute SHALL be set by the server when the object is created or registered and then SHALL NOT be changed or deleted before the object is destroyed.

Table 106: Digital Signature Algorithm Attribute

Table 107: Digital Signature Algorithm Attribute Rules

4.26 Extractable

If False then the server SHALL prevent the object value being retrieved (via the Get operation). The server SHALL set its value to True if not provided by the client.

Table 108: Extractable Attribute

Table 109: Extractable Attribute Rules

4.27 Fresh

The Fresh attribute is a Boolean attribute that indicates that the object has not yet been served to a client using a Get operation. The Fresh attribute SHALL be set to True when a new object is created on the server unless the client provides a False value in Register or Import. The server SHALL change the attribute value to False as soon as the object has been served via the Get operation to a client.

Table 110: Fresh Attribute

Table 111: Fresh Attribute Rules

4.28 Initial Date

The Initial Date attribute contains the date and time when the Managed Object was first created or registered at the server. This time corresponds to state transition 1. This attribute SHALL be set by the server when the object is created or registered, and then SHALL NOT be changed or deleted before the object is destroyed. This attribute is also set for non-cryptographic objects when they are first registered with the server.

Table 112: Initial Date Attribute

Table 113: Initial Date Attribute Rules

4.29 Key Format Type

The Key Format Type attribute is a required attribute of a Cryptographic Object. It is set by the server, but a particular Key Format Type MAY be requested by the client if the cryptographic material is produced by the server (i.e., Create, Create Key Pair, Create Split Key, Re-key, Re-key Key Pair, Derive Key) on the client’s behalf. The server SHALL comply with the client’s requested format or SHALL fail the request. When the server calculates a Digest for the object, it SHALL compute the digest on the data in the assigned Key Format Type, as well as a digest in the default KMIP Key Format Type for that type of key and the algorithm requested (if a non-default value is specified).

Table 114: Key Format Type Attribute

Table 115: Key Format Type Attribute Rules

Keys have a default Key Format Type that SHALL be produced by KMIP servers. The default Key Format Type by object (and algorithm) is listed in the following table:

Table 116: Default Key Format Type, by Object

4.30 Key Part Identifier

The Key Part Identifier is specified by the client to indicate which key part is contained in the Split Key object.

 

Table 117: Key Part Identifier Attribute

Table 118: Key Part Identifier Rules

4.31 Key Value Location

Key Value Location MAY be specified by the client when the Key Value is omitted from the Key Block in a Register request. Key Value Location is used to indicate the location of the Key Value absent from the object being registered..

Table 119: Key Value Location Attribute

Table 120: Key Value Location Attribute Rules

4.32 Key Value Present

Key Value Present is an attribute of the managed object created by the server. It SHALL NOT be specified by the client in a Register request. Key Value Present SHALL be created by the server if the Key Value is absent from the Key Block in a Register request. The value of Key Value Present SHALL NOT be modified by either the client or the server. Key Value Present attribute MAY be used as a part of the Locate operation.

Table 121: Key Value Present Attribute

Table 122: Key Value Present Attribute Rules

4.33 Last Change Date

The Last Change Date attribute contains the date and time of the last change of the specified object.

Table 123: Last Change Date Attribute

Table 124: Last Change Date Attribute Rules

4.34 Lease Time

The Lease Time attribute defines a time interval for a Managed Object beyond which the client SHALL NOT use the object without obtaining another lease. This attribute always holds the initial length of time allowed for a lease, and not the actual remaining time. Once its lease expires, the client is only able to renew the lease by calling Obtain Lease. A server SHALL store in this attribute the maximum Lease Time it is able to serve and a client obtains the lease time (with Obtain Lease) that is less than or equal to the maximum Lease Time. This attribute is read-only for clients. It SHALL be modified by the server only.

Table 125: Lease Time Attribute

Table 126: Lease Time Attribute Rules

4.35 Links

There are object attributes with name suffixes that identify themselves as “Link” attributes.  These attributes serve to document a relationship from a particular Managed Object (the “source”) to another, closely related (the “target”) Managed Object. The prefix of the attribute name states the nature of the relationship between the source Managed Object and the target Managed Object. The Link identifies the target Managed Object by its Unique Identifier (or by a reference to a Unique Identifier in the current batch of operations) or by the Name of the Managed Object. Examples of such “Link” attributes would include the private key corresponding to a public key; the parent certificate for a certificate in a chain; or for a derived symmetric key, the base key from which it was derived.

A Name Reference indicates a link to whichever Managed Object has the matching Name attribute. A Reference is early-binding (to a specific unique object) and a Name Reference is late-binding (to whichever object currently has the matching Name attribute). The Managed Object that is the target of the Link MAY NOT exist (the object may not have been present in the key management system or may have been present and subsequently destroyed or obliterated.

“Link” attributes SHOULD be present for private keys and public keys for which a certificate chain is stored by the server, and for certificates in a certificate chain.  Where possible, reverse relationships (e.g, the public key corresponding to a private key) SHOULD also be present, but in these cases the “source” and “target” roles are reversed.

Some “Link” attributes are multi-instance (e.g., the Symmetric Key or Secret Data objects that were derived from a base object), but usually “Link” attributes are single instance. 

It is also possible that a Managed Object does not have “links” to associated cryptographic objects. This MAY occur in cases where the associated key material is not available to the server or client (e.g., the registration of a CA Signer certificate with a server, where the corresponding private key is held in a different manner).

Table 127: Linked Object Identifier encoding descriptions

4.35.1 Certificate Link

The Certificate Link attribute expresses an association from related Managed Cryptographic Objects (e.g. Public Key(s) or Certificate) to a Certificate. The value identifies the target Certificate by its Unique Identifier (or functional equivalent). A public key may be associated with multiple Certificates, so the attribute is multi-valued.  A Certificate in a certificate chain SHOULD have a Certificate Link to its parent certificate (if any).

It is also possible that a Managed Object does not have links to associated cryptographic objects. This MAY occur in cases where the associated key material is not made available to the server or client (e.g., the registration of a certificate with a server without the registration of the corresponding public key with a Certificate Link to that certificate).

Table 128: Certificate Link Attribute

Table 129: Certificate Link Attribute Rules

4.35.2 Certificate Request Link

The Certificate Request Link attribute expresses an association from related Managed Cryptographic Objects (e.g. Public Key(s) or Certificate) to a Certificate Request. The value identifies the target Certificate Request by its Unique Identifier (or functional equivalent). A certificate request may be associated with multiple Certificates, so the attribute is multi-valued.  A Certificate produced from a Certificate Request as the result of a Certify or Re-certify Operation SHALL have a Certificate Request Link.

 

Table 130: Certificate Request Link Attribute

Table 131: Certificate Request Link Attribute Rules

4.35.3 Child Link

The Child Link attribute expresses an association (subordination, delegation, or other association) from one Managed Cryptographic Object to another. The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 132: Child Link Attribute

Table 133: Child Link Attribute Rules

4.35.4 Credential Link

The Credential Link attribute expresses an association between Objects where the target is used as a Credential. The value identifies the target Object by its Unique Identifier (or functional equivalent).

The Credential Link target object will typically be one of a Certificate Managed Object or a Credentials System Object. Special authentication and authorization SHOULD be enforced when setting, modifying or deleting this attribute.

Table 134: Credential Link Attribute

Table 135: Credential Link Attribute Rules

4.35.5 Derivation Base Object Link

The Derivation Base Object Link attribute expresses an association from a derived Symmetric Key or Secret Data object to the Managed Cryptographic Object(s) from which it was derived. The value identifies the target base Object(s) by its/their Unique Identifier(s) (or functional equivalent).

Table 136: Derivation Base Object Link Attribute

Table 137: Derivation Base Object Link Attribute Rules

4.35.6 Derived Object Link

The Derived Object Link attribute identifies the Symmetric Keys or Secret Data objects derived from other Managed Cryptographic Objects. The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 138: Derived Object Link Attribute

Table 139: Derived Object Link Attribute Rules

4.35.7 Group Link

The Group Link attribute identifies the group that a managed object is a member of. The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 140: Group Link Attribute

Table 141: Group Link Attribute Rules

4.35.8 Joined Split Key Parts Link

The Joined Split Key Parts Link attribute identifies the joined key with the split key parts from which it was created (joined). The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 142: Joined Split Key Parts Link Attribute

Table 143: Joined Split Key Parts Link Attribute Rules

4.35.9 Next Link

The Next Link attribute expresses an association from one Managed Cryptographic Object to the next one, typically in a Group. The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 144: Next Link Attribute

Table 145: Next Link Attribute Rules

4.35.10 Parent Link

The Parent Link attribute expresses an association from one Managed Object to another. The association is that of super ordination, amalgamation, or sublimation into a larger whole, so effectively is the converse of Child Link. The value identifies the target Managed Object by its Unique Identifier (or functional equivalent).

Table 146: Parent Link Attribute

Table 147: Parent Link Attribute Rules

4.35.11 Password Link

The Password Link attribute expresses an association between Objects where the target is used as a password. The value identifies the target Object by its Unique Identifier (or functional equivalent).

The Password Link target object will typically be a Secret Data Managed Object or a Password Credential or Hashed Password Credential System Object.

Special authentication and authorization SHOULD be enforced when setting, modifying or deleting this attribute.

Table 148: Password Link Attribute

Table 149: Password Link Attribute Rules

4.35.12 PKCS#12 Certificate Link

The PKCS#12 Certificate Link attribute expresses an association from a Private Key to an associated Certificate. The value identifies the target Certificate by its Unique Identifier (or functional equivalent).

Table 150: PKCS#12 Certificate Link Attribute

Table 151: PKCS#12 Certificate Link Attribute Rules

4.35.13 PKCS#12 Password Link

The PKCS#12 Password Link attribute expresses an association from a Private Key to the Secret Data holding the password to be used to wrap/unwrap the PKCS#12 content delivered when the key is registered or gotten. The value identifies the target Secret Data object by its Unique Identifier (or functional equivalent).

Table 152: PKCS#12 Password Link Attribute

Table 153: PKCS#12 Password Link Attribute Rules

4.35.14 Previous Link

The Previous Link attribute expresses an association (e.g., chaining) from certain related Managed Cryptographic Objects to others, usually in a Group. The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 154: Previous Link Attribute

Table 155: Previous Link Attribute Rules

4.35.15 Private Key Link

The Private Key Link attribute is an attribute used to express an association from a Public Key to its associated Private Key. The value identifies the target Object by its Unique Identifier (or functional equivalent).

It is also possible that a Public Key may have been Registered without the associated Private Key, so this link attribute may quite often be absent.

Table 156: Private Key Link Attribute

Table 157: Private Key Link Attribute Rules

4.35.16 Public Key Link

The Private Key Link attribute is an attribute used to express an association from certain related Managed Cryptographic Objects (e.g. Certificate, Private Key) to a Public Key. The value identifies the target object by its Unique Identifier (or functional equivalent)

Table 158: Public Link Attribute

Table 159: Public Key Link Attribute Rules

4.35.17 Replaced Object Link

The Replaced Object Link attribute is an attribute used to express an association from certain Managed Cryptographic Objects to their predecessor.  For a symmetric Key, a Private Key or a Public Key, the link specifies the Unique Identifier of the key that was re-keyed to obtain the current object.  For a Certificate, the link specifies the certificate that was re-certified to obtain the current one. The value identifies the target object by its Unique Identifier (or functional equivalent).

Table 160: Replaced Object Link Attribute

Table 161: Replaced Object Link Attribute Rules

4.35.18 Replacement Object Link

The Replacement Object Link attribute is an attribute used to express an association from outdated Managed Cryptographic Objects (e.g. Private Key, Public Key) to their replacements. For a Symmetric Key, a Private Key or a Public Key, the value refers to the key that resulted from the re-key of the current object.  For a Certificate, the link refers to the certificate that resulted from the re-certification of the current one. There SHALL be only one replacement object per Managed Object

Table 162: Replacement Object Link Attribute

Table 163: Replacement Object Link Attribute Rules

4.35.19 Split Key Base Link

The Split Key Base Link attribute associates the split key parts with the original object that was split. The value identifies the target Object by its Unique Identifier (or functional equivalent).

Table 164: Split Key Base Link Attribute

Table 165: Split Key Base Link Attribute Rules

4.35.20 Wrapping Key Link

The Wrapping Key Link attribute is an attribute used to express an association from a wrapped key to the Managed Cryptographic Object used to wrap (encrypt) it.

Table 166: Wrapping Key Link Attribute

Table 167: Wrapping Key Link Attribute Rules

4.36 Name

The Name attribute is a text string used to identify and locate an object. This attribute is assigned by the client, and the Name is intended to be in a form that humans are able to interpret. The key management system MAY specify rules by which the client creates valid names. Clients are informed of such rules by a mechanism that is not specified by this standard. Names SHALL be unique within a given key management server, but are NOT REQUIRED to be globally unique.

Table 168: Name Attribute

Table 169: Name Attribute Rules

4.37 Never Extractable

The server SHALL create this attribute, and set it to True if the Extractable attribute has always been False.

The server SHALL set it to False if the Extractable attribute has ever been set to True.

Table 170: Never Extractable Attribute

Table 171: Never Extractable Attribute Rules

4.38 NIST Key Type

The NIST SP800-57 Key Type is an attribute of a Key (or Secret Data object). It MAY be set by the client, preferably when the object is registered or created.  Although the attribute is optional, once set, MAY NOT be deleted or modified by either the client or the server.  This attribute is intended to reflect the NIST SP-800-57 view of cryptographic material, so an object SHOULD have only one usage (see [SP800-57-1] for rationale), but this is not enforced at the server.

Table 172 SP800-57 Key Type Attribute

Table 173 SP800-57 Key Type Attribute Rules

4.39 NIST Security Category

The NIST Security Category is a number associated with the security strength of a post-quantum cryptographic algorithm as specified by NIST. FIPS-203, FIPS-204 and FIPS-205 define the current meaning of the category values.

 

Table 172 NIST Security Category Attribute

Table 173 NIST Security Category Attribute Rules

4.40 Object Class

All Managed Objects SHALL have a specified Object Class. The object class for a managed object is immutable. If an Object Class is not explicitly specified when creating an object, the Object Class SHALL be User.

Table 174: Object Class Attribute

Table 175: Object Class Attribute Rules

4.41 Object Type

The Object Type of a Managed Object (e.g., public key, private key, symmetric key, etc.) SHALL be set by the server when the object is created or registered and then SHALL NOT be changed or deleted before the object is destroyed.

Table 176: Object Type Attribute

Table 177: Object Type Attribute Rules

4.42 Opaque Data Type

The Opaque Data Type of an Opaque Object SHALL be set by the server when the object is registered and then SHALL NOT be changed or deleted before the object is destroyed.

Table 178: Opaque Data Type Attribute

Table 179: Opaque Data Type Attribute Rules

4.43 Original Creation Date

The Original Creation Date attribute contains the date and time the object was originally created, which can be different from when the object is registered with a key management server.

It is OPTIONAL for an object being registered by a client. The Original Creation Date MAY be set by the client during a Register operation. If no Original Creation Date attribute was set by the client during a Register operation, it MAY do so at a later time through an Add Attribute operation for that object.

It is mandatory for an object created on the server as a result of a Create, Create Key Pair, Derive Key, Re-key, or Re-key Key Pair operation. In such cases the Original Creation Date SHALL be set by the server and SHALL be the same as the Initial Date attribute.

In all cases, once the Original Creation Date is set, it SHALL NOT be deleted or updated.

Table 180: Original Creation Date Attribute

Table 181: Original Creation Date Attribute Rules

4.44 OTP Counter

A One Time Password Counter Credential System Object MAY require counters be tracked for the authentication process depending on the OTP Algorithm in used. If the OTP Algorithm requires multiple counters the server SHALL encode those counters in this attribute.

Table 182: OTP Counter Attribute

Table 183: OTP Counter Attribute Rules

4.45 PKCS#12 Friendly Name

PKCS#12 Friendly Name is an attribute used for descriptive purposes. If supplied on a Register Private Key with Key Format Type PKCS#12, it informs the server of the alias/friendly name (see [RFC7292]) under which the private key and its associated certificate chain SHALL be found in the Key Material. If no such alias/friendly name is supplied, the server SHALL record the alias/friendly name (if any) it finds for the first Private Key in the Key Material.  

When a Get with Key Format Type PKCS#12 is issued, this attribute informs the server what alias/friendly name the server SHALL use when encoding the response.  If this attribute is absent for the object on which the Get is issued, the server SHOULD use an alias/friendly name of “alias”.  Since the PKCS#12 Friendly Name is defined in ASN.1 with an EQUALITY MATCHING RULE of caseIgnoreMatch, clients and servers SHOULD utilize a lowercase text string.

Table 184: PKCS#12 Friendly Name Attribute

Table 185: Friendly Name Attribute Rules

4.46 Process Start Date

The Process Start Date attribute is the date and time when a valid Managed Object MAY begin to be used to process cryptographically protected information (e.g., decryption or unwrapping), depending on the value of its Cryptographic Usage Mask attribute. The object SHALL NOT be used for these cryptographic purposes before the Process Start Date has been reached. This value MAY be equal to or later than, but SHALL NOT precede, the Activation Date. Once the Process Start Date has occurred, then this attribute SHALL NOT be changed or deleted before the object is destroyed.

Table 186: Process Start Date Attribute

Table 187: Process Start Date Attribute Rules

4.47 Protect Stop Date

The Protect Stop Date attribute is the date and time after which a valid Managed Object SHALL NOT be used for applying cryptographic protection (e.g., encryption or wrapping), depending on the value of its Cryptographic Usage Mask attribute. This value MAY be equal to or earlier than, but SHALL NOT be later than the Deactivation Date. Once the Protect Stop Date has occurred, then this attribute SHALL NOT be changed or deleted before the object is destroyed.

Table 188: Protect Stop Date Attribute

Table 189: Protect Stop Date Attribute Rules

4.48 Protection Level

The Protection Level attribute is the Level of protection required for a given object.

Table 190: Protection Level Attribute

Table 191: Protection Level Attribute Rules

4.49 Protection Period

The Protection Period attribute is the period of time for which the output of an operation or a Managed Cryptographic Object SHALL remain safe. The Protection Period is specified as an Interval.

Table 192: Protection Period Attribute

Table 193: Protection Period Attribute Rules

4.50 Protection Storage Mask

The Protection Storage Mask attribute records which of the requested mask values have been used for protection storage.

Table 194: Protection Storage Mask

Table 195: Protection Storage Mask Rules

 

4.51 Quantum Safe

The Quantum Safe attribute is a flag to be set to indicate an object is required to be Quantum Safe for the given Protection Period and Protection Level.

Table 196: Quantum Safe Attribute

Table 197: Quantum Safe Attribute Rules

4.52 Random Number Generator

The Random Number Generator attribute contains the details of the random number generator used during the creation of the managed cryptographic object.

The Random Number Generator MAY be set by the client during a Register operation. If no Random Number Generator attribute was set by the client during a Register operation, it MAY do so at a later time through an Add Attribute operation for that object.

It is mandatory for an object created on the server as a result of a Create, Create Key Pair, Derive Key, Re-key, or Re-key Key Pair operation. In such cases the Random Number Generator SHALL be set by the server depending on which random number generator was used. If the specific details of the random number generator are unknown then the RNG Algorithm within the RNG Parameters structure SHALL be set to Unspecified.

If one or more Random Number Generator attribute values are provided in the Attributes in a Create, Create Key Pair, Derive Key, Re-key, or Re-key Key Pair operation then the server SHALL use a random number generator that matches one of the Random Number Generator attributes. If the server does not support or is otherwise unable to use a matching random number generator then it SHALL fail the request.

The Random Number Generator attribute SHALL NOT be copied from the original object in a Re-key or Re-key Key Pair operation.

In all cases, once the Random Number Generator attribute is set, it SHALL NOT be deleted or updated.

Note: the encoding is the same as the RNG Parameters structure using a different tag; it does not contain a nested RNG Parameters structure.

Table 198: Random Number Generator Attribute

Table 199: Random Number Generator Attribute Rules

4.53 Revocation Reason

The Revocation Reason attribute is a structure used to indicate why the Managed Cryptographic Object was revoked (e.g., “compromised”, “expired”, “no longer used”, etc.). This attribute is only set by the server as a part of the Revoke Operation.

The Revocation Message is an OPTIONAL field that is used exclusively for audit trail/logging purposes and MAY contain additional information about why the object was revoked (e.g., “Laptop stolen”

Table 200: Revocation Reason Attribute Structure

Table 201: Revocation Reason Attribute Rules

4.54 Rotate Automatic

If set to True, specifies the Managed Object will be automatically rotated by the server using the Rotate Interval via the equivalent of the ReKey, ReKeyKeyPair or ReCertify operation performed by the server.

Table 202: Rotate Automatic Attribute

Table 203: Rotate Automatic Attribute Rules

4.55 Rotate Date

The time when the Managed Object was rotated. 

Table 204: Rotate Date Attribute

Table 205: Rotate Date Attribute Rules

4.56 Rotate Generation

The count from zero of the number of automatic rotates or ReKey, ReKeyKeyPair, or ReCertify operations that have occurred in order to create this Managed Object.

Table 206: Rotate Generation Attribute

Table 207: Rotate Generation Attribute Rules

4.57 Rotate Interval

If set and Rotate Automatic is set to True, then automatic rotation of the Managed Object is performed by the server when the difference between the Initial Date of the Managed Object and the current server time reaches or exceeds this value.

Table 208: Rotate Interval Attribute

Table 209: Rotate Interval Attribute Rules

4.58 Rotate Latest

If set to True, specifies the Managed Object is the most recent object of the set of rotated Managed Objects.

Table 210: Rotate Latest Attribute

Table 211: Rotate Latest Attribute Rules

4.59 Rotate Name

The Rotate Name attribute is a text string used to identify a set of managed objects that have been rotated. This attribute is assigned by the client, and the Rotate Name is intended to be in a form that humans are able to interpret. The key management system MAY specify rules by which the client creates valid rotate names. Clients are informed of such rules by a mechanism that is not specified by this standard. Rotate Names MAY NOT be unique within a given key management server.

Table 212: Rotate Name Attribute

Table 213: Rotate Name Attribute Rules

4.60 Rotate Offset

When automatic rotation of the Managed Object is performed by the server, specifies the Offset value to use in the equivalent of the ReKey, ReKeyKeyPair or ReCertify operation performed by the server.

Table 214: Rotate Offset Attribute

Table 215: Rotate Offset Attribute Rules

4.61 Sensitive

If True then the server SHALL prevent the object value being retrieved (via the Get operation) unless it is wrapped by another key. The server SHALL set the value to False if the value is not provided by the client.

 

Table 216: Sensitive Attribute

Table 217: Sensitive Attribute Rules

4.62 Short Unique Identifier

The Short Unique Identifier is generated by the key management system to uniquely identify a Managed Object using a shorter identifier. It is only REQUIRED to be unique within the identifier space managed by a single key management system, however this identifier SHOULD be globally unique in order to allow for a key management server export of such objects. This attribute SHALL be assigned by the key management system upon creation or registration of a Unique Identifier, and then SHALL NOT be changed or deleted before the object is destroyed.

The Short Unique Identifier SHOULD be generated as a SHA-256 hash of the Unique Identifier and SHALL be a 32 byte byte string.

Table 218: Unique Identifier Attribute

Table 219: Short Unique Identifier Attribute Rules

4.63 Split Key Polynomial

The Split Key Polynomial is specified by the client in order to determine the characteristics of how Galois Field (GF) split key with Polynomial Sharing is conducted by the Server. Given variants of 283 and 285 the value must be specified to be interoperable between systems.

 

Table 220: Split Key Polynomial Attribute

Table 221: Split Key Polynomial Rules

4.64 Split Key Method

The Split Key Method is specified by the client to indicate the method used to create the Split Key Parts

 

Table 222: Split Key Method Attribute

Table 223: Split Key Method Rules

4.65 Split Key Parts

The Split Key Parts is specified by the client to indicate the number of parts into which a Split Key will be split.

 

Table 224: Split Key Parts Attribute

Table 225: Split Key Parts Rules

4.66 Split Key Threshold

The Split Key Threshold is specified by the client to indicate the number of parts required the minimum number of parts needed to reconstruct the entire key.

 

Table 226: Split Key Threshold Attribute

Table 227: Split Key Threshold Rules

4.67 State

This attribute is an indication of the State of an object as known to the key management server. The State SHALL NOT be changed by using the Modify Attribute operation on this attribute. The State SHALL only be changed by the server as a part of other operations or other server processes. An object SHALL be in one of the following states at any given time.

Note: The states correspond to those described in [SP800-57-1].

 

Figure 1: Cryptographic Object States and Transitions

 

·       Pre-Active: The object exists and SHALL NOT be used for any cryptographic purpose.

·       Active: The object SHALL be transitioned to the Active state prior to being used for any cryptographic purpose. The object SHALL only be used for all cryptographic purposes that are allowed by its Cryptographic Usage Mask attribute. If a Process Start Date attribute is set, then the object SHALL NOT be used for cryptographic purposes prior to the Process Start Date. If a Protect Stop attribute is set, then the object SHALL NOT be used for cryptographic purposes after the Process Stop Date.

·       Deactivated: The object SHALL NOT be used for applying cryptographic protection (e.g., encryption, signing, wrapping, MACing, deriving) . The object SHALL only be used for cryptographic purposes permitted by the Cryptographic Usage Mask attribute. The object SHOULD only be used to process cryptographically-protected information (e.g., decryption, signature verification, unwrapping, MAC verification under extraordinary circumstances and when special permission is granted.

·       Compromised: The object SHALL NOT be used for applying cryptographic protection (e.g., encryption, signing, wrapping, MACing, deriving). The object SHOULD only be used to process cryptographically-protected information (e.g., decryption, signature verification, unwrapping, MAC verification in a client that is trusted to use managed objects that have been compromised. The object SHALL only be used for cryptographic purposes permitted by the Cryptographic Usage Mask attribute.

·       Destroyed: The object SHALL NOT be used for any cryptographic purpose.

·       Destroyed Compromised: The object SHALL NOT be used for any cryptographic purpose; however its compromised status SHOULD be retained for audit or security purposes.

State transitions occur as follows:

1.     The transition from a non-existent key to the Pre-Active state is caused by the creation of the object. When an object is created or registered, it automatically goes from non-existent to Pre-Active. If, however, the operation that creates or registers the object contains an Activation Date that has already occurred, then the state immediately transitions from Pre-Active to Active. In this case, the server SHALL set the Activation Date attribute to the value specified in the request, or fail the request attempting to create or register the object, depending on server policy. If the operation contains an Activation Date attribute that is in the future, or contains no Activation Date, then the Cryptographic Object is initialized in the key management system in the Pre-Active state.

2.     The transition from Pre-Active to Destroyed is caused by a client issuing a Destroy operation. The server destroys the object when (and if) server policy dictates.

3.     The transition from Pre-Active to Compromised is caused by a client issuing a Revoke operation with a Revocation Reason containing a Revocation Reason Code of Key Compromise or CA Compromise.

4.     The transition from Pre-Active to Active SHALL occur in one of three ways:

·       The Activation Date is reached,

·       A client successfully issues a Modify Attribute operation, modifying the Activation Date to a date in the past, or the current date, or

·       A client issues an Activate operation on the object. The server SHALL set the Activation Date to the time the Activate operation is received.

5.     The transition from Active to Compromised is caused by a client issuing a Revoke operation with a Revocation Reason containing a Revocation Reason Code of Compromised.

6.     The transition from Active to Deactivated SHALL occur in one of three ways:

·       The object's Deactivation Date is reached,

·       The object’s Protect Stop Date is reached,

·       The object’s Usage Limit is reached,

·       A client issues a Deactivate operation, or

·       The client successfully issues a Modify Attribute operation, modifying the Deactivation Date to a date in the past, or the current date.

7.     The transition from Deactivated to Destroyed is caused by a client issuing a Destroy operation, or by a server, both in accordance with server policy. The server destroys the object when (and if) server policy dictates.

8.     The transition from Deactivated to Compromised is caused by a client issuing a Revoke operation with a Revocation Reason containing a Revocation Reason Code of Compromised.

9.     The transition from Compromised to Destroyed Compromised is caused by a client issuing a Destroy operation, or by a server, both in accordance with server policy. The server destroys the object when (and if) server policy dictates.

10.  The transition from Destroyed to Destroyed Compromised is caused by a client issuing a Revoke operation with a Revocation Reason containing a Revocation Reason Code of Compromised.

Only the transitions described above are permitted.

Table 228: State Attribute

Table 229: State Attribute Rules

4.68 Unique Identifier

The Unique Identifier is generated by the key management system to uniquely identify a Managed Object. It is only REQUIRED to be unique within the identifier space managed by a single key management system, however this identifier SHOULD be globally unique in order to allow for a key management server export of such objects. This attribute SHALL be assigned by the key management system at creation or registration time, and then SHALL NOT be changed or deleted before the object is obliterated.

It is recommended that where possible servers SHOULD use a Universally Unique Identifier following one of the formats specified in [RFC9562].

When a Unique Identifier is used to refer to a managed object, generally the encoding should be specified as Reference (or Name Reference). When the Unique Identifier is in the context of the attributes of a specific managed object (i.e. when registering or creating a managed object or returning a managed object’s attributes), generally the encoding should be specified as Identifier.

Within protocol messages, the Unique Identifier may be referred with additional context in the form of Private Key Unique Identifier, Public Key Unique Identifier, Certificate Request Unique Identifier, or Replaced Unique Identifier. In all of these contexts, the same encoding descriptions apply.

 

Table 230: Unique Identifier encoding descriptions

Table 231: Unique Identifier Attribute

Table 232: Unique Identifier Attribute Rules

4.69 Usage Limits

The Usage Limits attribute is a mechanism for limiting the usage of a Managed Object. It only applies to Managed Objects that are able to be used for applying cryptographic protection and it SHALL only reflect their usage for applying that protection (e.g., encryption, signing, etc.). This attribute does not necessarily exist for all Managed Cryptographic Objects, since some objects are able to be used without limit for cryptographically protecting data, depending on client/server policies. Usage for processing cryptographically protected data (e.g., decryption, verification, etc.) is not limited. The Usage Limits attribute contains the Usage Limit structure which has the three following fields:

Table 233: Usage Limits Descriptions

 

When the attribute is initially set (usually during object creation or registration), the Usage Limits Count is set to the Usage Limits Total value allowed for the useful life of the object, and are decremented when the object is used. The server SHALL ignore the Usage Limits Count value if the attribute is specified in an operation that creates a new object. Changes made via the Modify Attribute operation reflect corrections to the Usage Limits Total value, but they SHALL NOT be changed once the Usage Limits Count value has changed by a Get Usage Allocation operation. The Usage Limits Count value SHALL NOT be set or modified by the client via the Add Attribute or Modify Attribute operations.

Table 234: Usage Limits Attribute Rules

4.70 Vendor Attribute

A vendor specific Attribute is a structure used for sending and receiving a Managed Object attribute. The Vendor Identification and Attribute Name are text-strings that are used to identify the attribute. The Attribute Value is either a primitive data type or structured object, depending on the attribute. Vendor identification values “x” and “y” are reserved for KMIP v2.0 and later implementations referencing KMIP v1.x Custom Attributes.

Vendor Attributes created by the client with Vendor Identification “x” are not created (provided during object creation), set, added, adjusted, modified or deleted by the server.

Vendor Attributes created by the server with Vendor Identification “y” are not created (provided during object creation), set, added, adjusted, modified or deleted by the client.

 

Table 235: Attribute Object Structure

4.71 X.509 Certificate Identifier

The X.509 Certificate Identifier attribute is a structure used to provide the identification of an X.509 public key certificate. The X.509 Certificate Identifier contains the Issuer Distinguished Name (i.e., from the Issuer field of the X.509 certificate) and the Certificate Serial Number (i.e., from the Serial Number field of the X.509 certificate).  The X.509 Certificate Identifier SHALL be set by the server when the X.509 certificate is created or registered and then SHALL NOT be changed or deleted before the object is destroyed.

Table 236: X.509 Certificate Identifier Attribute Structure

Table 237: X.509 Certificate Identifier Attribute Rules

4.72 X.509 Certificate Issuer

The X.509 Certificate Issuer attribute is a structure used to identify the issuer of a X.509 certificate, containing the Issuer Distinguished Name (i.e., from the Issuer field of the X.509 certificate). It MAY include one or more alternative names (e.g., email address, IP address, DNS name) for the issuer of the certificate (i.e., from the Issuer Alternative Name extension within the X.509 certificate). The server SHALL set these values based on the information it extracts from a X.509 certificate that is created as a result of a Certify or a Re-certify operation or is sent as part of a Register operation. These values SHALL NOT be changed or deleted before the object is destroyed.

Table 238: X.509 Certificate Issuer Attribute Structure

Table 239: X.509 Certificate Issuer Attribute Rules

4.73 X.509 Certificate Subject

The X.509 Certificate Subject attribute is a structure used to identify the subject of a X.509 certificate or a X.509 Certificate Request. The X.509 Certificate Subject contains the Subject Distinguished Name (i.e., from the Subject field of the X.509 certificate). It MAY include one or more alternative names (e.g., email address, IP address, DNS name) for the subject of the X.509 certificate (i.e., from the Subject Alternative Name extension within the X.509 certificate).  The X.509 Certificate Subject SHALL be set by the server based on the information it extracts from the X.509 certificate that is created (as a result of a Certify or a Re-certify operation) or registered (as part of a Register operation) and SHALL NOT be changed or deleted before the object is destroyed.

If the Subject Alternative Name extension is included in the X.509 certificate and is marked critical within the X.509 certificate itself, then an X.509 certificate MAY be issued with the subject field left blank. Therefore an empty string is an acceptable value for the Subject Distinguished Name.

Table 240: X.509 Certificate Subject Attribute Structure

Table 241: X.509 Certificate Subject Attribute Rules

5.1 Attributes

This structure is used in various operations to provide the desired attribute values in the request and to return the actual attribute values in the response.

The Attributes structure is defined as follows:

Table 242: Attributes Definition

5.2 Common Attributes

This structure is used in various operations to provide the desired attribute values in the request and to return the actual attribute values in the response.

The Common Attributes structure is defined as follows:

Table 243: Common Attributes Definition

5.3 Private Key Attributes

This structure is used in various operations to provide the desired attribute values in the request and to return the actual attribute values in the response.

The Private Key Attributes structure is defined as follows:

Table 244: Private Key Attributes Definition

5.4 Public Key Attributes

This structure is used in various operations to provide the desired attribute values in the request and to return the actual attribute values in the response.

The Public Key Attributes structure is defined as follows:

Table 245: Public Key Attributes Definition

5.5 Attribute Reference

These structures are used in various operations to provide reference to an attribute by name or by tag in a request or response.

The Attribute Reference definition is as follows:

OR

Table 246: Attribute Reference Definition

5.6 Current Attribute

Structure used in various operations to provide the Current Attribute value in the request.

The Current Attribute structure is defined identically as follows:

Table 247: Current Attribute Definition

5.7 New Attribute

Structure used in various operations to provide the New Attribute value in the request.

The New Attribute structure is defined identically as follows:

Table 248: New Attribute Definition

6.1 Client-to-Server Operations

The following subsections describe the operations that MAY be requested by a key management client. Not all clients have to be capable of issuing all operation requests; however any client that issues a specific request SHALL be capable of understanding the response to the request. All Object Management operations are issued in requests from clients to servers, and results obtained in responses from servers to clients. Multiple operations MAY be combined within a batch, resulting in a single request/response message pair.

A number of the operations whose descriptions follow are affected by a mechanism referred to as the ID Placeholder.

The key management server SHALL implement a temporary variable called the ID Placeholder. This value consists of a single Unique Identifier. It is a variable stored inside the server that is only valid and preserved during the execution of a batch of operations. Once the batch of operations has been completed, the ID Placeholder value SHALL be discarded and/or invalidated by the server, so that subsequent requests do not find this previous ID Placeholder available. The Check operation clears the ID Placeholder if the requested Check fails.

The ID Placeholder is obtained from the Unique Identifier returned in response to any operations that successfully completes and returns a Unique Identifier. The server SHALL copy the Unique Identifier into the ID Placeholder variable, where it is held until the completion of the operations remaining in the batched request or until a subsequent operation in the batch causes the ID Placeholder to be replaced. Subsequent operations in the batched request MAY make use of the ID Placeholder by using a Unique Identifier enumeration value of IDPlaceholder. For operations other than Locate which return more than one Unique Identifier (either as a Unique Identifier, Private Key Unique Identifier, or Public Key Unique Identifier), the first value in the response is the Unique Identifier value with respect to ID Placeholder handling.

Requests MAY contain attribute values to be assigned to the object. This information is specified with zero or more individual attributes.

For any operations that operate on Managed Objects already stored on the server, any archived object SHALL first be made available by a Recover operation before they MAY be specified (i.e., as on-line objects).

Multi-part cryptographic operations (operations where a stream of data is provided across multiple requests from a client to a server) are optionally supported by those cryptographic operations that include the Correlation Value, Init Indicator  and Final Indicator request parameters.

For multi-part cryptographic operations the following sequence is performed

1. On the first request

a.     Provide an Init Indicator with a value of True

b.     Provide any other required parameters

c.     Preserve the Correlation Value returned in the response for use in subsequent requests

d.     Use the Data output (if any) from the response

2. On subsequent requests

a.     Provide the Correlation Value from the response to the first request

b.     Provide any other required parameters

c.     Use the next block of Data output (if any) from the response

3. On the final request

a.     Provide the Correlation Value from the response to the first request

b.     Provide a Final Indicator with a value of True

c.     Use the final block of Data output (if any) from the response

Single-part cryptographic operations (operations where a single input is provided and a single response returned) the following sequence is performed:

1. On each request

a.     Do not provide an Init Indicator, Final Indicator or Correlation Value or provide an Init indicator and Final Indicator but no Correlation Value.

b.     Provide any other required parameters

c.     Use the Data output from the response

Data is always required in cryptographic operations except when either Init Indicator or Final Indicator is true.

The list of Result Reasons listed for each Operation is not exhaustive for each Operation. Any Result Reason listed in the Message Data Structures Section MAY be used. A Server SHALL return the most appropriate Result Reason for the given context.

6.1.1 Activate

This operation requests the server to activate a Managed Object. The operation SHALL only be performed on an object in the Pre-Active state and has the effect of changing its state to Active, and setting its Activation Date to the current date and time.

Table 249: Activate Request Payload

Table 250: Activate Response Payload

6.1.1.1 Error Handling – Activate

This section details the specific Result Reasons that SHALL be returned for errors detected in a Activate Operation.

 

Table 251: Activate Errors

6.1.2 Add Attribute

This operation requests the server to add a new attribute instance to be associated with a Managed Object and set its value. The request contains the Unique Identifier of the Managed Object to which the attribute pertains, along with the attribute name and value. For single-instance attributes, this creates the attribute value. For multi-instance attributes, this is how the first and subsequent values are created. Existing attribute values SHALL NOT be changed by this operation. Read-Only attributes SHALL NOT be added using the Add Attribute operation.

Table 252: Add Attribute Request Payload

Table 253: Add Attribute Response Payload

6.1.2.1 Error Handling - Add Attribute

This section details the specific Result Reasons that SHALL be returned for errors detected in a Add Attribute Operation.

 

Table 254: Add Attribute Errors

6.1.3 Adjust Attribute

This operation requests the server to adjust the value of an attribute. The request contains the Unique Identifier of the Managed Object to which the attribute pertains, along with the attribute reference and value. If the object did not have value for the attribute, the previous value is assumed to be a 0 for numeric types and intervals, or false for Boolean, otherwise an error is raised. If the object had exactly one instance, then it is modified. If it has more than one instance an error is raised. Read-Only attributes SHALL NOT be added or modified using this operation.

Table 255: Adjust Attribute Request Payload

Table 256: Adjust Attribute Response Payload

6.1.3.1 Error Handling - Adjust Attribute

This section details the specific Result Reasons that SHALL be returned for errors detected in a Adjust Attribute Operation.

Table 257: Adjust Attribute Errors

6.1.4 Archive

This operation is used to specify that a Managed Object MAY be archived. The actual time when the object is archived, the location of the archive, or level of archive hierarchy is determined by the policies within the key management system and is not specified by the client. The request contains the Unique Identifier of the Managed Object. This request is only an indication from a client that, from its point of view, the key management system MAY archive the object.

Table 258: Archive Request Payload

Table 259: Archive Response Payload

6.1.4.1 Error Handling – Archive

This section details the specific Result Reasons that SHALL be returned for errors detected in a Archive Operation.

Table 260: Archive Errors

6.1.5 Cancel

This operation requests the server to cancel an outstanding asynchronous operation. The correlation value of the original operation SHALL be specified in the request. The server SHALL respond with a Cancellation Result. The response to this operation is not able to be asynchronous.

Table 261: Cancel Request Payload

Table 262: Cancel Response Payload

This section details the specific Result Reasons that SHALL be returned for errors detected in a Cancel Operation.

 Table 263: Cancel Errors

6.1.6 Certify

This request is used to generate a Certificate object for a public key or a Certificate Request. This request supports the certification of a new public key, as well as the certification of a public key that has already been certified (i.e., certificate update). Only a single certificate SHALL be requested at a time.

The Certificate Request Value MAY be omitted, in which case the public key or Certificate Request for which a Certificate object is generated SHALL be specified by its Unique Identifier only. If the Certificate Request Type and the Certificate Request Value objects are omitted from the request and the Unique Identifier does not refer to a Certificate Request, then the Certificate Type SHALL be specified using the Attributes object.

The Certificate Request MAY be passed as a Byte String, which allows multiple certificate request types for X.509 certificates (e.g., PKCS#10, PEM, etc.) to be submitted to the server.

For the public key, the server SHALL create a Certificate Link attribute pointing to the generated certificate. For the generated certificate, the server SHALL create a Public Key Link attribute pointing to the Public Key.

A client MAY indicate which Certification Authority should be used for the Certify operation by providing a X.509 Certificate Issuer value in the list of attributes. 

If the information in the Certificate Request Value field conflicts with the attributes specified in the Attributes, then the information in the Certificate Request Value field takes precedence.

Table 264: Certify Request Payload

Table 265: Certify Response Payload

6.1.6.1 Error Handling – Certify

This section details the specific Result Reasons that SHALL be returned for errors detected in a Certify Operation.

Table 266: Certify Errors

6.1.7 Check

This operation requests that the server check for the use of a Managed Object according to values specified in the request. This operation SHOULD only be used when placed in a batched set of operations, usually following a Locate, Create, Create Pair, Derive Key, Certify, Re-Certify, Re-key or Re-key Key Pair operation, and followed by a Get operation.

If the server determines that the client is allowed to use the object according to the specified attributes, then the server returns the Unique Identifier of the object.

If the server determines that the client is not allowed to use the object according to the specified attributes, then the server empties the ID Placeholder and does not return the Unique Identifier, and the operation returns the set of attributes specified in the request that caused the server policy denial. The only attributes returned are those that resulted in the server determining that the client is not allowed to use the object, thus allowing the client to determine how to proceed. 

Only STOP or UNDO Batch Error Continuation Option values SHOULD be used by the client in such a batch. Additional attributes that MAY be specified in the request are limited to:

Table 267: Check value description

Note that these objects are not encoded in an Attribute structure.

Table 268: Check Request Payload

Table 269: Check Response Payload

6.1.7.1 Error Handling – Check

This section details the specific Result Reasons that SHALL be returned for errors detected in a Check Operation.

 

Table 270: Check Errors

6.1.8 Create

This operation requests the server to generate a new symmetric key or generate Secret Data as a Managed Cryptographic Object.

The request contains information about the type of object being created, and some of the attributes to be assigned to the object (e.g., Cryptographic Algorithm, Cryptographic Length, etc.).

The response contains the Unique Identifier of the created object.

Table 271: Create Request Payload

Table 272: Create Response Payload

6.1.8.1 Error Handling - Create

This section details the specific Result Reasons that SHALL be returned for errors detected in a Create operation.

 

Table 273: Create Errors

6.1.9 Create Credential

This operation requests the server to create a credential.

The request contains information about the attributes to be assigned to the object.

The response contains the Unique Identifier of the created object.

Table 274: Create Credential Request Payload

Table 275: Create Credential Response Payload

6.1.9.1 Error Handling - Create Group

This section details the specific Result Reasons that SHALL be returned for errors detected in a Create Credential Operation.

Table 276: Create Credential Errors

6.1.10 Create Group

This operation requests the server to create a new group.

The request contains information about the attributes to be assigned to the object.

The response contains the Unique Identifier of the created object.

Table 277: Create Group Request Payload

Table 278: Create Group Response Payload

6.1.10.1 Error Handling - Create Group

This section details the specific Result Reasons that SHALL be returned for errors detected in a Create Group Operation.

Table 279: Create Group Errors

6.1.11 Create Key Pair

This operation requests the server to generate a new public/private key pair and register the two corresponding new Managed Cryptographic Objects.

The request contains attributes to be assigned to the objects (e.g., Cryptographic Algorithm, Cryptographic Length, etc.). Attributes MAY be specified for both keys at the same time by specifying a Common Attributes object in the request. Attributes not common to both keys (e.g., Name, Cryptographic Usage Mask) MAY be specified using the Private Key Attributes and Public Key Attributes objects in the request, which take precedence over the Common Attributes object.

For the Private Key, the server SHALL create a Public Key Link attribute pointing to the Public Key. For the Public Key, the server SHALL create a Private Key Link attribute pointing to the Private Key. The response contains the Unique Identifiers of both created objects.

Table 280: Create Key Pair Request Payload

For multi-instance attributes, the union of the values found in the attributes of the Common, Private, and Public Key Attributes SHALL be used.

 

Table 281: Create Key Pair Response Payload

Table 282 indicates which attributes SHALL have the same value for the Private and Public Key.

Table 282: Create Key Pair Attribute Requirements

Setting the same Cryptographic Length value for both private and public key does not imply that both keys are of equal length. For RSA, Cryptographic Length corresponds to the bit length of the Modulus. For DSA and DH algorithms, Cryptographic Length corresponds to the bit length of parameter P, and the bit length of Q is set separately in the Cryptographic Domain Parameters attribute. For ECDSA, ECDH, and ECMQV algorithms, Cryptographic Length corresponds to the bit length of parameter Q.

6.1.11.1 Error Handling - Create Key Pair

This section details the specific Result Reasons that SHALL be returned for errors detected in a Create Key Pair Operation.

 

Table 283: Create Key Pair Errors

6.1.12 Create Split Key

This operation requests the server to generate a new split key and register all the splits as individual new Managed Cryptographic Objects.

The request contains attributes to be assigned to the objects (e.g., Split Key Parts, Split Key Threshold, Split Key Method, Cryptographic Algorithm, Cryptographic Length, etc.). The request MAY contain the Unique Identifier of an existing cryptographic object that the client requests be split by the server. If the attributes supplied in the request do not match those of the key supplied, the attributes of the key take precedence.

The response contains the Unique Identifiers of all created objects.

Table 284: Create Split Key Request Payload

Table 285: Create Split Key Response Payload

6.1.12.1 Error Handling - Create Split Key

This section details the specific Result Reasons that SHALL be returned for errors detected in a Create Split Key Operation.

 

Table 286: Create Split Key Errors

6.1.13 Create User

This operation requests the server to create a new user.

The request contains information about the attributes to be assigned to the object.

The response contains the Unique Identifier of the created object.

Table 287: Create User Request Payload

Table 288: Create User Response Payload

6.1.13.1 Error Handling - Create Group

This section details the specific Result Reasons that SHALL be returned for errors detected in a Create User Operation.

Table 289: Create User Errors

6.1.14 Deactivate

This operation requests the server to Deactivate a Managed Object. The request contains an optional reason for the deactivation. The Deactivate operation places an Object into a “deactivated” state, and the Deactivation Date is set to the current date and time. If the Deactivation Reason is not provided, then a server SHALL process the request as though the Deactivation Reason was specified as Unspecified.

Table 290: Deactivate Request Payload

Table 291: Deactivate Response Payload

6.1.14.1 Error Handling – Deactivate

This section details the specific Result Reasons that SHALL be returned for errors detected in a Revoke Operation.

 

Table 292: Deactivate Errors

6.1.15 Decrypt

This operation requests the server to perform a decryption operation on the provided data using a Managed Cryptographic Object as the key for the decryption operation.

The request contains information about the cryptographic parameters (mode and padding method), the data to be decrypted, and the IV/Counter/Nonce to use. The cryptographic parameters MAY be omitted from the request as they can be specified as associated attributes of the Managed Cryptographic Object. The initialization vector/counter/nonce MAY also be omitted from the request if the algorithm does not use an IV/Counter/Nonce.

The response contains the Unique Identifier of the Managed Cryptographic Object used as the key and the result of the decryption operation.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 293: Decrypt Request Payload

Table 294: Decrypt Response Payload

6.1.15.1 Error Handling - Decrypt

This section details the specific Result Reasons that SHALL be returned for errors detected in a Decrypt Operation.

 

Table 295: Decrypt Errors

6.1.16 Delegated Login

This operation requests the server to allow future requests to be authenticated using Ticket data that is returned by this operation. Requests using the ticket MUST only be permitted to perform the operations specified in the Rights section.

Table 296: Delegated Login Request Payload

Table 297: Delegated Login Response Payload

6.1.16.1 Error Handling – Delegated Login

This section details the specific Result Reasons that SHALL be returned for errors detected in a Delegated Login Operation

 

Table 298: Delegated Login Errors

6.1.17 Delete Attribute

This operation requests the server to delete an attribute associated with a Managed Object. The request contains the Unique Identifier of the Managed Object whose attribute is to be deleted, the Current Attribute of the attribute. Attributes that are always REQUIRED to have a value SHALL never be deleted by this operation. Attempting to delete a non-existent attribute or specifying an Current Attribute for which there exists no attribute value SHALL result in an error. If no Current Attribute is specified in the request, and an Attribute Reference is specified, then all instances of the specified attribute SHALL be deleted.

Table 299: Delete Attribute Request Payload

Table 300: Delete Attribute Response Payload

6.1.17.1 Error Handling - Delete Attribute

This section details the specific Result Reasons that SHALL be returned for errors detected in a Delete Attribute Operation.

 

Table 301: Delete Attribute Errors

6.1.18 Derive Key

This request is used to derive a Symmetric Key or Secret Data object from keys or Secret Data objects that are already known to the key management system. The request SHALL only apply to Managed Objects that have the Derive Key bit set in the Cryptographic Usage Mask attribute of the specified Managed Object (i.e., are able to be used for key derivation). If the operation is issued for an object that does not have this bit set, then the server SHALL return an error. For all derivation methods, the client SHALL specify the desired length of the derived key or Secret Data object using the Cryptographic Length attribute. If a key is created, then the client SHALL specify both its Cryptographic Length and Cryptographic Algorithm. If the specified length exceeds the output of the derivation method, then the server SHALL return an error. Clients MAY derive multiple keys and IVs by requesting the creation of a Secret Data object and specifying a Cryptographic Length that is the total length of the derived object. If the specified length exceeds the output of the derivation method, then the server SHALL return an error.

The fields in the Derive Key request specify the Unique Identifiers of the keys or Secret Data objects to be used for derivation (e.g., some derivation methods MAY use multiple keys or Secret Data objects to derive the result), the method to be used to perform the derivation, and any parameters needed by the specified method.

The server SHALL perform the derivation function, and then register the derived object as a new Managed Object, returning the new Unique Identifier for the new object in the response

For the keys or Secret Data objects from which the key or Secret Data object is derived, the server SHALL create a Derived Object Link attribute pointing to the Symmetric Key or Secret Data object derived as a result of this operation. For the Symmetric Key or Secret Data object derived as a result of this operation, the server SHALL create a Derivation Base Object Link attribute pointing to the keys or Secret Data objects from which the key or Secret Data object is derived.

Table 302: Derive Key Request Payload

Table 303: Derive Key Response Payload

6.1.18.1 Error Handling - Derive Key

This section details the specific Result Reasons that SHALL be returned for errors detected in a Derive Key Operation.

 

Table 304: Derive Key Errors

6.1.19 Destroy

This operation is used to indicate to the server that the key material for the specified Managed Object SHALL be destroyed or rendered inaccessible. The meta-data for the key material SHALL be retained by the server.  Objects SHALL only be destroyed if they are in either Pre-Active or Deactivated state.

Table 305: Destroy Request Payload

Table 306: Destroy Response Payload

6.1.19.1 Error Handling – Destroy

This section details the specific Result Reasons that SHALL be returned for errors detected in a Destroy Operation.

 

Table 307: Destroy Errors

6.1.20 Discover Versions

This operation is used by the client to determine a list of protocol versions that is supported by the server. The request payload contains an OPTIONAL list of protocol versions that is supported by the client. The protocol versions SHALL be ranked in decreasing order of preference.

The response payload contains a list of protocol versions that are supported by the server. The protocol versions are ranked in decreasing order of preference. If the client provides the server with a list of supported protocol versions in the request payload, the server SHALL return only the protocol versions that are supported by both the client and server. The server SHOULD list all the protocol versions supported by both client and server. If the protocol version specified in the request header is not specified in the request payload and the server does not support any protocol version specified in the request payload, the server SHALL return an empty list in the response payload. If no protocol versions are specified in the request payload, the server SHOULD return all the protocol versions that are supported by the server.

Table 308: Discover Versions Request Payload

Table 309: Discover Versions Response Payload

6.1.20.1 Error Handling - Discover Versions

This section details the specific Result Reasons that SHALL be returned for errors detected in a Discover Versions Operation.

 Table 310: Discover Versions Errors

6.1.21 Encrypt

This operation requests the server to perform an encryption operation on the provided data using a Managed Cryptographic Object as the key for the encryption operation.

The request contains information about the cryptographic parameters (mode and padding method), the data to be encrypted, and the IV/Counter/Nonce to use. The cryptographic parameters MAY be omitted from the request as they can be specified as associated attributes of the Managed Cryptographic Object. The IV/Counter/Nonce MAY also be omitted from the request if the cryptographic parameters indicate that the server shall generate a Random IV on behalf of the client or the encryption algorithm does not need an IV/Counter/Nonce. The server does not store or otherwise manage the IV/Counter/Nonce.

If the Managed Cryptographic Object referenced has a Usage Limits attribute then the server SHALL obtain an allocation from the current Usage Limits value prior to performing the encryption operation. If the allocation is unable to be obtained the operation SHALL return with a result status of Operation Failed and result reason of Permission Denied.

The response contains the Unique Identifier of the Managed Cryptographic Object used as the key and the result of the encryption operation.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 311: Encrypt Request Payload

Table 312: Encrypt Response Payload

6.1.21.1 Error Handling – Encrypt

This section details the specific Result Reasons that SHALL be returned for errors detected in a Encrypt Operation.

 

Table 313: Encrypt Errors

 

6.1.22 Export

This operation requests that the server returns a Managed Object specified by its Unique Identifier, together with its attributes.

The Key Format Type, Key Wrap Type, Key Compression Type and Key Wrapping Specification SHALL have the same semantics as for the Get operation.  If the Managed Object has been Destroyed then the key material for the specified managed object SHALL not be returned in the response.

 

Table 314: Export Request Payload

Table 315: Export Response Payload

6.1.22.1 Error Handling – Export

This section details the specific Result Reasons that SHALL be returned for errors detected in a Export Operation.

Table 316: Export Errors

6.1.23 Get

This operation requests that the server returns the Managed Object specified by its Unique Identifier.

Only a single object is returned. The response contains the Unique Identifier of the object, along with the object itself, which MAY be wrapped using a wrapping key as specified in the request.

The following key format capabilities SHALL be assumed by the client; restrictions apply when the client  requests the server to return an object in a particular format:

·       If a client registered a key in a given format, the server SHALL be able to return the key during the Get operation in the same format that was used when the key was registered.

·       Any other format conversion MAY be supported by the server.

If Key Format Type is specified to be PKCS#12 then the response payload shall be a PKCS#12 container as specified by [RFC7292].  The Unique Identifier shall be either that of a private key or certificate to be included in the response.  The container shall be protected using the Secret Data object specified via the private key or certificate’s PKCS#12 Password Link.  The current certificate chain shall also be included as determined by using the private key’s Public Key link to get the corresponding public key (where relevant), and then using that public key’s PKCS#12 Certificate Link to get the base certificate, and then using each certificate’s Certificate Link to build the certificate chain.  It is an error if there is more than one valid certificate chain.

Table 317: Get Request Payload

Table 318: Get Response Payload

6.1.23.1 Error Handling – Get

This section details the specific Result Reasons that SHALL be returned for errors detected in a Get Operation.

 

Table 319: Get Errors

 

6.1.24 Get Attributes

This operation requests one or more attributes associated with a Managed Object. The object is specified by its Unique Identifier, and the attributes are specified by their name in the request. If a specified attribute has multiple instances, then all instances are returned. If a specified attribute does not exist (i.e., has no value), then it SHALL NOT be present in the returned response. If none of the requested attributes exist, then the response SHALL consist only of the Unique Identifier. The same Attribute Reference SHALL NOT be present more than once in a request.

If no Attribute Reference is provided, the server SHALL return all attributes.

Table 320: Get Attributes Request Payload

Table 321: Get Attributes Response Payload

6.1.24.1 Error Handling - Get Attributes

This section details the specific Result Reasons that SHALL be returned for errors detected in a Get Attributes Operation.

 

Table 322: Get Attributes Errors

6.1.25 Get Attribute List

This operation requests a list of the attribute names associated with a Managed Object. The object is specified by its Unique Identifier.

If no Attribute Reference is provided, the server SHALL return all attributes.

Table 323: Get Attribute List Request Payload

Table 324: Get Attribute List Response Payload

6.1.25.1 Error Handling - Get Attribute List

This section details the specific Result Reasons that SHALL be returned for errors detected in a Get Attribute List Operation.

 

Table 325: Get Attribute List Errors

6.1.26 Get Constraints

This operation instructs the server to return the constraints that are being applied to Managed Objects during operations.

Table 326: Get Constraints Request Payload

Table 327: Get Constraints Response Payload

6.1.26.1 Error Handling - Get Constraints

This section details the specific Result Reasons that SHALL be returned for errors detected in a Get Constrains Operation.

 

Table 328: Get Constraints Errors

6.1.27 Get Usage Allocation

This operation requests the server to obtain an allocation from the current Usage Limits value to allow the client to use the Managed Cryptographic Object for applying cryptographic protection. The allocation only applies to Managed Objects that are able to be used for applying protection (e.g., symmetric keys for encryption, private keys for signing, etc.) and is only valid if the Managed Object has a Usage Limits attribute. Usage for processing cryptographically protected information (e.g., decryption, verification, etc.) is not limited and is not able to be allocated. A Managed Object that has a Usage Limits attribute SHALL NOT be used by a client for applying cryptographic protection unless an allocation has been obtained using this operation. The operation SHALL only be requested during the time that protection is enabled for these objects (i.e., after the Activation Date and before the Protect Stop Date). If the operation is requested for an object that has no Usage Limits attribute, or is not an object that MAY be used for applying cryptographic protection, then the server SHALL return an error.

The field in the request specifies the number of units that the client needs to protect. If the requested amount is not available or if the Managed Object is not able to be used for applying cryptographic protection at this time, then the server SHALL return an error. The server SHALL assume that the entire allocated amount is going to be consumed. Once the entire allocated amount has been consumed, the client SHALL NOT continue to use the Managed Object for applying cryptographic protection until a new allocation is obtained.

Table 329: Get Usage Allocation Request Payload

Table 330: Get Usage Allocation Response Payload

6.1.27.1 Error Handling - Get Usage Allocation

This section details the specific Result Reasons that SHALL be returned for errors detected in a Get Usage Allocation Operation.

 

Table 331: Get Usage Allocation Errors

6.1.28 Hash

This operation requests the server to perform a hash operation on the data provided.

The request contains information about the cryptographic parameters (hash algorithm) and the data to be hashed.

The response contains the result of the hash operation.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 332: Hash Request Payload

Table 333: Hash Response Payload

6.1.28.1 Error Handling - HASH

This section details the specific Result Reasons that SHALL be returned for errors detected in a Hash Operation.

 

Table 334: HASH Errors

6.1.29 Import

This operation requests the server to Import a Managed Object specified by its Unique Identifier. The request specifies the object being imported and all the attributes to be assigned to the object. The attribute rules for each attribute for “Initially set by” and “When implicitly set” SHALL NOT be enforced as all attributes MUST be set to the supplied values rather than any server generated values.

The response contains the Unique Identifier provided in the request or assigned by the server.

Table 335: Import Request Payload

Table 336: Import Response Payload

6.1.29.1 Error Handling – Import

This section details the specific Result Reasons that SHALL be returned for errors detected in a Import Operation.

 

Table 337: Import Errors

6.1.30 Interop

This operation informs the server about the status if interop tests. It SHALL NOT be available in a production server. The Interop Operation uses three Interop Functions (Begin, End and Reset).

An Interop Identifier of “*” is reserved for use during interoperability testing to indicate that the server should perform a cleanup for the currently authenticated user so that testing may be repeated. This allows for repeated testing without manual intervention.

 

Table 338: Interop Request Payload

Table 339: Interop Response Payload

6.1.30.1 Error Handling – Interop

This section details the specific Result Reasons that SHALL be returned for errors detected in an Interop Operation.

Table 340: Interop Errors

6.1.31 Join Split Key

This operation requests the server to combine a list of Split Keys into a single Managed Cryptographic Object. The number of Unique Identifiers in the request SHALL be at least the value of the Split Key Threshold defined in the Split Keys.

The request contains the Object Type of the Managed Cryptographic Object that the client requests the Split Key Objects be combined to form. If the Object Type formed is Secret Data, the client MAY include the Secret Data Type in the request.

The response contains the Unique Identifier of the object obtained by combining the Split Keys.

Table 341: Join Split Key Request Payload

Table 342: Join Split Key Response Payload

6.1.31.1 Error Handling - Join Split Key

This section details the specific Result Reasons that SHALL be returned for errors detected in a Join Split Key Operation.

 

Table 343: Join Split Key Errors

6.1.32 Locate

This operation requests that the server search for one or more Managed Objects, depending on the attributes specified in the request. All attributes are allowed to be used. The request MAY contain a Maximum Items field, which specifies the maximum number of objects to be returned. If the Maximum Items field is omitted, then the server MAY return all objects matched, or MAY impose an internal maximum limit due to resource limitations.

The request MAY contain an Offset Items field, which specifies the number of objects to skip that satisfy the identification criteria specified in the request. An Offset Items field of 0 is the same as omitting the Offset Items field. If both Offset Items and Maximum Items are specified in the request, the server skips Offset Items objects and returns up to Maximum Items objects.

If more than one object satisfies the identification criteria specified in the request, then the response MAY contain Unique Identifiers for multiple Managed Objects. Responses containing Unique Identifiers for multiple objects SHALL be returned in descending order of object creation (most recently created object first).  Returned objects SHALL match all of the attributes in the request. If no objects match, then an empty response payload is returned. If no attribute is specified in the request, any object SHALL be deemed to match the Locate request. The response MAY include Located Items which is the count of all objects that satisfy the identification criteria.

The server returns a list of Unique Identifiers of the found objects, which then MAY be retrieved using the Get operation. If the objects are archived, then the Recover and Get operations are REQUIRED to be used to obtain those objects. If a single Unique Identifier is returned to the client, then the server SHALL copy the Unique Identifier returned by this operation into the ID Placeholder variable.  If the Locate operation matches more than one object, and the Maximum Items value is omitted in the request, or is set to a value larger than one, then the server SHALL empty the ID Placeholder, causing any subsequent operations that are batched with the Locate, and which do not specify a Unique Identifier explicitly, to fail. This ensures that these batched operations SHALL proceed only if a single object is returned by Locate.

The Date attributes in the Locate request (e.g., Initial Date, Activation Date, etc.) are used to specify a time or a time range for the search. If a single instance of a given Date attribute is used in the request (e.g., the Activation Date), then objects with the same Date attribute are considered to be matching candidate objects. If two instances of the same Date attribute are used (i.e., with two different values specifying a range), then objects for which the Date attribute is inside or at a limit of the range are considered to be matching candidate objects. If a Date attribute is set to its largest possible value, then it is equivalent to an undefined attribute.

When the Cryptographic Usage Mask attribute is specified in the request, candidate objects are compared against this field via an operation that consists of a logical AND of the requested mask with the mask in the candidate object, and then a comparison of the resulting value with the requested mask. For example, if the request contains a mask value of 10001100010000, and a candidate object mask contains 10000100010000, then the logical AND of the two masks is 10000100010000, which is compared against the mask value in the request (10001100010000) and the match fails. This means that a matching candidate object has all of the bits set in its mask that are set in the requested mask, but MAY have additional bits set.

When the Usage Limits attribute is specified in the request, matching candidate objects SHALL have a Usage Limits Count and Usage Limits Total equal to or larger than the values specified in the request.

 

The Storage Status Mask field is used to indicate whether on-line objects (not archived or destroyed), archived objects, destroyed objects or any combination of the above are to be searched. The server SHALL NOT return unique identifiers for objects that are destroyed unless the Storage Status Mask field includes the Destroyed Storage indicator. The server SHALL NOT return unique identifiers for objects that are archived unless the Storage Status Mask field includes the Archived Storage indicator.

Table 344: Locate Request Payload

Table 345: Locate Response Payload

6.1.32.1 Error Handling – Locate

This section details the specific Result Reasons that SHALL be returned for errors detected in a Locate Operation.

 

Table 346: Locate Errors

6.1.33 Log

This operation requests the server to log a message to the server log. The response payload returned is empty.

Table 347: Log Request Payload

Table 348: Log Response Payload

 

6.1.33.1 Error Handling – Log

This section details the specific Result Reasons that SHALL be returned for errors detected in a Query Operation.

 

Table 349: Log Errors

6.1.34 Login

This operation requests the server to allow future requests ti be authenticated using a ticket that is returned by this operation.

Table 350: Login Request Payload

Table 351: Login Response Payload

6.1.34.1 Error Handling - Login

This section details the specific Result Reasons that SHALL be returned for errors detected in an Login Operation.

 

Table 352: Login Errors

 

6.1.35 Logout

This operation requests the server to terminate the Login and prevent future unauthenticated sessions being created without the ticket.

Table 353: Logout Request Payload

Table 354: Logout Response Payload

6.1.35.1 Error Handling - Logout

This section details the specific Result Reasons that SHALL be returned for errors detected in an Logout Operation.

 

Table 355: Logout Errors

6.1.36 MAC

This operation requests the server to perform message authentication code (MAC) operation on the provided data using a Managed Cryptographic Object as the key for the MAC operation.

The request contains information about the cryptographic parameters (cryptographic algorithm) and the data to be MACed. The cryptographic parameters MAY be omitted from the request as they can be specified as associated attributes of the Managed Cryptographic Object.

The response contains the Unique Identifier of the Managed Cryptographic Object used as the key and the result of the MAC operation.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 356: MAC Request Payload

Table 357: MAC Response Payload

6.1.36.1 Error Handling - MAC

This section details the specific Result Reasons that SHALL be returned for errors detected in a MAC Operation.

 

Table 358: MAC Errors

6.1.37 MAC Verify

This operation requests the server to perform message authentication code (MAC) verify operation on the provided data using a Managed Cryptographic Object as the key for the MAC verify operation.

The request contains information about the cryptographic parameters (cryptographic algorithm) and the data to be MAC verified and MAY contain the data that was passed to the MAC operation (for those algorithms which need the original data to verify a MAC). The cryptographic parameters MAY be omitted from the request as they can be specified as associated attributes of the Managed Cryptographic Object.

The response contains the Unique Identifier of the Managed Cryptographic Object used as the key and the result of the MAC verify operation. The validity of the MAC is indicated by the Validity Indicator field.

The response message SHALL include the Validity Indicator for single-part MAC Verify operations and for the final part of a multi-part MAC Verify operation. Non-Final parts of multi-part MAC Verify operations SHALL NOT include the Validity Indicator.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 359: MAC Verify Request Payload

Table 360: MAC Verify Response Payload

6.1.37.1 Error Handling - MAC Verify

This section details the specific Result Reasons that SHALL be returned for errors detected in a MAC Verify Operation.

 

Table 361: MAC Verify Errors

6.1.38 Modify Attribute

This operation requests the server to modify the value of an existing attribute instance associated with a Managed Object. The request contains the Unique Identifier of the Managed Object whose attribute is to be modified, the OPTIONAL Current Attribute existing value and the New Attribute new value. If no Current Attribute is specified in the request, then if there is only a single instance of the Attribute it SHALL be selected as the attribute instance to be modified to the New Attribute value, and if there are multiple instances of the Attribute an error SHALL be returned (as the specific instance of the attribute is unable to be determined).. Only existing attributes MAY be changed via this operation. Only the specified instance of the attribute SHALL be modified. Specifying a Current Attribute for which there exists no Attribute associated with the object SHALL result in an error.

Table 362: Modify Attribute Request Payload

Table 363: Modify Attribute Response Payload

6.1.38.1 Error Handling - Modify Attribute

This section details the specific Result Reasons that SHALL be returned for errors detected in a Modify Attribute Operation.

 

Table 364: Modify Attribute Errors

6.1.39 Obliterate

This operation requests the server to remove the Managed Object. All meta-data SHALL also be removed from the server.  Any attempt to reference an object with the Unique Identifier SHALL return an Object Not Found error.  After this operation has been completed, another object with the same Unique Identifier may be created, imported or registered without needing to set the Replace Existing parameter. The Response Payload SHALL be empty.

Table 365: Obliterate Request Payload

Table 366: Obliterate Response Payload

6.1.39.1 Error Handling – Obliterate

This section details the specific Result Reasons that SHALL be returned for errors detected in an Obliterate Operation.

 

Table 367: Obliterate Errors

6.1.40 Obtain Lease

This operation requests the server to obtain a new Lease Time for a specified Managed Object. The Lease Time is an interval value that determines when the client's internal cache of information about the object expires and needs to be renewed. If the returned value of the lease time is zero, then the server is indicating that no lease interval is effective, and the client MAY use the object without any lease time limit.  If a client's lease expires, then the client SHALL NOT use the associated cryptographic object until a new lease is obtained. If the server determines that a new lease SHALL NOT be issued for the specified cryptographic object, then the server SHALL respond to the Obtain Lease request with an error.

The response payload for the operation contains the current value of the Last Change Date attribute for the object. This MAY be used by the client to determine if any of the attributes cached by the client need to be refreshed, by comparing this time to the time when the attributes were previously obtained.

Table 368: Obtain Lease Request Payload

Table 369: Obtain Lease Response Payload

6.1.40.1 Error Handling - Obtain Lease

This section details the specific Result Reasons that SHALL be returned for errors detected in a Obtain Lease Operation.

 

Table 370: Obtain Lease Errors

6.1.41 Ping

This operation is used to determine if a server is alive and responding. The server MAY treat the Ping operation as a non-logged operation.

Table 371: Ping Request Payload

Table 372: Ping Response Payload

6.1.42 PKCS#11

This operation enables the server to perform a PKCS#11 operation.

Table 373: PKCS#11 Request Payload

Table 374: PKCS#11 Response Payload

6.1.42.1 Error Handling – PKCS#11

This section details the specific Result Reasons that SHALL be returned for errors detected in a PKCS#11 Operation.

 

Table 375: PKCS#11 Errors

6.1.43 Poll

This operation is used to poll the server in order to obtain the status of an outstanding asynchronous operation. The correlation value of the original operation SHALL be specified in the request. The response to this operation SHALL NOT be asynchronous.

Table 376: Poll Request Payload

The server SHALL reply with one of two responses:

If the operation has not completed, the response SHALL contain no payload and a Result Status of Pending.

If the operation has completed, the response SHALL contain the appropriate payload for the operation. This response SHALL be identical to the response that would have been sent if the operation had completed synchronously.

6.1.43.1 Error Handling – Poll

This section details the specific Result Reasons that SHALL be returned for errors detected in a Poll Operation.

 

Table 377: Poll Errors

6.1.44 Process

This operation requests the server to modify its processing of a previously-submitted asynchronous request such that the next Poll for that asynchronous request SHALL NOT return a “pending” status, effectively changing the processing mode for that batch item to that resembling synchronous processing (note that this may have processing implications for other items in that same.

Table 378: Process Request Payload

Table 379: Process Response Payload

6.1.44.1 Error Handling – Process

This section details the specific Result Reasons that SHALL be returned for errors detected in a Process Operation.

 

Table 380: Process Request Errors

6.1.45 Query

This operation is used by the client to interrogate the server to determine its capabilities and/or protocol mechanisms.

For each Query Function specified in the request, the corresponding items SHALL be returned in the response.

Table 381: Query Functions

If both Query Extension List and Query Extension Map are specified in the request, then only the response to Query Extension Map SHALL be returned and the Query Extension List SHALL be ignored.

If the Query Function RNG Parameters is specified in the request and If the server is unable to specify details of the RNG then it SHALL return an RNG Parameters with the RNG Algorithm enumeration of Unspecified.

 

Note that the response payload is empty if there are no values to return.

The Query Function field in the request SHALL contain one or more of the following items:

Table 382: Query Request Payload

Table 383: Query Response Payload

6.1.45.1 Error Handling – Query

This section details the specific Result Reasons that SHALL be returned for errors detected in a Query Operation.

 

Table 384: Query Errors

6.1.46 Query Asynchronous Requests

This operation requests the server to report on any asynchronous requests that have been made for which results have not yet been obtained via the normal Poll (or less-normal Cancel) operation.

Table 385: Query Asynchronous Requests Request Payload

If no parameters are passed on this operation, the server SHOULD report any asynchronous requests whose results are still outstanding. If Asynchronous Correlation Values are passed, the server SHOULD report the outstanding asynchronous requests whose values match. If Operations are passed, the server SHOULD report the outstanding asynchronous requests whose Operation matches one of those contained in Operations.

Table 386: PKCS#11 Response Payload

6.1.46.1 Error Handling – Query Asynchronous Requests

This section details the specific Result Reasons that SHALL be returned for errors detected in a Query Asynchronous Requests Operation.

 

Table 387: Query Asynchronous Requests Errors

 

6.1.47 Recover

This operation is used to obtain access to a Managed Object that has been archived. This request MAY need asynchronous polling to obtain the response due to delays caused by retrieving the object from the archive. Once the response is received, the object is now on-line, and MAY be obtained (e.g., via a Get operation). Special authentication and authorization SHOULD be enforced to perform this request (see [KMIP-UG]).

Table 388: Recover Request Payload

Table 389: Recover Response Payload

6.1.47.1 Error Handling – Recover

This section details the specific Result Reasons that SHALL be returned for errors detected in a Recover Operation.

 

Table 390: Recover Errors

6.1.48 Register

This operation requests the server to register a Managed Object that was created by the client or obtained by the client through some other means, allowing the server to manage the object. The arguments in the request are similar to those in the Create operation, but contain the object itself for storage by the server.

The request contains information about the type of object being registered and attributes to be assigned to the object (e.g., Cryptographic Algorithm, Cryptographic Length, etc.). This information SHALL be specified by the use of an Attributes object.

If the Managed Object being registered is wrapped, the server SHALL create a Wrapping Key Link attribute pointing to the Managed Object with which the Managed Object being registered is wrapped.

If the client provides a Unique Identifier value in the set of attributes, the server SHALL use the provided Unique Identifier value unless the Unique Identifier value is already in use within the server (and in which case the server SHALL return a Result Reason of Object Already Exists). A server SHALL accept Unique Identifier values specified as universally unique identifiers represented as 32 hexadecimal (base-16) digits, formatted in five groups of digits separated by hyphens, in the form 8-4-4-4-12 for a total of 36 characters (32 hexadecimal characters and 4 hyphens). A server MAY also accept other formats of Unique Identifier values.

The response contains the registered object’s Unique Identifier as assigned by the server or specified by the client. The Initial Date attribute of the object SHALL be set to the current time.

Table 391: Register Request Payload

Table 392: Register Response Payload

If a Managed Cryptographic Object is registered, then the following attributes SHALL be included in the Register request.

Table 393: Register Attribute Requirements

6.1.48.1 Error Handling – Register

This section details the specific Result Reasons that SHALL be returned for errors detected in a Register Operation.

 

Table 394: Register Errors

6.1.49 Revoke

This operation requests the server to revoke a Managed Cryptographic Object or an Opaque Object. The request contains an option reason for the revocation (e.g., “key compromise”, “CA compromise”, etc.). The operation places the object into the “compromised” state; the Compromise Date is set to the current date and time; and the Compromise Occurrence Date is set to the value in the Revoke request and if a value is not provided in the Revoke request then Compromise Occurrence Date SHOULD be set to the Initial Date for the object. If the Revocation Reason is not provided, then a server SHALL process the request as though the Revocation Reason was specified as Unspecified.

Table 395: Revoke Request Payload

Table 396: Revoke Response Payload

6.1.49.1 Error Handling – Revoke

This section details the specific Result Reasons that SHALL be returned for errors detected in a Revoke Operation.

 

Table 397: Revoke Errors

6.1.50 Re-certify

This request is used to renew an existing Certificate object for the same key pair. Only a single certificate SHALL be renewed at a time.

The Certificate Request Value object MAY be omitted, in which case the public key for which a Certificate object is generated or a Certificate Request object SHALL be specified by its Unique Identifier only. If the Certificate Request Type and the Certificate Request Value objects are omitted from the request and the Unique Identifier does not refer to a Certificate Request, then the Certificate Type SHALL be specified using the Attributes object in the request, then the Certificate Type of the new certificate SHALL be the same as that of the existing certificate.

The Certificate Request is passed as a Byte String, which allows multiple certificate request types for X.509 certificates (e.g., PKCS#10, PEM, etc.) to be submitted to the server.

If the information in the Certificate Request Value field in the request conflicts with the attributes specified in the Attributes, then the information in the Certificate Request Value field takes precedence.

As the new certificate takes over the Name attribute of the existing certificate, Re-certify SHOULD only be performed once on a given (existing) certificate.

For the existing certificate, the server SHALL create a Replacement Object Link attribute pointing to the new certificate. For the new certificate, the server SHALL create a Replaced Object Link attribute pointing to the existing certificate. For the public key, the server SHALL change the Certificate Link attribute to point to the new certificate.

An Offset MAY be used to indicate the difference between the Initial Date and the Activation Date of the new certificate. If no Offset is specified, the Activation Date and Deactivation Date values are copied from the existing certificate. If Offset is set and dates exist for the existing certificate, then the dates of the new certificate SHALL be set based on the dates of the existing certificate as follows:

Table 398: Computing New Dates from Offset during Re-certify

Attributes that are not copied from the existing certificate and that are handled in a specific way for the new certificate are:

Table 399: Re-certify Attribute Requirements

Table 400: Re-certify Request Payload

Table 401: Re-certify Response Payload

6.1.50.1 Error Handling - Re-certify

This section details the specific Result Reasons that SHALL be returned for errors detected in a Re-certify Operation.

 

Table 402: Re-certify Errors

6.1.51 Re-key

This request is used to generate a replacement key for an existing symmetric key. It is analogous to the Create operation, except that attributes of the replacement key are copied from the existing key, with the exception of the attributes listed in Re-key Attribute Requirements.

As the replacement key takes over the name attribute of the existing key, Re-key SHOULD only be performed once on a given key.

For the existing key, the server SHALL create a Replacement Object Link attribute pointing to the replacement key. For the replacement key, the server SHALL create a Replaced Object Link attribute pointing to the existing key.

An Offset MAY be used to indicate the difference between the Initial Date and the Activation Date of the replacement key. If no Offset is specified, the Activation Date, Process Start Date, Protect Stop Date and Deactivation Date values are copied from the existing key. If Offset is set and dates exist for the existing key, then the dates of the replacement key SHALL be set based on the dates of the existing key as follows:

Table 403: Computing New Dates from Offset during Re-key

Attributes requiring special handling when creating the replacement key are:

Table 404: Re-key Attribute Requirements

Table 405: Re-key Request Payload

Table 406: Re-key Response Payload

6.1.51.1 Error Handling - Re-key

This section details the specific Result Reasons that SHALL be returned for errors detected in a Re-key Operation.

 

Table 407: Re-key Errors

6.1.52 Re-key Key Pair

This request is used to generate a replacement key pair for an existing public/private key pair.  It is analogous to the Create Key Pair operation, except that attributes of the replacement key pair are copied from the existing key pair, with the exception of the attributes listed in Re-key Key Pair Attribute Requirements tor.

As the replacement of the key pair takes over the name attribute for the existing public/private key pair, Re-key Key Pair SHOULD only be performed once on a given key pair.

For both the existing public key and private key, the server SHALL create a Replacement Object Link attribute pointing to the replacement public and private key, respectively. For both the replacement public and private key, the server SHALL create a Replaced Object Link attribute pointing to the existing public and private key, respectively.

An Offset MAY be used to indicate the difference between the Initial Date and the Activation Date of the replacement key pair. If no Offset is specified, the Activation Date and Deactivation Date values are copied from the existing key pair. If Offset is set and dates exist for the existing key pair, then the dates of the replacement key pair SHALL be set based on the dates of the existing key pair as follows

Table 408: Computing New Dates from Offset during Re-key Key Pair

Attributes for the replacement key pair that are not copied from the existing key pair and which are handled in a specific way are:

Table 409: Re-key Key Pair Attribute Requirements

Table 410: Re-key Key Pair Request Payload

 

Table 411: Re-key Key Pair Response Payload

6.1.52.1 Error Handling - Re-key Key Pair

This section details the specific Result Reasons that SHALL be returned for errors detected in a Re-key Key Pair Operation.

 

Table 412: Re-key Key Pair Errors

6.1.53 Re-Provision

This request is used to generate a replacement client link level credential from an existing client link level credential. The client requesting re-provisioning SHALL provide a certificate signing request, or a certificate, or no parameters if the server will create the client credential .

If the client provides a certificate signing request, the server SHALL process the certificate signing request and assign the new certificate to the be the client link level credential. The server SHALL return the unique identifier for the signed certificate stored on the server.

If the client provides a certificate, the server SHALL associate the certificate with the client as the client’s link level credential. The server SHALL return the unique identifier for the certificate stored on the server.

Where no parameters are provided, the server shall generate a key pair and certificate associated with the client. The server SHALL return the unique identifier for the private key. The client may then subsequently retrieve the private key via a Get operation.

The current client credential SHALL be made invalid and cannot be used in future KMIP requests.

Re-Provision SHALL be called by the client that requires new credentials

Re-Provision SHOULD fail if the certificate that represents the client credential has expired.

Re-Provision SHALL fail if the certificate that represents the client credential has been Revoked.

Re-Provision SHALL fail if the certificate that represents the client credential has been compromised.

Table 413: Re-Provision Request Payload

Table 414: Re-Provision Response Payload

6.1.53.1 Error Handling – Re-Provision

This section details the specific Result Reasons that SHALL be returned for errors detected in a Re-Provision Operation.

 

Table 415: RNG Retrieve Errors

6.1.54 RNG Retrieve

This operation requests the server to return output from a Random Number Generator (RNG).

The request contains the quantity of output requested.

The response contains the RNG output.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 416: RNG Retrieve Request Payload

Table 417: RNG Retrieve Response Payload

6.1.54.1 Error Handling - RNG Retrieve

This section details the specific Result Reasons that SHALL be returned for errors detected in a RNG Retrieve Operation.

 

Table 418: RNG Retrieve Errors

6.1.55 RNG Seed

This operation requests the server to seed a Random Number Generator.

The request contains the seeding material.

The response contains the amount of seed data used.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

The server MAY elect to ignore the information provided by the client (i.e. not accept the seeding material) and MAY indicate this to the client by returning zero as the value in the Data Length response. A client SHALL NOT consider a response from a server which does not use the provided data as an error.

Table 419: RNG Seed Request Payload

Table 420: RNG Seed Response Payload

6.1.55.1 Error Handling - RNG Seed

This section details the specific Result Reasons that SHALL be returned for errors detected in a RNG Seed Operation.

 

Table 421: RNG Seed Errors

6.1.56 Set Attribute

This operation requests the server to either add or modify an attribute. The request contains the Unique Identifier of the Managed Object to which the attribute pertains, along with the attribute and value. If the object did not have any instances of the attribute, one is created. If the object had exactly one instance, then it is modified. If it has more than one instance an error is raised. Read-Only attributes SHALL NOT be added or modified using this operation.

Table 422: Set Attribute Request Payload

Table 423: Set Attribute Response Payload

6.1.56.1 Error Handling - Set Attribute

This section details the specific Result Reasons that SHALL be returned for errors detected in a Add Attribute Operation.

 

Table 424: Set Attribute Errors

6.1.57 Set Constraints

This operation instructs the server to set the constraints that will be applied to Managed Objects during

operations.

Table 425: Set Constraints Request Payload

Table 426: Set Constraints Response Payload

6.1.57.1 Error Handling - Set Constraints

This section details the specific Result Reasons that SHALL be returned for errors detected in a Set

Constraints Operation.

 

Table 427: Set Constraints Errors

6.1.58 Set Defaults

This operation instructs the server to set the default attributes that will be applied to Managed Objects during factory operations if the client does not supply values for mandatory attributes.

Table 428: Set Defaults Request Payload

Table 429: Set Defaults Response Payload

6.1.58.1 Error Handling - Set Defaults

This section details the specific Result Reasons that SHALL be returned for errors detected in a Set

Defaults Operation.

Table 430: Set Defaults Errors

6.1.59 Set Endpoint Role

This operation requests specifying the role of server for subsequent requests and responses over the current client-to-server communication channel. After successful completion of the operation the server assumes the client role, and the client assumes the server role, but the communication channel remains as established.

Table 431: Set Endpoint Role Request Payload

Table 432: Set Endpoint Role Response Payload

6.1.59.1 Error Handling - Set Endpoint Role

This section details the specific Result Reasons that SHALL be returned for errors detected in a Set Endpoint Role Operation.

 

Table 433: Set Endpoint Role Errors

6.1.60 Sign

This operation requests the server to perform a signature operation on the provided data using a Managed Cryptographic Object as the key for the signature operation.

The request contains information about the cryptographic parameters (digital signature algorithm or cryptographic algorithm and hash algorithm) and the data to be signed. The cryptographic parameters MAY be omitted from the request as they can be specified as associated attributes of the Managed Cryptographic Object.

If the Managed Cryptographic Object referenced has a Usage Limits attribute then the server SHALL obtain an allocation from the current Usage Limits value prior to performing the signing operation. If the allocation is unable to be obtained the operation SHALL return with a result status of Operation Failed and result reason of Permission Denied.

The response contains the Unique Identifier of the Managed Cryptographic Object used as the key and the result of the signature operation.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 434: Sign Request Payload

Table 435: Sign Response Payload

6.1.60.1 Error Handling - Sign

This section details the specific Result Reasons that SHALL be returned for errors detected in a sign Operation.

 

Table 436: Sign Errors

6.1.61 Signature Verify

This operation requests the server to perform a signature verify operation on the provided data using a Managed Cryptographic Object as the key for the signature verification operation.

The request contains information about the cryptographic parameters (digital signature algorithm or cryptographic algorithm and hash algorithm) and the signature to be verified and MAY contain the data that was passed to the signing operation (for those algorithms which need the original data to verify a signature).

The cryptographic parameters MAY be omitted from the request as they can be specified as associated attributes of the Managed Cryptographic Object.

The response contains the Unique Identifier of the Managed Cryptographic Object used as the key and the OPTIONAL data recovered from the signature (for those signature algorithms where data recovery from the signature is supported). The validity of the signature is indicated by the Validity Indicator field.

The response message SHALL include the Validity Indicator for single-part Signature Verify operations and for the final part of a multi-part Signature Verify operation. Non-Final parts of multi-part Signature Verify operations SHALL NOT include the Validity Indicator.

The success or failure of the operation is indicated by the Result Status (and if failure the Result Reason) in the response header.

Table 437: Signature Verify Request Payload

Table 438: Signature Verify Response Payload

6.1.61.1 Error Handling - Signature Verify

This section details the specific Result Reasons that SHALL be returned for errors detected in a signature Verify Operation.

 

Table 439: Signature Verify Errors

6.1.62 Validate

This operation requests the server to validate a certificate chain and return information on its validity. Only a single certificate chain SHALL be included in each request.

The request MAY contain a list of certificate objects, and/or a list of Unique Identifiers that identify Managed Certificate objects. Together, the two lists compose a certificate chain to be validated. The request MAY also contain a date for which all certificates in the certificate chain are REQUIRED to be valid.

The method or policy by which validation is conducted is a decision of the server and is outside of the scope of this protocol. Likewise, the order in which the supplied certificate chain is validated and the specification of trust anchors used to terminate validation are also controlled by the server.

Table 440: Validate Request Payload

Table 441: Validate Response Payload

6.1.62.1 Error Handling – Validate

This section details the specific Result Reasons that SHALL be returned for errors detected in a Validate Operation.

 

Table 442: Validate Errors

6.2 Server-to-Client Operations

Server-to-client operations are used by servers to send information or Managed Objects to clients via means outside of the normal client-server request-response mechanism. These operations are used to send Managed Objects directly to clients without a specific request from the client.

6.2.1 Discover Versions

This operation is used by the server to determine a list of protocol versions that is supported by the client. The request payload contains an OPTIONAL list of protocol versions that is supported by the server. The protocol versions SHALL be ranked in decreasing order of preference.

The response payload contains a list of protocol versions that are supported by the client. The protocol versions are ranked in decreasing order of preference. If the server provides the client with a list of supported protocol versions in the request payload, the client SHALL return only the protocol versions that are supported by both the client and server. The client SHOULD list all the protocol versions supported by both client and server. If the protocol version specified in the request header is not specified in the request payload and the client does not support any protocol version specified in the request payload, the client SHALL return an empty list in the response payload. If no protocol versions are specified in the request payload, the client SHOULD return all the protocol versions that are supported by the client.

Table 443: Discover Versions Request Payload

6.2.1.1 Error Handling – Discover Versions

This section details the specific Result Reasons that SHALL be returned for errors detected in a Discover Versions Operation.

Table 444: Discover Versions Errors

6.2.2 Notify

This operation is used to notify a client of events that resulted in changes to attributes of an object. This operation is only ever sent by a server to a client via means outside of the normal client request/response protocol, using information known to the server via unspecified configuration or administrative mechanisms. It contains the Unique Identifier of the object to which the notification applies, and a list of the attributes whose changed values or deletion have triggered the notification. The client SHALL send a response in the form of a Response containing no payload, unless both the client and server have prior knowledge (obtained via out-of-band mechanisms) that the client is not able to respond.

6.2.2.1 Error Handling – Notify

This section details the specific Result Reasons that SHALL be returned for errors detected in a Notify Operation.

Table 445: Notify Message Errors

6.2.3 Put

This operation is used to “push” Managed Objects to clients. This operation is only ever sent by a server to a client via means outside of the normal client request/response protocol, using information known to the server via unspecified configuration or administrative mechanisms. It contains the Unique Identifier of the object that is being sent, and the object itself. The client SHALL send a response in the form of a Response Message  containing no payload, unless both the client and server have prior knowledge (obtained via out-of-band mechanisms) that the client is not able to respond.

The Put Function field indicates whether the object being “pushed” is a new object, or is a replacement for an object already known to the client (e.g., when pushing a certificate to replace one that is about to expire, the Put Function field would be set to indicate replacement, and the Unique Identifier of the expiring certificate                     would be placed in the Replaced Unique Identifier field). The Put Function SHALL contain one of the following values:

·       New – which indicates that the object is not a replacement for another object.

·       Replace – which indicates that the object is a replacement for another object, and that the Replaced Unique Identifier field is present and contains the identification of the replaced object. In case the object with the Replaced Unique Identifier does not exist at the client, the client SHALL interpret this as if the Put Function contained the value New.

The Attribute field contains one or more attributes that the server is sending along with the object. The server MAY include the attributes associated with the object.

 

6.2.3.1 Error Handling – Put

This section details the specific Result Reasons that SHALL be returned for errors detected in a Put Operation.

 Table 446: Put Errors

6.2.4 Query

This operation is used by the server to interrogate the client to determine its capabilities and/or protocol mechanisms. The Query Function field in the request SHALL contain one or more of the following items:

·       Query Operations

·       Query Objects

·       Query Server Information

·       Query Extension List

·       Query Extension Map

·       Query Attestation Types

·       Query RNGs

·       Query Validations

·       Query Profiles

·       Query Capabilities

·       Query Client Registration Methods

The Operation fields in the response contain Operation enumerated values, which SHALL list all the operations that the client supports. If the request contains a Query Operations value in the Query Function field, then these fields SHALL be returned in the response.

The Object Type fields in the response contain Object Type enumerated values, which SHALL list all the object types that the client supports. If the request contains a Query Objects value in the Query Function field, then these fields SHALL be returned in the response.

The Server Information field in the response is a structure containing vendor-specific fields and/or substructures. If the request contains a Query Server Information value in the Query Function field, then this field SHALL be returned in the response.

The Extension Information fields in the response contain the descriptions of Objects with Item Tag values in the Extensions range that are supported by the server. If the request contains a Query Extension List and/or Query Extension Map value in the Query Function field, then the Extensions Information fields SHALL be returned in the response. If the Query Function field contains the Query Extension Map value, then the Extension Tag and Extension Type fields SHALL be specified in the Extension Information values. If both Query Extension List and Query Extension Map are specified in the request, then only the response to Query Extension Map SHALL be returned and the Query Extension List SHALL be ignored.

The Attestation Type fields in the response contain Attestation Type enumerated values, which SHALL list all the attestation types that the client supports. If the request contains a Query Attestation Types value in the Query Function field, then this field SHALL be returned in the response if the server supports any Attestation Types.

The RNG Parameters fields in the response SHALL list all the Random Number Generators that the client supports. If the request contains a Query RNGs value in the Query Function field, then this field SHALL be returned in the response. If the server is unable to specify details of the RNG then it SHALL return an RNG Parameters with the RNG Algorithm enumeration of Unspecified.

The Validation Information field in the response is a structure containing details of each formal validation which the client asserts. If the request contains a Query Validations value, then zero or more Validation Information fields SHALL be returned in the response. A client MAY elect to return no validation information in the response.

A Profile Information field in the response is a structure containing details of the profiles that a client supports including potentially how it supports that profile. If the request contains a Query Profiles value in the Query Function field, then this field SHALL be returned in the response if the client supports any Profiles.

The Capability Information fields in the response contain details of the capability of the client.

The Client Registration Method fields in the response contain Client Registration Method enumerated values, which SHALL list all the client registration methods that the client supports. If the request contains a Query Client Registration Methods value in the Query Function field, then this field SHALL be returned in the response if the server supports any Client Registration Methods.

Note that the response payload is empty if there are no values to return.

Table 447: Query Request Payload

6.2.4.1 Error Handling – Query

This section details the specific Result Reasons that SHALL be returned for errors detected in a Query Operation.

 Table 448: Query Errors

6.2.5 Set Endpoint Role

This operation requests specifying the role of server for subsequent requests and responses over the current client-to-server communication channel. After successful completion of the operation the server assumes the client role, and the client assumes the server role, but the communication channel remains as established.

Table 449: Set Endpoint Role Request Payload

Table 450: Set Endpoint Role Response Payload

6.2.5.1 Error Handling - Set Endpoint Role

This section details the specific Result Reasons that SHALL be returned for errors detected in a Set Endpoint Role Operation.

 

Table 451: Set Endpoint Role Errors

 

Common structure used across multiple operations

7.1 Asynchronous Correlation Values

A list of Asynchronous Correlation Values.

Table 452 Asynchronous Correlation Values Structure

7.2 Asynchronous Request

The Asynchronous Request structure contains details of an asynchronous request whose status has not yet been obtained by the submitter.

Table 453 Asynchronous Request Structure

7.3 Authenticated Encryption Additional Data

The Authenticated Encryption Additional Data object is used in authenticated encryption and decryption operations that require the transmission of that data between client and server.

Table 454 Authenticated Encryption Additional Data

7.4 Authenticated Encryption Tag

The Authenticated Encryption Tag object is used to validate the integrity of the data encrypted and decrypted in “Authenticated Encryption” mode. See [SP800-38D].

Table 455 Authenticated Encryption Tag

7.5 Capability Information

The Capability Information base object is a structure that contains details of the supported capabilities.

Table 456: Capability Information Structure

7.6 Constraint

The Constraint is a structure that contains details of a constraint that is applied to operations that create

Managed Objects.

Table 457: Constraint Structure

7.7 Constraints

A set of Constraint structures.

Table 458: Constraints Structure

7.8 Correlation Value

The Correlation Value is used in requests and responses in cryptographic operations that support multi-part (streaming) operations. This is generated by the server and returned in the first response to an operation that is being performed across multiple requests. Note: the server decides which operations are supported for multi-part usage. A server-generated correlation value SHALL be specified in any subsequent cryptographic operations that pertain to the original operation.

Table 459: Correlation Value Structure

7.9 Credential Information

The Credential Information operations data object is a structure that contains a list of Credential Types. A server SHALL return at least one Credential Type within the structure.

Table 460: Credential Information Structure

7.10 Data

The Data object is used in requests and responses in cryptographic operations that pass data between the client and the server.

Table 461: Data encoding descriptions

Table 462: Data

7.11 Data Length

The Data Length is used in requests in cryptographic operations to indicate the amount of data expected in a response.

Table 463: Data Length Structure

7.12 Defaults Information

The Defaults Information is a structure used in Query responses for values that servers will use if clients omit them from factory operations requests.

Table 464: Defaults Information Structure

7.13 Derivation Parameters

The Derivation Parameters for all derivation methods consist of the following parameters.

Table 465: Derivation Parameters Structure

Cryptographic Parameters identify the Pseudorandom Function (PRF) or the mode of operation of the PRF (e.g., if a key is to be derived using the HASH derivation method, then clients are REQUIRED to indicate the hash algorithm inside Cryptographic Parameters; similarly, if a key is to be derived using AES in CBC mode, then clients are REQUIRED to indicate the Block Cipher Mode).

If a key is derived using HMAC, then the attributes of the derivation key provide enough information about the PRF, and the Cryptographic Parameters are ignored.

Derivation Data is either the data to be encrypted, hashed, or HMACed. For the NIST SP 800-108 methods [SP800-108], Derivation Data is Label||{0x00}||Context, where the all-zero byte is optional.

Most derivation methods (e.g., Encrypt) REQUIRE a derivation key and the derivation data to be used. The HASH derivation method REQUIRES either a derivation key or derivation data. Derivation data MAY either be explicitly provided by the client with the Derivation Data field or implicitly provided by providing the Unique Identifier of a Secret Data object. If both are provided, then an error SHALL be returned.

For the AWS Signature Version 4 derivation method, the Derivation Data is (in order) the Date, Region, and Service.

For the HKDF derivation method, the Input Key Material is provided by the specified managed object, the salt is provided in the Salt field of the Derivation Parameters, the optional information is provided in the Derivation Data field of the Derivation Parameters, the output length is specified in the Cryptographic Length attribute provided in the Attributes request parameter. The default hash function is SHA-256 and may be overridden by specifying a Hashing Algorithm in the Cryptographic Parameters field of the Derivation Parameters.

7.14 Extension Information

An Extension Information object is a structure describing Objects with Item Tag values in the Extensions range. The Extension Name is a Text String that is used to name the Object. The Extension Tag is the Item Tag Value of the Object. The Extension Type is the Item Type Value of the Object.

Table 466: Extension Information Structure

7.15 Final Indicator

The Final Indicator is used in requests in cryptographic operations that support multi-part (streaming) operations. This is provided in the final (last) request with a value of True to an operation that is being performed across multiple requests.

Table 467: Final Indicator Structure

7.16 Interop Function

The IInterop Functrion is used in requests and responses in to indicate the commencement or completion of an interop operation.

Table 468: Interop Function Structure

7.17 Interop Identifier

The Interop Identifier is used in requests and responses in to indicate that which interop test is being performed.

Table 469: Interop Function Structure

7.18 Init Indicator

The Init Indicator is used in requests in cryptographic operations that support multi-part (streaming) operations. This is provided in the first request with a value of True to an operation that is being performed across multiple requests.

Table 470: Init Indicator Structure

7.19 Key Wrapping Specification

This is a separate structure that is defined for operations that provide the option to return wrapped keys. The Key Wrapping Specification SHALL be included inside the operation request if clients request the server to return a wrapped key. If Cryptographic Parameters are specified in the Encryption Key Information and/or the MAC/Signature Key Information of the Key Wrapping Specification, then the server SHALL verify that they match one of the instances of the Cryptographic Parameters attribute of the corresponding key.. If the corresponding key does not have any Cryptographic Parameters attribute, or if no match is found, then an error is returned.

This structure contains:

·       A Wrapping Method that indicates the method used to wrap the Key Value.

·       Encryption Key Information with the Unique Identifier value of the encryption key and associated cryptographic parameters.

·       MAC/Signature Key Information with the Unique Identifier value of the MAC/signature key and associated cryptographic parameters.

·       Zero or more Attribute Names to indicate the attributes to be wrapped with the key material.

·       An Encoding Option, specifying the encoding of the Key Value before wrapping. If No Encoding is specified, then the Key Value SHALL NOT contain any attributes

Table 471: Key Wrapping Specification Object Structure

7.20 Log Message

The Log Message is used in the Log operation.

Table 472: Log Message Structure

7.21 MAC Data

The MAC Data is used in requests and responses in cryptographic operations that pass MAC data between the client and the server.

Table 473: MAC Data Structure

7.22 Objects

A list of Object Unique Identifiers.

Table 474: Objects Structure

7.23 Object Defaults

The Object Defaults is a structure that details the values that the server will use if the client omits them on factory methods for objects. The structure list the Attributes and their values by Object Type enumeration, as well as the Object Group(s) for which such defaults pertain (if not pertinent to ALL Object Group values).

Table 475: Object Defaults Structure

7.24 Object Groups

The Object Groups is a structure that lists the relevant Object Group Attributes and their values.

Table 476: Object Groups Structure

7.25 Object Types

The Object Types is a list of Object Type(s).

Table 477: ObjectTypes Structure

7.26 Operations

A list of Operations.

Table 478: Operations Structure

7.27 PKCS#11 Function

The PKCS#11 Function structure contains details of the PKCS#11 Function. Specific fields MAY pertain only to certain types of profiles.

Table 479: PKCS#11 Function Structure

7.28 PKCS#11 Input Parameters

The PKCS#11 Input Parameters structure contains details of the PKCS#11 Input Parameters. Specific fields MAY pertain only to certain types of profiles.

Table 480: PKCS#11 Input Parameters Structure

7.29 PKCS#11 Interface

The PKCS#11 Interface structure contains details of the PKCS#11 Interface. Specific fields MAY pertain only to certain types of profiles.

Table 481: PKCS#11 Interface Structure

7.30 PKCS#11 Output Parameters

The PKCS#11 Output Parameters structure contains details of the PKCS#11 Output Parameters. Specific fields MAY pertain only to certain types of profiles.

Table 482: PKCS#11 Output Parameters Structure

7.31 PKCS#11 Return Code

The PKCS#11 Return Code structure contains details of the PKCS#11 Return Code. Specific fields MAY pertain only to certain types of profiles.

Table 483: PKCS#11 Return Code Structure

7.32 Profile Information

The Profile Information structure contains details of the supported profiles. Specific fields MAY pertain only to certain types of profiles.

Table 484: Profile Information Structure

7.33 Profile Version

The Profile Version structure contains the version number of the profile, ensuring that the profile is fully understood by both communicating parties. The version number SHALL be specified in two parts, major and minor.

Table 485: Profile Version Structure

7.34 Protection Storage Masks

The Protection Storage Masks operations data object is a structure that contains an ordered collection of

Protection Storage Mask selections acceptable to the client. The server MAY service the request with

ANY Storage Protection Mask that the client passes, but SHALL return an error if no single Storage

Protection Mask can be satisfied in its entirety (all bits match). When more than one Protection Storage

Mask is specified by a Client, then all are acceptable alternatives. Note that there are also variants of

Protection Storage Masks to deal with the operations that deal with asymmetric pairs (Common

Protection Storage Masks, Private Protection Storage Masks and Public Protection Storage Masks), as

the client may have different requirements on the parts of the pair, but the layout of those variants is

identical to the one expressed here.

Table 486: Protection Storage Mask Structure

7.35 Right

The Right base object is a structure that defines a right to perform specific numbers of specific operations on specific managed objects. If any field is omitted, then that aspect is unrestricted..

Table 487: Right Structure

7.36 Rights

A list of Rights.

Table 488: Rights Structure

7.37 RNG Parameters

The RNG Parameters base object is a structure that contains a mandatory RNG Algorithm and a set of OPTIONAL fields that describe a Random Number Generator. Specific fields pertain only to certain types of RNGs.

The RNG Algorithm SHALL be specified and if the algorithm implemented is unknown or the implementation does not want to provide the specific details of the RNG Algorithm then the Unspecified enumeration SHALL be used.

If the cryptographic building blocks used within the RNG are known they MAY be specified in combination of the remaining fields within the RNG Parameters structure.

 

Table 489: RNG Parameters Structure

7.38 Server Information

The Server Information  base object is a structure that contains a set of OPTIONAL fields that describe server information. Where a server supports returning information in a vendor-specific field for which there is an equivalent field within the structure, the server SHALL provide the standardized version of the field.

Table 490: Server Information Structure

7.39 Signature Data

The Signature Data is used in requests and responses in cryptographic operations that pass signature data between the client and the server.

Table 491: Signature Data Structure

7.40 Ticket

The ticket structure used to specify a Ticket

Table 492: Ticket Structure

7.41 Usage Limits

The Usage Limits structure is used to limit the number of operations that may be performed.

Table 493: Usage limits Structure

7.42 Validation Information

The Validation Information base object is a structure that contains details of a formal validation. Specific fields MAY pertain only to certain types of validations.

Table 494: Validation Information Structure

The Validation Authority along with the Validation Version Major, Validation Type and Validation Level SHALL be provided to uniquely identify a validation for a given validation authority. If the Validation Certificate URI is not provided the server SHOULD include a Validation Vendor URI from which information related to the validation is available.

The Validation Authority Country is the two letter ISO country code.

The messages in the protocol consist of a message header, one or more batch items (which contain OPTIONAL message payloads), and OPTIONAL message extensions. The message headers contain fields whose presence is determined by the protocol features used (e.g., asynchronous responses). The field contents are also determined by whether the message is a request or a response. The message payload is determined by the specific operation being requested or to which is being replied.

The message headers are structures that contain some of the following objects.

Messages contain the following objects and fields. All fields SHALL appear in the order specified.

Batched operations SHALL be executed in the order in which they appear within the request.

If the client is capable of accepting asynchronous responses, then it MAY set the Asynchronous Indicator in the header of a batched request. The batched responses MAY contain a mixture of synchronous and asynchronous responses only if the Asynchronous Indicator is present in the header.

8.1 Requests

8.1.1 Request Message

Table 495: Request Message Structure

8.1.2 Request Header

Table 496: Request Header Structure

8.1.3 Request Batch Item

Table 497: Request Batch Item Structure

8.2 Responses

8.2.1 Response Message

Table 498: Response Message Structure

8.2.2 Response Header

Table 499: Response Header Structure

8.2.3 Response Batch Item

Table 500: Response Batch Item Structure

Data structures passed within request and response messages.

9.1 Asynchronous Correlation Value

This is returned in the immediate response to an operation that is pending and that requires asynchronous polling. Note: the server decides which operations are performed synchronously or asynchronously. A server-generated correlation value SHALL be specified in any subsequent Poll or Cancel operations that pertain to the original operation.

Table 501: Asynchronous Correlation Value in Response Batch Item

9.2 Asynchronous Indicator

This Enumeration indicates whether the client is able to accept an asynchronous response. If not present in a request, then Prohibited is assumed. If the value is Prohibited, the server SHALL process the request synchronously.

Table 502: Asynchronous Indicator in Message Request Header

9.3 Attestation Capable Indicator

The Attestation Capable Indicator flag indicates whether the client is able to create an Attestation Credential object. It SHALL have Boolean value True if the client is able to create an Attestation Credential object, and the value False otherwise. If not present, the value False is assumed. If a client indicates that it is not able to create an Attestation Credential Object, and the client has issued an operation that requires attestation such as Get, then the server SHALL respond to the request with a failure.

Table 503: Attestation Capable Indicator in Message Request Header

9.4 Authentication

This is used to authenticate the requester. It is an OPTIONAL information item, depending on the type of request being issued and on server policies. Servers MAY require authentication on no requests, a subset of the requests, or all requests, depending on policy. Query operations used to interrogate server features and functions SHOULD NOT require authentication. The Authentication structure SHALL contain one or more Credential structures. If multiple Credential structures are provided then they must ALL be satisfied.

Specific authentication mechanisms are specified in [KMIP-Prof].

Table 504: Authentication Structure in Message Header

9.5 Batch Error Continuation Option

This option SHALL have one of three values (Undo, Stop or Continue). If not specified, then Stop is assumed.

Table 505: Batch Error Continuation Option in Message Request Header

9.6 Batch Item

This field consists of a structure that holds the individual requests or responses in a batch, and is REQUIRED. The contents of the batch items are described in Sections 8.1.3 and above8.2.3.

Table 506: Batch Item in Message

9.7 Correlation Value (Client)

The Client Correlation Value is a string that MAY be added to messages by clients to provide additional

information to the server. It need not be unique. The server SHOULD log this information.

For client to server operations, the Client Correlation Value is provided in the request. For server to client operations the Client Correlation Value is provided in the response.

Table 507: Client Correlation Value in Message Request Header

9.8 Correlation Value (Server)

The Server Correlation Value SHOULD be provided by the server and SHOULD be globally unique, and SHOULD be logged by the server with each request.

For client to server operations the Server Correlation Value is provided in the response. For server to client operations, the Server Correlation Value is provided in the request.

Table 508: Server Correlation Value in Message Request Header

9.9 Credential

A Credential is a structure used for client identification purposes and is not managed by the key management system (e.g., user id/password pairs, Kerberos tokens, etc.). It MAY be used for authentication purposes as indicated in [KMIP-Prof].

Table 509: Credential Object Structure

If the Credential Type in the Credential is Username and Password, then Credential Value is a structure. The Username field identifies the client, and the Password field is a secret that authenticates the client.

Table 510: Credential Value Structure for the Username and Password Credential

If the Credential Type in the Credential is Device, then Credential Value is a structure. One or a combination of the Device Serial Number, Network Identifier, Machine Identifier, and Media Identifier SHALL be unique. Server implementations MAY enforce policies on uniqueness for individual fields.  A shared secret or password MAY also be used to authenticate the client. The client SHALL provide at least one field.

Table 511: Credential Value Structure for the Device Credential

If the Credential Type in the Credential is Attestation, then Credential Value is a structure. The Nonce Value is obtained from the key management server in a Nonce Object. The Attestation Credential Object can contain a measurement from the client or an assertion from a third party if the server is not capable or willing to verify the attestation data from the client. Neither type of attestation data (Attestation Measurement or Attestation Assertion) is necessary to allow the server to accept either. However, the client SHALL provide attestation data in either the Attestation Measurement or Attestation Assertion fields.

Table 512: Credential Value Structure for the Attestation Credential

If the Credential Type in the Credential is One Time Password, then Credential Value is a structure. The Username field identifies the client, and the Password field is a secret that authenticates the client. The One Time Password field contains a one time password (OTP) which may only be used for a single authentication.

Table 513: Credential Value Structure for the One Time Password Credential

If the Credential Type in the Credential is Hashed Password, then Credential Value is a structure. The Username field identifies the client. The timestamp is the current timestamp used to produce the hash and SHALL monotonically increase. The Hashing Algorithm SHALL default to SHA 256. The Hashed Password is define as

Hashed Password = Hash(S1 || Timestamp) || S2

Where

S1 = Hash(Username || Password)

S2 = Hash(Password || Username)

Table 514: Credential Value Structure for the Hashed Password Credential

If the Credential Type in the Credential is Ticket, then Credential Value is a structure.

Table 515: Credential Value Structure for the Ticket

9.10 Maximum Response Size

This is an OPTIONAL field contained in a request message, and is used to indicate the maximum size of a response, in bytes, that the requester SHALL be able to handle. It SHOULD only be sent in requests that possibly return large replies.

Table 516: Maximum Response Size in Message Request Header

9.11 Message Extension

The Message Extension is an OPTIONAL structure that MAY be appended to any Batch Item. It is used to extend protocol messages for the purpose of adding vendor-specified extensions. The Message Extension is a structure that SHALL contain the Vendor Identification, Criticality Indicator, and Vendor Extension fields. The Vendor Identification SHALL be a text string that uniquely identifies the vendor, allowing a client to determine if it is able to parse and understand the extension. If a client or server receives a protocol message containing a message extension that it does not understand, then its actions depend on the Criticality Indicator. If the indicator is True (i.e., Critical), and the receiver does not understand the extension, then the receiver SHALL reject the entire message. If the indicator is False (i.e., Non-Critical), and the receiver does not understand the extension, then the receiver MAY process the rest of the message as if the extension were not present. The Vendor Extension structure SHALL contain vendor-specific extensions.

Table 517: Message Extension Structure in Batch Item

9.12 Nonce

A Nonce object is a structure used by the server to send a random value to the client. The Nonce Identifier is assigned by the server and used to identify the Nonce object. The Nonce Value consists of the random data created by the server.

Table 518: Nonce Structure

9.13 Operation

This field indicates the operation being requested or the operation for which the response is being returned.

Table 519: Operation in Batch Item

9.14 Protocol Version

This field contains the version number of the protocol, ensuring that the protocol is fully understood by both communicating parties. The version number SHALL be specified in two parts, major and minor. Servers and clients SHALL support backward compatibility with versions of the protocol with the same major version. Support for backward compatibility with different major versions is OPTIONAL.

Table 520: Protocol Version Structure in Message Header

9.15 Result Message

This field MAY be returned in a response. It contains a more descriptive error message, which MAY be provided to an end user or used for logging/auditing purposes.

Table 521: Result Message in Response Batch Item

9.16 Result Reason

This field indicates a reason for failure or a modifier for a partially successful operation and SHALL be present in responses that return a Result Status of Failure. In such a case, the Result Reason SHALL be set as specified. It SHALL NOT be present in any response that returns a Result Status of Success.

Table 522: Result Reason in Response Batch Item

9.17 Result Status

This is sent in a response message and indicates the success or failure of a request. The following values MAY be set in this field:

·       Success – The requested operation completed successfully.

·       Operation Pending – The requested operation is in progress, and it is necessary to obtain the actual result via asynchronous polling. The asynchronous correlation value SHALL be used for the subsequent polling of the result status.

·       Operation Undone – The requested operation was performed, but had to be undone (i.e., due to a failure in a batch for which the Error Continuation Option was set to Undo).

·       Operation Failed – The requested operation failed.

Table 523: Result Status in Response Batch Item

9.18 Time Stamp

This is an OPTIONAL field contained in a client request. It is REQUIRED in a server request and response. It is used for time stamping, and MAY be used to enforce reasonable time usage at a client (e.g., a server MAY choose to reject a request if a client's time stamp contains a value that is too far off the server’s time). Note that the time stamp MAY be used by a client that has no real-time clock, but has a countdown timer, to obtain useful “seconds from now” values from all of the Date attributes by performing a subtraction.

Table 524: Time Stamp in Message Header

10.1 TTLV

In order to minimize the resource impact on potentially low-function clients, one encoding mechanism to be used for protocol messages is a simplified TTLV (Tag, Type, Length, Value) scheme.

The scheme is designed to minimize the CPU cycle and memory requirements of clients that need to encode or decode protocol messages, and to provide optimal alignment for both 32-bit and 64-bit processors. Minimizing bandwidth over the transport mechanism is considered to be of lesser importance.

10.1.1 Tag

An Item Tag is a three-byte binary unsigned integer, transmitted big endian, which contains the Tag Enumeration Value (using only the three least significant bytes of the enumeration).

10.1.2 Type

An Item Type is a byte containing a coded value that indicates the data type of the data object using the specified Item Type Enumeration (using only the least significant byte of the enumeration).

Table 525: Item Types

10.1.3 Length

An Item Length is a 32-bit binary integer, transmitted big-endian, containing the number of bytes in the Item Value. The allowed values are:

 

Data Type	Length
Structure	Varies, multiple of 8
Integer	4
Long Integer	8
Big Integer	Varies, multiple of 8
Enumeration	4
Boolean	8
Text String	Varies
Byte String	Varies
Date Time	8
Interval	4
Date Time Extended	8
Identifier	Varies
Reference	Varies
Name Reference	Varies

Table 526: Allowed Item Length Values

10.1.4 Value

The item value is a sequence of bytes containing the value of the data item, depending on the type.

10.1.5 Padding

If the Item Type is Structure, then the Item Length is the total length of all of the sub-items contained in the structure, including any padding. If the Item Type is Integer, Enumeration, Text String, Byte String, Identifier, Reference, Name Reference, or Interval, then the Item Length is the number of bytes excluding the padding bytes. Text Strings, Byte Strings, Identifiers, References and Name References SHALL be padded with the minimal number of bytes following the Item Value to obtain a multiple of eight bytes. Integers, Enumerations, and Intervals SHALL be padded with four bytes following the Item Value.

10.2 Other Message Protocols

In addition to the mandatory TTLV messaging protocol, a number of optional message-encoding mechanisms to support different transport protocols and different client capabilities.

10.2.1 HTTPS

The HTTPs messaging protocol is specified in [KMIP-Prof].

10.2.2 JSON

The JSON messaging protocol is specified in [KMIP-Prof].

10.2.3 XML

The XML messaging protocol is specified in [KMIP-Prof].

10.3 Authentication

The mechanisms used to authenticate the client to the server and the server to the client are not part of the message definitions, and are external to the protocol. The KMIP Server SHALL support authentication as defined in [KMIP-Prof].

10.4 Transport

KMIP Servers and Clients SHALL establish and maintain channel confidentiality and integrity, and provide assurance of authenticity for KMIP messaging as specified in [KMIP-Prof].

The following tables define the values for enumerated lists. Values not listed (outside the range 80000000 to 8FFFFFFF) are reserved for future KMIP versions.

Implementations SHALL NOT use Tag Values marked as Reserved.

11.1 Adjustment Type Enumeration

The Adjustment Type enumerations are:

Table 527: Adjustment Type Descriptions

 

Table 528: Adjustment Type Enumeration

11.2 Alternative Name Type Enumeration

Table 529: Alternative Name Type Enumeration

11.3 Asynchronous Indicator Enumeration

Asynchronous Indicator enumerations are:

Table 530: Asynchronous Indicator Descriptions

 

Table 531: Asynchronous Indicator Enumeration

11.4 Attestation Type Enumeration

Table 532: Attestation Type Enumeration

11.5 Batch Error Continuation Option Enumeration

Batch Error Continuation Option enumerations are:

Table 533: Batch Error Continuation Option Descriptions

 

Table 534: Batch Error Continuation Option Enumeration

11.6 Block Cipher Mode Enumeration

Table 535: Block Cipher Mode Enumeration

11.7 Cancellation Result Enumeration

A Cancellation Result enumerations are:

Table 536: Cancellation Result Enumeration Descriptions

 

Table 537: Cancellation Result Enumeration

11.8 Certificate Request Type Enumeration

Table 538: Certificate Request Type Enumeration

11.9 Certificate Type Enumeration

 

Table 539: Certificate Type Enumeration

11.10 Client Registration Method Enumeration

Client Registration Method enumerations are:

Table 540: Client Registration Method Enumeration Descriptions

 

Table 541: Client Registration Method Enumerations

11.11 Credential Type Enumeration

Table 542: Credential Type Enumeration

11.12 Cryptographic Algorithm Enumeration

Table 543: Cryptographic Algorithm Enumeration

11.13 Data Enumeration

Table 544: Data Enumeration

11.14 Deactivation Reason Code Enumeration

Table 545: Deactivation Reason Code Enumeration

11.15 Derivation Method Enumeration

The Derivation Method enumerations are:

Item	Description	Mapping
PBKDF2	This method is used to derive a symmetric key from a password or pass phrase.	[PKCS#5] and [RFC2898]
HASH	This method derives a key by computing a hash over the derivation key or the derivation data.
HMAC	This method derives a key by computing an HMAC over the derivation data.
ENCRYPT	This method derives a key by encrypting the derivation data.
NIST800-108-C	This method derives a key by computing the KDF in Counter Mode	[SP800-108]
NIST800-108-F	This method derives a key by computing the KDF in Feedback Mode	[SP800-108]
NIST800-108-DPI	This method derives a key by computing the KDF in Double-Pipeline Iteration Mode	[SP800-108]
Asymmetric Key	This method derives a key using asymmetric key agreement between a private and public key.
AWS Signature Version 4	As defined in Amazon Web Services Signature Version 4.	[AWS-SIGV4]
HKDF	HMAC-based Extract-and-Expand Key Derivation Function	[RFC5869]

Table 546: Derivation Method Enumeration Descriptions

 

Table 547: Derivation Method Enumeration

11.16 Destroy Action Enumeration

Table 548: Destroy Action Enumeration

11.17 Digital Signature Algorithm Enumeration

Table 549: Digital Signature Algorithm Enumeration

11.18 DRBG Algorithm Enumeration

Table 550: DRGB Algorithm Enumeration

11.19 Encoding Option Enumeration

The following encoding options are currently defined:

Table 551: Encoding Option Description

 

Table 552: Encoding Option Enumeration

11.20 Endpoint Role Enumeration

The following endpoint roles are currently defined:

Table 553: Endpoint Role Description

 

Table 554: Endpoint Role Enumeration

11.21 Ephemeral Enumeration

The following ephemeral options are currently defined:

Table 555: Ephemeral Description

 

Table 556 Ephemeral Enumeration

 

11.22 FIPS186 Variation Enumeration

Table 557: FIPS186 Variation Enumeration

Note: the user should be aware that a number of these algorithms are no longer recommended for general use and/or are deprecated. They are included for completeness.

11.23 Hashing Algorithm Enumeration

Table 558: Hashing Algorithm Enumeration

11.24 Interop Function Enumeration

Interop Function enumerations are:

Table 559: Interop Function Descriptions

 

Table 560: Interop Function Enumeration

11.25 Item Type Enumeration

Item Type enumerations are:

Table 561: Item Type Descriptions

 

Table 562: Item Type Enumeration

11.26 Key Compression Type Enumeration

            Table 563: Key Compression Type Enumeration values

11.27 Key Format Type Enumeration

A Key Block contains a Key Value of one of the following Key Format Types:

Table 564: Key Format Types Description

 

Table 565: Key Format Type Enumeration

11.28 Key Role Type Enumeration

Table 566: Key Role Type Enumeration

Note that while the set and definitions of key role types are chosen to match [X9 TR-31] there is no necessity to match binary representations.

11.29 Key Value Location Type Enumeration

Table 567: Key Value Location Type Enumeration

11.30 Key Wrap Type Enumeration

Table 568: Key Wrap Enumeration

11.31 Mask Generator Enumeration

Table 569: Name Type Enumeration

11.32 NIST Key Type Enumeration

Table 570:  NIST Key Type Enumeration

11.33 Object Class Enumeration

Table 571: Object Class Enumeration

11.34 Object Type Enumeration

Table 572: Object Type Enumeration

11.35 Opaque Data Type Enumeration

Table 573: Opaque Data Type Enumeration

11.36 Operation Enumeration

Table 574: Operation Enumeration

11.37 OTP Algorithm Enumeration

The following One-Time Password algorithms are currently defined:

Table 575: OTP Algorithm Description

 

Table 576: OTP Algorithm Enumeration

11.38 Padding Method Enumeration

Table 577: Padding Method Enumeration

11.39 PKCS#11 Function Enumeration

The PKCS#11 Function enumerations are the 1-based offset count of the function in the CK_FUNCTION_LIST_3_0 structure as specified in [PKCS#11]

11.40 PKCS#11 Return Code Enumeration

The PKCS#11 Return Codes enumerations representing PKCS#11 return codes as specified in the CK_RV values in [PKCS#11]

11.41 Processing Stage Enumeration

Table 578: Processing Stage Enumeration

11.42 Profile Name Enumeration

 

Table 579: Profile Name Enumeration

11.43 Protection Level Enumeration

Table 580: Protection Level Enumeration

11.44 Put Function Enumeration

Table 581: Put Function Enumeration

11.45 Query Function Enumeration

Table 582: Query Function Enumeration

11.46 Recommended Curve Enumeration

Table 583: Recommended Curve Enumeration for ECDSA, ECDH, and ECMQV

11.47 Result Reason Enumeration

Following are the Result Reason enumerations.

 

Table 584: Result Reason Encoding Descriptions

Table 585: Result Reason Enumeration

11.48 Result Status Enumeration

Table 586: Result Status Enumeration

11.49 Revocation Reason Code Enumeration

Table 587: Revocation Reason Code Enumeration

11.50 RNG Algorithm Enumeration

Table 588: RNG Algorithm Enumeration

Note: the user should be aware that a number of these algorithms are no longer recommended for general use and/or are deprecated. They are included for completeness.

11.51 RNG Mode Enumeration

Table 589: RNG Mode Enumeration

11.52 Secret Data Type Enumeration

Table 590: Secret Data Type Enumeration

11.53 Shredding Algorithm Enumeration

Table 591: Shredding Algorithm Enumeration

11.54 Split Key Method Enumeration

Table 592: Split Key Method Enumeration

11.55 Split Key Polynomial Enumeration

Table 593: Split Key Polynomial Enumeration

11.56 State Enumeration

Table 594: State Enumeration

11.57 Tag Enumeration

All tags SHALL contain either the value 42 in hex or the value 54 in hex as the first byte of a three (3) byte enumeration value. Tags defined by this specification contain hex 42 in the first byte. Extensions contain the value 54 hex in the first byte.

Table 595: Tag Enumeration

11.58 Ticket Type Enumeration

Table 596: Ticket Type Enumeration

11.59 Unique Identifier Enumeration

The following values may be specified in an operation request for a Unique Identifier: If multiple unique identifiers would be referenced then the operation is repeated for each of them as separate batch items. If an operation appears multiple times in a request, it is the most recent that is referred to.

Table 597: Unique Identifier Enumeration

11.60 Unwrap Mode Enumeration

Table 598: Unwrap Mode Enumeration

11.61 Usage Limits Unit Enumeration

Table 599: Usage Limits Unit Enumeration

11.62 Validity Indicator Enumeration

Table 600: Validity Indicator Enumeration

11.63 Wrapping Method Enumeration

The following wrapping methods are currently defined:

Table 601: Key Wrapping Methods Description

 

Table 602: Wrapping Method Enumeration

11.64 Validation Authority Type Enumeration

Table 603: Validation Authority Type Enumeration

11.65 Validation Type Enumeration

Table 604: Validation Type Enumeration

All mask values SHALL be encoded as Integers in TTLV encoding and SHALL be encoded as Integers but in symbolic form in XML and JSON encodings.

12.1 Cryptographic Usage Mask

The following Cryptographic Usage Masks are currently defined:

Table 605: Cryptographic Usage Masks Description

 

Table 606: Cryptographic Usage Mask enumerations

This list takes into consideration values which MAY appear in the Key Usage extension in an X.509 certificate.

12.2 Protection Storage Mask

Table 607: Protection Storage Mask enumerations

12.3 Storage Status Mask

Table 608: Storage Status Mask enumerations

12.4 Object Class Mask

Table 609: Object Class Mask enumerations

13.1 Split Key Algorithms

There are three Split Key Methods for secret sharing: the first one is based on XOR, and the other two are based on polynomial secret sharing, according to [w1979].

Let L be the minimum number of bits needed to represent all values of the secret.

·       When the Split Key Method is XOR, then the Key Material in the Key Value of the Key Block is of length L bits. The number of split keys is Split Key Parts (identical to Split Key Threshold), and the secret is reconstructed by XORing all of the parts.

·       When the Split Key Method is Polynomial Sharing Prime Field, then secret sharing is performed in the field GF(Prime Field Size), represented as integers, where Prime Field Size is a prime bigger than 2^L.

·       When the Split Key Method is Polynomial Sharing GF(2¹⁶), then secret sharing is performed in the field GF(2¹⁶). The Key Material in the Key Value of the Key Block is a bit string of length L, and when L is bigger than 2¹⁶, then secret sharing is applied piecewise in pieces of 16 bits each. The Key Material in the Key Value of the Key Block is the concatenation of the corresponding shares of all pieces of the secret.

Secret sharing is performed in the field GF(2¹⁶), which is represented as an algebraic extension of GF(2⁸):

GF(2¹⁶) ≈ GF(2⁸) [y]/(y²+y+m),    where m is defined later.

An element of this field then consists of a linear combination uy + v, where u and v are elements of the smaller field GF(2⁸).

The representation of field elements and the notation in this section rely on [FIPS197], Sections 3 and 4. The field GF(2⁸) is as described in a format consistent with [FIPS197],

GF(2⁸) ≈ 285 - x⁸+x⁴+x³+x²+1.

An element of GF(2⁸) is represented as a byte. Addition and subtraction in GF(2⁸) is performed as a bit-wise XOR of the bytes. Multiplication and inversion are more complex (see [FIPS197] Section 4.1 and 4.2 for details).

An element of GF(2¹⁶) is represented as a pair of bytes (u, v). The element m is given by

m = x⁵+x⁴+x³+x,

which is represented by the byte 0x3A (or {3A} in notation according to [FIPS197]).

Addition and subtraction in GF(2¹⁶) both correspond to simply XORing the bytes. The product of two elements ry + s and uy + v  is given by

(ry + s) (uy + v) = ((r + s)(u + v) + sv)y  + (ru + svm).

The inverse of an element uy + v is given by

(uy + v)^-1 = ud^-1y + (u + v)d^-1,  where  d = (u + v)v + mu².

 

14.1 KMIP Client Implementation Conformance

An implementation is a conforming KMIP Client if the implementation meets the conditions specified in one or more client profiles specified in [KMIP-Prof].

A KMIP client implementation SHALL be a conforming KMIP Client.

If a KMIP client implementation claims support for a particular client profile, then the implementation SHALL conform to all normative statements within the clauses specified for that profile and for any subclauses to each of those clauses.

 

14.2 KMIP Server Implementation Conformance

An implementation is a conforming KMIP Server if the implementation meets the conditions specified in one or more server profiles specified in [KMIP-Prof].

A KMIP server implementation SHALL be a conforming KMIP Server.

If a KMIP server implementation claims support for a particular server profile, then the implementation SHALL conform to all normative statements within the clauses specified for that profile and for any subclauses to each of those clauses.

The following individuals have participated in the creation of this specification and are gratefully acknowledged:

Participants:

Rinkesh Bansal - IBM

Jeff Bartell - Individual

Gabriel Becker - KRYPTUS

Andre Bereza - KRYPTUS

Anthony Berglas - Cryptsoft Pty Ltd.

Mathias Bjorkqvist - IBM

Joseph Brand - Semper Fortis Solutions

Alan Brown - Thales e-Security

Andrew Byrne - Dell

Tim Chevalier - NetApp

Kenli Chong - QuintessenceLabs Pty Ltd.

Justin Corlett - Cryptsoft Pty Ltd.

Tony Cox - Cryptsoft Pty Ltd.

James Crossland - Northrop Grumman

Stephen Edwards - Semper Fortis Solutions

Stan Feather - Hewlett Packard Enterprise (HPE)

Indra Fitzgerald - Utimaco IS GmbH

Judith Furlong - Dell

Gary Gardner - Fornetix

Susan Gleeson - Oracle

Steve He - Thales e-Security

Christopher Hillier - Hewlett Packard Enterprise (HPE)

Tim Hudson - Cryptsoft Pty Ltd.

Nitin Jain - SafeNet, Inc.

Gershon Janssen - Individual

Mark Joseph - P6R, Inc

Paul Lechner - KeyNexus Inc

John Leiseboer - QuintessenceLabs Pty Ltd.

Jarrett Lu - Oracle

Jeff MacMillan - KeyNexus Inc

John Major - QuintessenceLabs Pty Ltd.

Cecilia Majorel - Quintessence Labs

Gabriel Mandaji - KRYPTUS

Jon Mentzell - Fornetix

Prashant Mestri - IBM

Kevin Mooney - Fornetix

Ladan Nekuii - Thales e-Security

Jason Novecosky - KeyNexus Inc

Matt O'reilly - Fornetix

Sanjay Panchal - IBM

Mahesh Paradkar - IBM

Steve Pate - Thales e-Security

Greg Pepus - Semper Fortis Solutions

Bruce Rich - Cryptsoft Pty Ltd.

Thad Roemer - Dyadic Security Ltd.

Thad Roemer - Unbound Tech

Greg Scott - Cryptsoft Pty Ltd.

Martin Shannon - QuintessenceLabs Pty Ltd.

Gerald Stueve - Fornetix

Jim Susoy - P6R, Inc

Jason Thatcher - Cryptsoft Pty Ltd.

Peter Tsai - Thales e-Security

Charles White - Fornetix

Steven Wierenga - Utimaco IS GmbH

Kyle Wuolle - KeyNexus Inc

The following abbreviations and acronyms are used in this document:

 

 

Figure 1: Cryptographic Object States and Transitions. 86

 

Table 1: Terminology. 16

Table 2: Minimum required Object attributes. 20

Table 3: Required User Aattributes. 20

Table 4: Required Group Attributes. 21

Table 5: Password Credential Structure. 21

Table 6: Password Credential Attributes. 22

Table 7: Device Credential Structure. 22

Table 8: Device Credential Attributes. 22

Table 9: One Time Password Credential Structure. 22

Table 10: One Time Password Credential Attributes. 23

Table 11: Hashed Password Credential Structure. 23

Table 12: Hashed Password Credential Attributes. 23

Table 13: Minimum required Certificate Object attributes. 24

Table 14: Certificate Object Structure. 24

Table 15: Minimum required Certificate Request Object attributes. 24

Table 16: Certificate Request Structure. 24

Table 17: Minimum required Opaque Object Object attributes. 25

Table 18: Opaque Object Structure. 25

Table 19: Minimum required PGP Key Object attributes. 25

Table 20: PGP Key Object Structure. 25

Table 21: Minimum required Private Key Object attributes. 26

Table 22: Private Key Object Structure. 26

Table 23: Minimum required Public Key Object attributes. 26

Table 24: Public Key Object Structure. 26

Table 25: Minimum required Secret Data Object attributes. 27

Table 26: Secret Data Object Structure. 27

Table 27: Minimum required Split Key Object attributes. 27

Table 28: Split Key Object Structure. 28

Table 29: Minimum required Symmetric Key Object attributes. 28

Table 30: Symmetric Key Object Structure. 28

Table 31: Key Block Cryptographic Algorithm & Length Description. 29

Table 32: Key Block Object Structure. 29

Table 33: Key Value Object Structure. 30

Table 34: Key Wrapping Data Structure Description. 30

Table 35: Key Wrapping Data Object Structure. 31

Table 36: Encryption Key Information Object Structure. 31

Table 37: MAC/Signature Key Information Object Structure. 31

Table 38: Key Material Object Structure for Transparent Symmetric Keys. 32

Table 39: Key Material Object Structure for Transparent DSA Private Keys. 32

Table 40: Key Material Object Structure for Transparent DSA Public Keys. 32

Table 41: Key Material Object Structure for Transparent RSA Private Keys. 33

Table 42: Key Material Object Structure for Transparent RSA Public Keys. 33

Table 43: Key Material Object Structure for Transparent DH Private Keys. 33

Table 44: Key Material Object Structure for Transparent DH Public Keys. 34

Table 45: Key Material Object Structure for Transparent EC Private Keys. 34

Table 46: Key Material Object Structure for Transparent EC Public Keys. 34

Table 47: Attribute Rules. 36

Table 48: Default Cryptographic Parameters. 36

Table 49: Activation Date Attribute. 36

Table 50: Activation Date Attribute Rules. 37

Table 51: Alternative Name Attribute Structure. 37

Table 52: Alternative Name Attribute Rules. 37

Table 53: Always Sensitive Attribute. 37

Table 54: Always Sensitive Attribute Rules. 38

Table 55: Application Specific Information Attribute. 38

Table 56: Application Specific Information Attribute Rules. 38

Table 57: Archive Date Attribute. 39

Table 58: Archive Date Attribute Rules. 39

Table 59: Certificate Attributes (Subject) 39

Table 60: Certificate Attributes (Issuer) 40

Table 61: Certificate Attribute Rules. 40

Table 62: Certificate Type Attribute. 40

Table 63: Certificate Type Attribute Rules. 41

Table 64: Certificate Length Attribute. 41

Table 65: Certificate Length Attribute Rules. 41

Table 66: Comment Attribute. 41

Table 67: Comment Rules. 42

Table 68: Compromise Date Attribute. 42

Table 69: Compromise Date Attribute Rules. 42

Table 70: Compromise Occurrence Date Attribute. 42

Table 71: Compromise Occurrence Date Attribute Rules. 43

Table 72: Contact Information Attribute. 43

Table 73: Contact Information Attribute Rules. 43

Table 74: Certify Counter Attribute. 44

Table 75: Certify Counter Attribute Rules. 44

Table 76: Decrypt Counter Attribute. 44

Table 77: Decrypt Counter Attribute Rules. 44

Table 78: Encrypt Counter Attribute. 45

Table 79: Encrypt Counter Attribute Rules. 45

Table 80: Sign Counter Attribute. 45

Table 81: Sign Counter Attribute Rules. 45

Table 82: Signature Verify Counter Attribute. 45

Table 83: Signature Verify Counter Attribute Rules. 46

Table 84: Credential Type Attribute. 46

Table 85: Credential Type Attribute Rules. 46

Table 86: Cryptographic Algorithm Attribute. 46

Table 87: Cryptographic Algorithm Attribute Rules. 47

Table 88: Cryptographic Domain Parameters Attribute Structure. 47

Table 89: Cryptographic Domain Parameters Attribute Rules. 47

Table 90: Cryptographic Length Attribute. 48

Table 91: Cryptographic Length Attribute Rules. 48

Table 92: Cryptographic Parameters Attribute Structure. 49

Table 93: Cryptographic Parameters Attribute Rules. 50

Table 94: Cryptographic Usage Mask Attribute. 50

Table 95: Cryptographic Usage Mask Attribute Rules. 50

Table 96: Deactivation Date Attribute. 51

Table 97: Deactivation Date Attribute Rules. 51

Table 98: Deactivation Reason Attribute. 51

Table 99: Deactivation Reason Attribute Rules. 51

Table 100: Description Attribute. 52

Table 101: Description Attribute Rules. 52

Table 102: Destroy Date Attribute. 52

Table 103: Destroy Date Attribute Rules. 52

Table 104: Digest Attribute Structure. 53

Table 105: Digest Attribute Rules. 53

Table 106: Digital Signature Algorithm Attribute. 53

Table 107: Digital Signature Algorithm Attribute Rules. 54

Table 108: Extractable Attribute. 54

Table 109: Extractable Attribute Rules. 54

Table 110: Fresh Attribute. 54

Table 111: Fresh Attribute Rules. 55

Table 112: Initial Date Attribute. 55

Table 113: Initial Date Attribute Rules. 55

Table 114: Key Format Type Attribute. 56

Table 115: Key Format Type Attribute Rules. 56

Table 116: Default Key Format Type, by Object 56

Table 117: Key Part Identifier Attribute. 56

Table 118: Key Part Identifier Rules. 57

Table 119: Key Value Location Attribute. 57

Table 120: Key Value Location Attribute Rules. 57

Table 121: Key Value Present Attribute. 57

Table 122: Key Value Present Attribute Rules. 58

Table 123: Last Change Date Attribute. 58

Table 124: Last Change Date Attribute Rules. 58

Table 125: Lease Time Attribute. 58

Table 126: Lease Time Attribute Rules. 59

Table 127: Linked Object Identifier encoding descriptions. 59

Table 128: Certificate Link Attribute. 60

Table 129: Certificate Link Attribute Rules. 60

Table 130: Certificate Request Link Attribute. 60

Table 131: Certificate Request Link Attribute Rules. 61

Table 132: Child Link Attribute. 61

Table 133: Child Link Attribute Rules. 61

Table 134: Credential Link Attribute. 62

Table 135: Credential Link Attribute Rules. 62

Table 136: Derivation Base Object Link Attribute. 62

Table 137: Derivation Base Object Link Attribute Rules. 62

Table 138: Derived Object Link Attribute. 63

Table 139: Derived Object Link Attribute Rules. 63

Table 140: Group Link Attribute. 63

Table 141: Group Link Attribute Rules. 63

Table 142: Joined Split Key Parts Link Attribute. 64

Table 143: Joined Split Key Parts Link Attribute Rules. 64

Table 144: Next Link Attribute. 64

Table 145: Next Link Attribute Rules. 64

Table 146: Parent Link Attribute. 65

Table 147: Parent Link Attribute Rules. 65

Table 148: Password Link Attribute. 65

Table 149: Password Link Attribute Rules. 65

Table 150: PKCS#12 Certificate Link Attribute. 66

Table 151: PKCS#12 Certificate Link Attribute Rules. 66

Table 152: PKCS#12 Password Link Attribute. 66

Table 153: PKCS#12 Password Link Attribute Rules. 66

Table 154: Previous Link Attribute. 67

Table 155: Previous Link Attribute Rules. 67

Table 156: Private Key Link Attribute. 67

Table 157: Private Key Link Attribute Rules. 67

Table 158: Public Link Attribute. 68

Table 159: Public Key Link Attribute Rules. 68

Table 160: Replaced Object Link Attribute. 68

Table 161: Replaced Object Link Attribute Rules. 69

Table 162: Replacement Object Link Attribute. 69

Table 163: Replacement Object Link Attribute Rules. 69

Table 164: Split Key Base Link Attribute. 69

Table 165: Split Key Base Link Attribute Rules. 70

Table 166: Wrapping Key Link Attribute. 70

Table 167: Wrapping Key Link Attribute Rules. 70

Table 168: Name Attribute. 70

Table 169: Name Attribute Rules. 71

Table 170: Never Extractable Attribute. 71

Table 171: Never Extractable Attribute Rules. 71

Table 172 SP800-57 Key Type Attribute. 71

Table 173 SP800-57 Key Type Attribute Rules. 72

Table 174: Object Class Attribute. 72

Table 175: Object Class Attribute Rules. 72

Table 176: Object Type Attribute. 72

Table 177: Object Type Attribute Rules. 73

Table 178: Opaque Data Type Attribute. 73

Table 179: Opaque Data Type Attribute Rules. 73

Table 180: Original Creation Date Attribute. 74

Table 181: Original Creation Date Attribute Rules. 74

Table 182: OTP Counter Attribute. 74

Table 183: OTP Counter Attribute Rules. 74

Table 184: PKCS#12 Friendly Name Attribute. 75

Table 185: Friendly Name Attribute Rules. 75

Table 186: Process Start Date Attribute. 75

Table 187: Process Start Date Attribute Rules. 75

Table 188: Protect Stop Date Attribute. 76

Table 189: Protect Stop Date Attribute Rules. 76

Table 190: Protection Level Attribute. 76

Table 191: Protection Level Attribute Rules. 76

Table 192: Protection Period Attribute. 77

Table 193: Protection Period Attribute Rules. 77

Table 194: Protection Storage Mask. 77

Table 195: Protection Storage Mask Rules. 77

Table 196: Quantum Safe Attribute. 77

Table 197: Quantum Safe Attribute Rules. 78

Table 198: Random Number Generator Attribute. 78

Table 199: Random Number Generator Attribute Rules. 79

Table 200: Revocation Reason Attribute Structure. 79

Table 201: Revocation Reason Attribute Rules. 79

Table 202: Rotate Automatic Attribute. 80

Table 203: Rotate Automatic Attribute Rules. 80

Table 204: Rotate Date Attribute. 80

Table 205: Rotate Date Attribute Rules. 80

Table 206: Rotate Generation Attribute. 80

Table 207: Rotate Generation Attribute Rules. 81

Table 208: Rotate Interval Attribute. 81

Table 209: Rotate Interval Attribute Rules. 81

Table 210: Rotate Latest Attribute. 81

Table 211: Rotate Latest Attribute Rules. 82

Table 212: Rotate Name Attribute. 82

Table 213: Rotate Name Attribute Rules. 82

Table 214: Rotate Offset Attribute. 82

Table 215: Rotate Offset Attribute Rules. 83

Table 216: Sensitive Attribute. 83

Table 217: Sensitive Attribute Rules. 83

Table 218: Unique Identifier Attribute. 84

Table 219: Short Unique Identifier Attribute Rules. 84

Table 220: Split Key Polynomial Attribute. 84

Table 221: Split Key Polynomial Rules. 84

Table 222: Split Key Method Attribute. 85

Table 223: Split Key Method Rules. 85

Table 224: Split Key Parts Attribute. 85

Table 225: Split Key Parts Rules. 85

Table 226: Split Key Threshold Attribute. 85

Table 227: Split Key Threshold Rules. 86

Table 228: State Attribute. 88

Table 229: State Attribute Rules. 88

Table 230: Unique Identifier encoding descriptions. 89

Table 231: Unique Identifier Attribute. 89

Table 232: Unique Identifier Attribute Rules. 89

Table 233: Usage Limits Descriptions. 90

Table 234: Usage Limits Attribute Rules. 90

Table 235: Attribute Object Structure. 91

Table 236: X.509 Certificate Identifier Attribute Structure. 91

Table 237: X.509 Certificate Identifier Attribute Rules. 91

Table 238: X.509 Certificate Issuer Attribute Structure. 92

Table 239: X.509 Certificate Issuer Attribute Rules. 92

Table 240: X.509 Certificate Subject Attribute Structure. 93

Table 241: X.509 Certificate Subject Attribute Rules. 93

Table 242: Attributes Definition. 94

Table 243: Common Attributes Definition. 94

Table 244: Private Key Attributes Definition. 94

Table 245: Public Key Attributes Definition. 95

Table 246: Attribute Reference Definition. 95

Table 247: Current Attribute Definition. 95

Table 248: New Attribute Definition. 95

Table 249: Activate Request Payload. 97

Table 250: Activate Response Payload. 97

Table 251: Activate Errors. 97

Table 252: Add Attribute Request Payload. 98

Table 253: Add Attribute Response Payload. 98

Table 254: Add Attribute Errors. 98

Table 255: Adjust Attribute Request Payload. 99

Table 256: Adjust Attribute Response Payload. 99

Table 257: Adjust Attribute Errors. 99

Table 258: Archive Request Payload. 99

Table 259: Archive Response Payload. 100

Table 260: Archive Errors. 100

Table 261: Cancel Request Payload. 100

Table 262: Cancel Response Payload. 100

Table 263: Cancel Errors. 100

Table 264: Certify Request Payload. 101

Table 265: Certify Response Payload. 101

Table 266: Certify Errors. 102

Table 267: Check value description. 102

Table 268: Check Request Payload. 103

Table 269: Check Response Payload. 103

Table 270: Check Errors. 103

Table 271: Create Request Payload. 104

Table 272: Create Response Payload. 104

Table 273: Create Errors. 104

Table 274: Create Credential Request Payload. 105

Table 275: Create Credential Response Payload. 105

Table 276: Create Credential Errors. 105

Table 277: Create Group Request Payload. 105

Table 278: Create Group Response Payload. 106

Table 279: Create Group Errors. 106

Table 280: Create Key Pair Request Payload. 107

Table 281: Create Key Pair Response Payload. 107

Table 282: Create Key Pair Attribute Requirements. 108

Table 283: Create Key Pair Errors. 108

Table 284: Create Split Key Request Payload. 109

Table 285: Create Split Key Response Payload. 109

Table 286: Create Split Key Errors. 109

Table 287: Create User Request Payload. 110

Table 288: Create User Response Payload. 110

Table 289: Create User Errors. 110

Table 290: Deactivate Request Payload. 110

Table 291: Deactivate Response Payload. 111

Table 292: Deactivate Errors. 111

Table 293: Decrypt Request Payload. 112

Table 294: Decrypt Response Payload. 112

Table 295: Decrypt Errors. 113

Table 296: Delegated Login Request Payload. 113

Table 297: Delegated Login Response Payload. 113

Table 298: Delegated Login Errors. 114

Table 299: Delete Attribute Request Payload. 114

Table 300: Delete Attribute Response Payload. 114

Table 301: Delete Attribute Errors. 114

Table 302: Derive Key Request Payload. 115

Table 303: Derive Key Response Payload. 115

Table 304: Derive Key Errors. 116

Table 305: Destroy Request Payload. 116

Table 306: Destroy Response Payload. 116

Table 307: Destroy Errors. 116

Table 308: Discover Versions Request Payload. 117

Table 309: Discover Versions Response Payload. 117

Table 310: Discover Versions Errors. 117

Table 311: Encrypt Request Payload. 118

Table 312: Encrypt Response Payload. 119

Table 313: Encrypt Errors. 119

Table 314: Export Request Payload. 120

Table 315: Export Response Payload. 120

Table 316: Export Errors. 120

Table 317: Get Request Payload. 121

Table 318: Get Response Payload. 121

Table 319: Get Errors. 122

Table 320: Get Attributes Request Payload. 122

Table 321: Get Attributes Response Payload. 122

Table 322: Get Attributes Errors. 123

Table 323: Get Attribute List Request Payload. 123

Table 324: Get Attribute List Response Payload. 123

Table 325: Get Attribute List Errors. 123

Table 326: Get Constraints Request Payload. 124

Table 327: Get Constraints Response Payload. 124

Table 328: Get Constraints Errors. 124

Table 329: Get Usage Allocation Request Payload. 125

Table 330: Get Usage Allocation Response Payload. 125

Table 331: Get Usage Allocation Errors. 125

Table 332: Hash Request Payload. 126

Table 333: Hash Response Payload. 126

Table 334: HASH Errors. 126

Table 335: Import Request Payload. 127

Table 336: Import Response Payload. 127

Table 337: Import Errors. 127

Table 338: Interop Request Payload. 128

Table 339: Interop Response Payload. 128

Table 340: Interop Errors. 128

Table 341: Join Split Key Request Payload. 129

Table 342: Join Split Key Response Payload. 129

Table 343: Join Split Key Errors. 129

Table 344: Locate Request Payload. 131

Table 345: Locate Response Payload. 131

Table 346: Locate Errors. 132

Table 347: Log Request Payload. 132

Table 348: Log Response Payload. 132

Table 349: Log Errors. 132

Table 350: Login Request Payload. 133

Table 351: Login Response Payload. 133

Table 352: Login Errors. 133

Table 353: Logout Request Payload. 133

Table 354: Logout Response Payload. 133

Table 355: Logout Errors. 134

Table 356: MAC Request Payload. 134

Table 357: MAC Response Payload. 135

Table 358: MAC Errors. 135

Table 359: MAC Verify Request Payload. 136

Table 360: MAC Verify Response Payload. 136

Table 361: MAC Verify Errors. 137

Table 362: Modify Attribute Request Payload. 137

Table 363: Modify Attribute Response Payload. 137

Table 364: Modify Attribute Errors. 138

Table 365: Obliterate Request Payload. 138

Table 366: Obliterate Response Payload. 138

Table 367: Obliterate Errors. 138

Table 368: Obtain Lease Request Payload. 139

Table 369: Obtain Lease Response Payload. 139

Table 370: Obtain Lease Errors. 139

Table 371: Ping Request Payload. 139

Table 372: Ping Response Payload. 140

Table 373: PKCS#11 Request Payload. 140

Table 374: PKCS#11 Response Payload. 140

Table 375: PKCS#11 Errors. 141

Table 376: Poll Request Payload. 141

Table 377: Poll Errors. 141

Table 378: Process Request Payload. 142

Table 379: Process Response Payload. 142

Table 380: Process Request Errors. 142

Table 381: Query Functions. 143

Table 382: Query Request Payload. 144

Table 383: Query Response Payload. 144

Table 384: Query Errors. 145

Table 385: Query Asynchronous Requests Request Payload. 145

Table 386: PKCS#11 Response Payload. 145

Table 387: Query Asynchronous Requests Errors. 145

Table 388: Recover Request Payload. 146

Table 389: Recover Response Payload. 146

Table 390: Recover Errors. 146

Table 391: Register Request Payload. 147

Table 392: Register Response Payload. 147

Table 393: Register Attribute Requirements. 147

Table 394: Register Errors. 148

Table 395: Revoke Request Payload. 148

Table 396: Revoke Response Payload. 148

Table 397: Revoke Errors. 149

Table 398: Computing New Dates from Offset during Re-certify. 149

Table 399: Re-certify Attribute Requirements. 150

Table 400: Re-certify Request Payload. 150

Table 401: Re-certify Response Payload. 150

Table 402: Re-certify Errors. 151

Table 403: Computing New Dates from Offset during Re-key. 151

Table 404: Re-key Attribute Requirements. 152

Table 405: Re-key Request Payload. 152

Table 406: Re-key Response Payload. 152

Table 407: Re-key Errors. 153

Table 408: Computing New Dates from Offset during Re-key Key Pair 153

Table 409: Re-key Key Pair Attribute Requirements. 154

Table 410: Re-key Key Pair Request Payload. 154

Table 411: Re-key Key Pair Response Payload. 155

Table 412: Re-key Key Pair Errors. 155

Table 413: Re-Provision Request Payload. 156

Table 414: Re-Provision Response Payload. 156

Table 415: RNG Retrieve Errors. 156

Table 416: RNG Retrieve Request Payload. 156

Table 417: RNG Retrieve Response Payload. 156

Table 418: RNG Retrieve Errors. 157

Table 419: RNG Seed Request Payload. 157

Table 420: RNG Seed Response Payload. 157

Table 421: RNG Seed Errors. 157

Table 422: Set Attribute Request Payload. 158

Table 423: Set Attribute Response Payload. 158

Table 424: Set Attribute Errors. 158

Table 425: Set Constraints Request Payload. 158

Table 426: Set Constraints Response Payload. 159

Table 427: Set Constraints Errors. 159

Table 428: Set Defaults Request Payload. 159

Table 429: Set Defaults Response Payload. 159

Table 430: Set Defaults Errors. 159

Table 431: Set Endpoint Role Request Payload. 160

Table 432: Set Endpoint Role Response Payload. 160

Table 433: Set Endpoint Role Errors. 160

Table 434: Sign Request Payload. 161

Table 435: Sign Response Payload. 162

Table 436: Sign Errors. 162

Table 437: Signature Verify Request Payload. 163

Table 438: Signature Verify Response Payload. 164

Table 439: Signature Verify Errors. 164

Table 440: Validate Request Payload. 165

Table 441: Validate Response Payload. 165

Table 442: Validate Errors. 165

Table 443: Discover Versions Request Payload. 166

Table 444: Discover Versions Errors. 166

Table 445: Notify Message Errors. 167

Table 446: Put Errors. 168

Table 447: Query Request Payload. 169

Table 448: Query Errors. 170

Table 449: Set Endpoint Role Request Payload. 170

Table 450: Set Endpoint Role Response Payload. 170

Table 451: Set Endpoint Role Errors. 171

Table 452 Asynchronous Correlation Values Structure. 172

Table 453 Asynchronous Request Structure. 172

Table 454 Authenticated Encryption Additional Data. 172

Table 455 Authenticated Encryption Tag. 172

Table 456: Capability Information Structure. 173

Table 457: Constraint Structure. 173

Table 458: Constraints Structure. 173

Table 459: Correlation Value Structure. 174

Table 460: Credential Information Structure. 174

Table 461: Data encoding descriptions. 174

Table 462: Data. 174

Table 463: Data Length Structure. 174

Table 464: Defaults Information Structure. 175

Table 465: Derivation Parameters Structure. 175

Table 466: Extension Information Structure. 176

Table 467: Final Indicator Structure. 176

Table 468: Interop Function Structure. 176

Table 469: Interop Function Structure. 177

Table 470: Init Indicator Structure. 177

Table 471: Key Wrapping Specification Object Structure. 178

Table 472: Log Message Structure. 178

Table 473: MAC Data Structure. 178

Table 474: Objects Structure. 178

Table 475: Object Defaults Structure. 179

Table 476: Object Groups Structure. 179

Table 477: ObjectTypes Structure. 179

Table 478: Operations Structure. 179

Table 479: PKCS#11 Function Structure. 179

Table 480: PKCS#11 Input Parameters Structure. 180

Table 481: PKCS#11 Interface Structure. 180

Table 482: PKCS#11 Output Parameters Structure. 180

Table 483: PKCS#11 Return Code Structure. 180

Table 484: Profile Information Structure. 181

Table 485: Profile Version Structure. 181

Table 486: Protection Storage Mask Structure. 181

Table 487: Right Structure. 182

Table 488: Rights Structure. 182

Table 489: RNG Parameters Structure. 182

Table 490: Server Information Structure. 183

Table 491: Signature Data Structure. 183

Table 492: Ticket Structure. 183

Table 493: Usage limits Structure. 184

Table 494: Validation Information Structure. 184

Table 495: Request Message Structure. 185

Table 496: Request Header Structure. 186

Table 497: Request Batch Item Structure. 186

Table 498: Response Message Structure. 186

Table 499: Response Header Structure. 187

Table 500: Response Batch Item Structure. 187

Table 501: Asynchronous Correlation Value in Response Batch Item.. 188

Table 502: Asynchronous Indicator in Message Request Header 188

Table 503: Attestation Capable Indicator in Message Request Header 188

Table 504: Authentication Structure in Message Header 189

Table 505: Batch Error Continuation Option in Message Request Header 189

Table 506: Batch Item in Message. 189

Table 507: Client Correlation Value in Message Request Header 189

Table 508: Server Correlation Value in Message Request Header 189

Table 509: Credential Object Structure. 190

Table 510: Credential Value Structure for the Username and Password Credential 190

Table 511: Credential Value Structure for the Device Credential 190

Table 512: Credential Value Structure for the Attestation Credential 191

Table 513: Credential Value Structure for the One Time Password Credential 191

Table 514: Credential Value Structure for the Hashed Password Credential 191

Table 515: Credential Value Structure for the Ticket 191

Table 516: Maximum Response Size in Message Request Header 192

Table 517: Message Extension Structure in Batch Item.. 192

Table 518: Nonce Structure. 192

Table 519: Operation in Batch Item.. 193

Table 520: Protocol Version Structure in Message Header 193

Table 521: Result Message in Response Batch Item.. 193

Table 522: Result Reason in Response Batch Item.. 193

Table 523: Result Status in Response Batch Item.. 194

Table 524: Time Stamp in Message Header 194

Table 525: Item Types. 196

Table 526: Allowed Item Length Values. 196

Table 527: Adjustment Type Descriptions. 198

Table 528: Adjustment Type Enumeration. 198

Table 529: Alternative Name Type Enumeration. 198

Table 530: Asynchronous Indicator Descriptions. 199

Table 531: Asynchronous Indicator Enumeration. 199

Table 532: Attestation Type Enumeration. 199

Table 533: Batch Error Continuation Option Descriptions. 200

Table 534: Batch Error Continuation Option Enumeration. 200

Table 535: Block Cipher Mode Enumeration. 201

Table 536: Cancellation Result Enumeration Descriptions. 201

Table 537: Cancellation Result Enumeration. 201

Table 538: Certificate Request Type Enumeration. 202

Table 539: Certificate Type Enumeration. 202

Table 540: Client Registration Method Enumeration Descriptions. 202

Table 541: Client Registration Method Enumerations. 203

Table 542: Credential Type Enumeration. 203

Table 543: Cryptographic Algorithm Enumeration. 205

Table 544: Data Enumeration. 205

Table 545: Deactivation Reason Code Enumeration. 205

Table 546: Derivation Method Enumeration Descriptions. 206

Table 547: Derivation Method Enumeration. 206

Table 548: Destroy Action Enumeration. 207

Table 549: Digital Signature Algorithm Enumeration. 207

Table 550: DRGB Algorithm Enumeration. 208

Table 551: Encoding Option Description. 208

Table 552: Encoding Option Enumeration. 208

Table 553: Endpoint Role Description. 208

Table 554: Endpoint Role Enumeration. 209

Table 555: FIPS186 Variation Enumeration. 209

Table 556: Hashing Algorithm Enumeration. 210

Table 557: Interop Function Descriptions. 210

Table 558: Interop Function Enumeration. 211

Table 559: Item Type Descriptions. 211

Table 560: Item Type Enumeration. 212

Table 561: Key Compression Type Enumeration values. 212

Table 562: Key Format Types Description. 212

Table 563: Key Format Type Enumeration. 213

Table 564: Key Role Type Enumeration. 214

Table 565: Key Value Location Type Enumeration. 214

Table 566: Key Wrap Enumeration. 214

Table 567: Name Type Enumeration. 215

Table 568:  NIST Key Type Enumeration. 216

Table 569: Object Class Enumeration. 216

Table 570: Object Type Enumeration. 216

Table 571: Opaque Data Type Enumeration. 217

Table 572: Operation Enumeration. 218

Table 573: OTP Algorithm Description. 219

Table 574: OTP Algorithm Enumeration. 219

Table 575: Padding Method Enumeration. 219

Table 576: Processing Stage Enumeration. 220

Table 577: Profile Name Enumeration. 221

Table 578: Protection Level Enumeration. 221

Table 579: Put Function Enumeration. 221

Table 580: Query Function Enumeration. 222

Table 581: Recommended Curve Enumeration for ECDSA, ECDH, and ECMQV. 224

Table 582: Result Reason Encoding Descriptions. 228

Table 583: Result Reason Enumeration. 230

Table 584: Result Status Enumeration. 230

Table 585: Revocation Reason Code Enumeration. 231

Table 586: RNG Algorithm Enumeration. 231

Table 587: RNG Mode Enumeration. 231

Table 588: Secret Data Type Enumeration. 231

Table 589: Shredding Algorithm Enumeration. 232

Table 590: Split Key Method Enumeration. 232

Table 591: Split Key Polynomial Enumeration. 232

Table 592: State Enumeration. 232

Table 593: Tag Enumeration. 245

Table 594: Ticket Type Enumeration. 245

Table 595: Unique Identifier Enumeration. 246

Table 596: Unwrap Mode Enumeration. 246

Table 597: Usage Limits Unit Enumeration. 247

Table 598: Validity Indicator Enumeration. 247

Table 599: Key Wrapping Methods Description. 247

Table 600: Wrapping Method Enumeration. 248

Table 601: Validation Authority Type Enumeration. 248

Table 602: Validation Type Enumeration. 248

Table 603: Cryptographic Usage Masks Description. 250

Table 604: Cryptographic Usage Mask enumerations. 250

Table 605: Protection Storage Mask enumerations. 251

Table 606: Storage Status Mask enumerations. 251

Table 607: Object Class Mask enumerations. 251

 

Revision	Date	Editor	Changes Made
WD01	04 May 2020	Tony Cox	Initial Working Draft
WD02	18 June 2020	Tony Cox	- Added approved spec-delta from Name Representation proposal - Added approved spec-delta from Link Representation - Added new section for Links and references
WD03	14 August 2020	Tony Cox	- Added approved spec-delta from Miscellaneous (batch) proposal - Added approved spec-delta from Automation Architecture proposal - Added approved spec-delta from Split Key (Polynomial) Proposal - Added approved spec-delta from Name Lifecycle Proposal - Added approved spec-delta from Grouping Objects Proposal - Moved Links and References section
WD04	28 August 2020	Tony Cox	- Added approved spec-delta from Obliterate proposal - Removed redundant content from “Link” (result of adding “Links” attribute)
WD05	10 August 2020	Tony Cox	- General editorial cleanup - Added missing table references - Added approved spec-delta from Hierarchy of Groups Proposal
WD06	6 October 2020	Tony Cox	- Added approved spec-delta from User Credential Proposal
WD07	23 October 2020	Tony Cox	- Corrected formatting error introduced in WD06 - Added approved spec-delta from Client Mutual Authentication Proposal - Added approved spec-delta updated from User Credential Proposal
WD08	18 December 2020	Tony Cox	- Amended Derive Key operation (previous text was incorrect for some key derivation processes) - Added missing Unique Identifier Enumerations - Corrected broken reference in §9.6 - Added approved spec-delta from Revoke & Deactivate Proposal
WD09	4 January 2021	Tony Cox	- Added Group Link enumeration - Added Tag for Split Key Polynomial
WD10	10 March 2021	Tony Cox	- Clarified Ephemeral payload return - Corrected error in Object Class - Corrected error in Object Class Attribute - Other minor corrections
WD11	24 March 2021	Tony Cox	- Added Object Class Mask - Increased reserved space for Protection Storage Masks - Increased reserved space for Storage Masks
WD12	15 July 2021	Tony Cox	- Corrected Certificate Attributes - Added missing Link Attributes inc. tags   - Certificate Request Link   - Joined Split Key Link   - Split Key Base Link - Corrected Object Class references
WD13	13 August 2021	Tony Cox	- Corrected unique identifier referencing - Corrected Split Key Base Link syntax - Corrected errors in Extractable and Sensitive attributes - Added Counters - Added client-provided UUID
WD14	16 June 2022	Greg Scott	-        Update Chair and Editor details -        Removed Counter Type Enumeration -        Removed Link Type Enumeration -        Updated all old Link references to use the new Link attributes -        Align prose in Re-certify with Certify for updates related to the Certificate Request object
WD15	7 September 2023	Greg Scott	-        Deactivation Reason and Revocation Reason can be omitted -        Clarification on Hashed Password initialization -        Ephemeral Enumeration added -        IDPlaceHolder changes added -        Credential Type is now required on Create Credential for consistency -        Added clarifying statement to Cryptographic Usage Mask noting that State must be checked
WD16	23 August 2024	Greg Scott	-        Added NIST FIPS203, 204, 205 algorithms -        Additional updates from Sept 2023 testing o   Unique Identifier UUID recommendation o   Lease Time is a mandatory attribute o   Unique Identifier expansion on Identifier/Reference/NameReference o   Attribute Name do-not-trim note o   Note Interop operation usage of an Interop Identifier of “*” for general cleanup during interoperability testing

 

Copyright © OASIS Open 2024. All Rights Reserved.

All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website: [https://www.oasis-open.org/policies-guidelines/ipr/].

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.

This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. OASIS AND ITS MEMBERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THIS DOCUMENT OR ANY PART THEREOF.

As stated in the OASIS IPR Policy, the following three paragraphs in brackets apply to OASIS Standards Final Deliverable documents (Committee Specifications, OASIS Standards, or Approved Errata).

[OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Standards Final Deliverable, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this deliverable.]

[OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this OASIS Standards Final Deliverable by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this OASIS Standards Final Deliverable. OASIS may include such claims on its website, but disclaims any obligation to do so.]

[OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this OASIS Standards Final Deliverable or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Standards Final Deliverable, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.]

The name "OASIS" is a trademark of OASIS, the owner and developer of this document, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, documents, while reserving the right to enforce its marks against misleading uses. Please see https://www.oasis-open.org/policies-guidelines/trademark/ for above guidance.