KMIP Conformance

The CORE server accepts KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server messages encoded using TTLV or JSON  HTTPS profile. In particular, it accepts KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server client requests on the TCP/IP port 5696 supporting the following payload formats:

The OASIS Key Management Interoperability Protocol (KMIP) is a network protocol. It defines the content, structure, and semantics of the messages transferred between the KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server client and server. CORE supports KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server version V1.4 and is backward compatible with V1.x clients.
See:

Supported KMIP Objects

CORE Server supports the following KMIP Objects:

Supported KMIP Attributes

CORE Server supports the following KMIP Attributes:

Attribute KMIP Spec Get Add Modify Delete Notes
Unique Identifier 3.1        
Name 3.2 1
Object Type 3.3        
Cryptographic Algorithm 3.4        
Cryptographic Length 3.5        
Cryptographic Parameters 3.6       2
State 3.22        
Activation Date 3.24        
Deactivation Date 3.27        
Link 3.35 3
Application-specific Information 3.36  
Contact Information 3.37  

Notes:

  1. Uninterpreted Text String only.
  2. Scope: XTS cipher mode of AES only.
  3. The following link types: Private Key Link, Certificate Link, Replacement Object Link, Replaced Object Link. Cannot change Private Key Link and Certificate Link.

Supported KMIP Operations

CORE Server supports the following KMIP Client to Server Operations:

Note
Applicable if the Export property is enabled in the materials' Cryptographic Usage Mask - see [KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 3.19.

CORE Server supports the following additional KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server features:

  1. ID Placeholder ([KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 4)
  2. Message Format ([KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 7)
  3. AuthenticationClosedProcess used to achieve sufficient confidence in the binding between the Entity and the presented Identity. ([KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 8) (using client certificate and credentials)
  4. TTLV encoding ([KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 9.1)
  5. Note
    AES keys may be used with the following Format Types (see [KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 9.1.3.2.3): Raw or TransparentSymmetric. Any other format type results in an error.
    Default: Raw.

  6. JSON Encoding
  7. Transport Requirements ([KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 10)
  8. Error Handling ([KMIPClosedKey Management Interoperability Protocol - an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server-SPEC] 11) for any supported object, attribute, or operation

Supported KMIP Enumerations

Supported Elliptic Curves

See Recommended Curve Enumeration.

P-256, P-384, P-521, SECP256K1, CURVE25519, CURVE448

Supported Cryptographic Algorithm

See Cryptographic Algorithm Enumeration.

Supported Block Cipher Mode

See Block Cipher Mode Enumeration.

  • CBC
  • ECB
  • CFB
  • OFB
  • CTR
  • CMAC
  • GCM
  • CCM
  • AESKeyWrapPadding
  • NISTKeyWrap
  • AEAD