Key Management Interoperability Protocol Specification Version 1.1

More documents

Recommendations

Info

6263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113[PKCS#10] RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard, May26, 2000, http://www.rsa.com/rsalabs/node.asp?id=2132[RFC1319] B. Kaliski, The MD2 Message-Digest Algorithm, IETF RFC 1319, Apr 1992,http://www.ietf.org/rfc/rfc1319.txt[RFC1320] R. Rivest, The MD4 Message-Digest Algorithm, IETF RFC 1320, Apr 1992,http://www.ietf.org/rfc/rfc1320.txt[RFC1321] R. Rivest, The MD5 Message-Digest Algorithm, IETF RFC 1321, Apr 1992,http://www.ietf.org/rfc/rfc1321.txt[RFC1421] J. Linn, Privacy Enhancement for Internet Electronic Mail: Part I: MessageEncryption and Authentication Procedures, IETF RFC 1421, Feb 1993,http://www.ietf.org/rfc/rfc1421.txt[RFC1424] B. Kaliski, Privacy Enhancement for Internet Electronic Mail: Part IV: KeyCertification and Related Services, IETF RFC 1424, Feb 1993,http://www.ietf.org/rfc/rfc1424.txt[RFC2104] H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-Hashing for MessageAuthentication, IETF RFC 2104, Feb 1997, http://www.ietf.org/rfc/rfc2104.txt[RFC2119] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels,http://www.ietf.org/rfc/rfc2119.txt, IETF RFC 2119, March 1997.[RFC 2246] T. Dierks and C. Allen, The TLS Protocol, Version 1.0, IETF RFC 2246, Jan1999, http://www.ietf.org/rfc/rfc2246.txt[RFC2898] B. Kaliski, PKCS #5: Password-Based Cryptography Specification Version 2.0,IETF RFC 2898, Sep 2000, http://www.ietf.org/rfc/rfc2898.txt[RFC 3394] J. Schaad, R. Housley, Advanced Encryption Standard (AES) Key WrapAlgorithm, IETF RFC 3394, Sep 2002, http://www.ietf.org/rfc/rfc3394.txt[RFC3447] J. Jonsson, B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSACryptography Specifications Version 2.1, IETF RFC 3447, Feb 2003,http://www.ietf.org/rfc/rfc3447.txt[RFC3629] F. Yergeau, UTF-8, a transformation format of ISO 10646, IETF RFC 3629, Nov2003, http://www.ietf.org/rfc/rfc3629.txt[RFC3647] S. Chokhani, W. Ford, R. Sabett, C. Merrill, and S. Wu, Internet X.509 Public KeyInfrastructure Certificate Policy and Certification Practices Framework, IETF RFC3647, Nov 2003, http://www.ietf.org/rfc/rfc3647.txt[RFC4055] J. Schadd, B. Kaliski, and R, Housley, Additional Algorithms and Identifiersfor RSA Cryptography for use in the Internet X.509 Public Key InfrastructureCertificate and Certificate Revocation List (CRL) Profile, IETF RFC 4055, June2055, http://www.ietf.org/rfc/rfc4055.txt[RFC4210] C. Adams, S. Farrell, T. Kause and T. Mononen, Internet X.509 Public KeyInfrastructure Certificate Management Protocol (CMP), IETF RFC 2510, Sep2005, http://www.ietf.org/rfc/rfc4210.txt[RFC4211] J. Schaad, Internet X.509 Public Key Infrastructure Certificate Request MessageFormat (CRMF), IETF RFC 4211, Sep 2005, http://www.ietf.org/rfc/rfc4211.txt[RFC4868] S. Kelly, S. Frankel, Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec, IETF RFC 4868, May 2007, http://www.ietf.org/rfc/rfc4868.txt[RFC4880] J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer, OpenPGPMessage Format, IETF RFC 4880, Nov 2007, http://www.ietf.org/rfc/rfc4880.txt[RFC4949] R. Shirey, Internet Security Glossary, Version 2, IETF RFC 4949, Aug 2007,http://www.ietf.org/rfc/rfc4949.txt[RFC5272] J. Schaad and M. Meyers, Certificate Management over CMS (CMC), IETF RFC5272, Jun 2008, http://www.ietf.org/rfc/rfc5272.txt[RFC5280] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, InternetX.509 Public Key Infrastructure Certificate, IETF RFC 5280, May 2008,http://www.ietf.org/rfc/rfc5280.txtkmip-spec-v1.1-cos01 21 September 2012Standards Track Work Product Copyright © OASIS Open 2012. All Rights Reserved. Page 12 of 164
114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167[RFC5649] R. Housley, Advanced Encryption Standard (AES) Key Wrap with PaddingAlgorithm, IETF RFC 5649, Aug 2009, http://www.ietf.org/rfc/rfc5649.txt[SHAMIR1979] A. Shamir, How to share a secret, Communications of the ACM, vol. 22, no. 11,pp. 612-613, Nov 1979[SP800-38A] M. Dworkin, Recommendation for Block Cipher Modes of Operation – Methodsand Techniques, NIST Special Publication 800-38A, Dec 2001,http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf[SP800-38B] M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CMACMode for Authentication, NIST Special Publication 800-38B, May 2005,http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf[SP800-38C] M. Dworkin, Recommendation for Block Cipher Modes of Operation: the CCMMode for Authentication and Confidentiality, NIST Special Publication 800-38C,May 2004, http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf[SP800-38D] M. Dworkin, Recommendation for Block Cipher Modes of Operation:Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D, Nov2007, http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf[SP800-38E] M. Dworkin, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices, NIST SpecialPublication 800-38E, Jan 2010, http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf[SP800-56A] E. Barker, D. Johnson, and M. Smid, Recommendation for Pair-Wise KeyEstablishment Schemes Using Discrete Logarithm Cryptography (Revised), NISTSpecial Publication 800-56A, Mar 2007,http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf[SP800-56B] E. Barker, L. Chen, A. Regenscheid, and M. Smid, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography,NIST Special Publication 800-56B, Aug 2009,http://csrc.nist.gov/publications/nistpubs/800-56B/sp800-56B.pdf[SP800-57-1] E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, Recommendations for KeyManagement - Part 1: General (Revised), NIST Special Publication 800-57 part1, Mar 2007, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf[SP800-67] W. Barker, Recommendation for the Triple Data Encryption Algorithm (TDEA)Block Cipher, NIST Special Publication 800-67, Version 1.1, Revised 19 May2008, http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf[SP800-108] L. Chen, Recommendation for Key Derivation Using Pseudorandom Functions(Revised), NIST Special Publication 800-108, Oct 2009,http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf[X.509]International Telecommunication Union (ITU)–T, X.509: Information technology– Open systems interconnection – The Directory: Public-key and attributecertificate frameworks, Aug 2005, http://www.itu.int/rec/T-REC-X.509-200508-I/en[X9.24-1] ANSI, X9.24 - Retail Financial Services Symmetric Key Management - Part 1:Using Symmetric Techniques, 2004.[X9.31]ANSI, X9.31:Digital Signatures Using Reversible Public Key Cryptography for theFinancial Services Industry (rDSA), Sep 1998.[X9.42]ANSI, X9-42: Public Key Cryptography for the Financial Services Industry:Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, 2003.[X9-57]ANSI, X9-57: Public Key Cryptography for the Financial Services Industry:Certificate Management, 1997.[X9.62]ANSI, X9-62: Public Key Cryptography for the Financial Services Industry, TheElliptic Curve Digital Signature Algorithm (ECDSA), 2005.kmip-spec-v1.1-cos01 21 September 2012Standards Track Work Product Copyright © OASIS Open 2012. All Rights Reserved. Page 13 of 164
Page 1 and 2: Key Management InteroperabilityProt
Page 3 and 4: NoticesCopyright © OASIS Open 2012
Page 5 and 6: 3.18.1 Operations outside of operat
Page 7 and 8: 11.8 Certify ......................
Page 9: sanction to perform a security func
Page 15 and 16: 18818919019119219319419519619719819
Page 17 and 18: 23723823924024124224324424524624724
Page 19 and 20: 28628728828929029129229329429529629
Page 21 and 22: Value SHALL be TTLVencoded.32632732
Page 23 and 24: Object Encoding REQUIREDKey Materia
Page 25 and 26: 3763773782.1.7.11 Transparent ECDH
Page 27 and 28: Object Encoding REQUIREDSymmetric K
Page 29 and 30: 47447547647747847948048148248348448
Page 31 and 32: 50150250350450550650750850951051151
Page 33 and 34: SHALL always have a valueInitially
Page 35 and 36: 558559key contained within the Cert
Page 37 and 38: 577578579580581582583584585586X9, I
Page 39 and 40: 609Table 56: X.509 Certificate Iden
Page 45 and 46: 71571671771871972072172272372472572
Page 47 and 48: Default Operation Policy for Privat
Page 51 and 52: 81881982082182282382482582682782882
Page 53 and 54: 892893object is destroyed. This att
Page 57 and 58: 944945946indicates when the key man
Page 59 and 60: 9709719729733.34 FreshThe Fresh att
Page 61 and 62:
Application SpecificInformationObje
Page 63 and 64:
SHALL always have a valueInitially
Page 65 and 66:
Request PayloadObject REQUIRED Desc
Page 67 and 68:
Attribute REQUIRED SHALL contain th
Page 69 and 70:
1152115311541155115611571158As a re
Page 71 and 72:
AttributePrivate Key UniqueIdentifi
Page 73 and 74:
management server.11941195119611971
Page 75 and 76:
12361237123812391240124112421243124
Page 77 and 78:
12881289129012911292129312941295129
Page 79 and 80:
13241325132613271328132913301331133
Page 81 and 82:
Page 83 and 84:
Response PayloadObject REQUIRED Des
Page 85 and 86:
Page 87 and 88:
Response PayloadObject REQUIRED Des
Page 89 and 90:
15371538153915401541154215431544154
Page 91 and 92:
1588158915901591159215931594a list
Page 93 and 94:
16231624162516261627162816291630163
Page 95 and 96:
16651666166716681669167016711672167
Page 97 and 98:
17211722172317241725172617271728172
Page 99 and 100:
Option17911792179317941795Table 201
Page 101 and 102:
Request Batch ItemObject REQUIRED i
Page 103 and 104:
18311832183318341835183618371838183
Page 105 and 106:
18811882188318841885188618871888188
Page 107 and 108:
ObjectTagTag ValueCertificate Subje
Page 109 and 110:
ObjectPadding Methodkmip-spec-v1.1-
Page 111 and 112:
TagObjectTag ValueExtension Type420
Page 113 and 114:
19379.1.3.2.4 Wrapping Method Enume
Page 115 and 116:
19469.1.3.2.8 Split Key Method Enum
Page 117 and 118:
RC4 00000016RC5 00000017SKIPJACK 00
Page 119 and 120:
19649.1.3.2.17 Key Role Type Enumer
Page 121 and 122:
19759.1.3.2.21 Derivation Method En
Page 123 and 124:
19879.1.3.2.27 Operation Enumeratio
Page 125 and 126:
19939.1.3.2.30 Batch Error Continua
Page 127 and 128:
200820092010201110 TransportKMIP Se
Page 129 and 130:
Operation Failed20172018Table 249:
Page 131 and 132:
202411.5 Re-keyError Definition Res
Page 133 and 134:
203011.8 CertifyError Definition Re
Page 135 and 136:
Key Wrapping Specification contains
Page 137 and 138:
205011.18 Obtain LeaseError Definit
Page 139 and 140:
a certificate listOne or more of th
Page 141 and 142:
20952096209720982099210021012102210
Page 143 and 144:
CertificateSymmetric KeyPublic KeyP
Page 145 and 146:
22092210Appendix C. Tag Cross-Refer
Page 147 and 148:
Object Defined Type NotesInitializa
Page 149 and 150:
Object Defined Type NotesResult Mes
Page 151 and 152:
221322142215Appendix D. Operations
Page 153 and 154:
22192220222122222223222422252226222
Page 155 and 156:
22932294229522962297229822992300230
Page 157 and 158:
23482349235023512352235323542355235
Page 159 and 160:
24322433243424352436243724382439244
Page 161 and 162:
25162517251825192520252125222523252
Page 163 and 164:
2591Appendix G. Revision HistoryRev
show all

Key Management Interoperability Protocol Specification Version 1.1

Create successful ePaper yourself

Delete template?

Save as template?