Re: [kmip-comment] Unique Identifier in Encrypt/Decrypt ResponsePayload when using ReEncrypt (Ephemeral)

[Tim Hudson <tjh@cryptsoft.com>]

The specification text is unfortunately more limiting than it was meant to be in its current wording in the handling of Ephemeral.

It currently states "Indicates that the Data output of the operation should not be returned to the client. Boolean."

The use of "Data" in the sentence is not what was intended - the concept was to make the entire response ResponsePayload empty suppressing all its output as per the proposal (and which is what the test case shows).

I'll raise this as a topic in the next KMIP TC meeting to get a decision on how we will handle it.

Thanks,

Tim.

On Fri, Jan 22, 2021 at 12:28 AM Conrado Gouvea <conradoplg@kryptus.com> wrote:

Dear all,

InÂhttps://docs.oasis-open.org/kmip/kmip-testcases/v2.1/cn01/test-cases/kmip-v2.1/TC-REENCRYPT-1-21.xml
when using a Decrypt operation with the Ephemeral flag (ReEncrypt), theÂResponsePayload returned is empty.

However, the spec specifies that the Unique Identifier field is required:Âhttps://docs.oasis-open.org/kmip/kmip-spec/v2.1/os/kmip-spec-v2.1-os.html#_Toc57115643

So, which one is right? Should the Unique Identifier be returned or not?

Best regards,

Conrado Gouvea Cryptography Specialist conradoplg@kryptus.com +55 (19) 3112-5000 www.kryptus.com

Este e-mail e quaisquer anexos podem conter informaÃÃo confidencial, proprietÃria, privilegiada, classificada ou protegida por Lei. A informaÃÃo aqui contida à destinada exclusivamente para os destinatÃrios nominados (ou para a pessoa responsÃvel por entregar a informaÃÃo para o destinatÃrio). Se vocà nÃo à o destinatÃrio pretendido desta mensagem entÃo vocà nÃo està autorizado a ler, imprimir, reter, copiar ou disseminar esta mensagem na Ãntegra ou mesmo parcialmente. Se vocà recebeu este e-mail erroneamente, por favor notifique o remetente e remova a mesma de sua caixa postal e dispositivos.

This e-mail and any attachments may contain information that is confidential, proprietary, privileged or otherwise protected by law. The information contained herein is solely intended for the named addressee (or a person responsible for delivering it to the addressee).If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer.