OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip-comment] Unique Identifier in Encrypt/Decrypt ResponsePayload when using ReEncrypt (Ephemeral)

The specification text is unfortunately more limiting than it was meant to be in its current wording in the handling of Ephemeral.

It currently states "Indicates that the Data output of the operation should not be returned to the client. Boolean."
The use of "Data" in the sentence is not what was intended - the concept was to make the entire response ResponsePayload empty suppressing all its output as per the proposal (and which is what the test case shows).

I'll raise this as a topic in the next KMIP TC meeting to get a decision on how we will handle it.


On Fri, Jan 22, 2021 at 12:28 AM Conrado Gouvea <conradoplg@kryptus.com> wrote:
Dear all,

when using a Decrypt operation with the Ephemeral flag (ReEncrypt), theÂResponsePayload returned is empty.
However, the spec specifies that the Unique Identifier field is required:Âhttps://docs.oasis-open.org/kmip/kmip-spec/v2.1/os/kmip-spec-v2.1-os.html#_Toc57115643

So, which one is right? Should the Unique Identifier be returned or not?

Best regards,

Conrado Gouvea
Cryptography Specialist

+55 (19) 3112-5000

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]