[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [kmip-comment] Clarification on Key Value for wrapped objects
I could be wrong but I believe the answer is in section 2.1.5 Key Wrapping DataThe following encoding options are currently defined:No Encoding (i.e., the wrapped un-encoded value of the Byte String Key Material field in the Key Value structure).TTLV Encoding (i.e., the wrapped TTLV-encoded Key Value structure).TC-WRAP-14 uses the "No Encoding" valueBest,Mark JosephP6R, Inc-------- Forwarded Message --------
Subject: [kmip-comment] Clarification on Key Value for wrapped objects Date: Fri, 1 Sep 2017 16:03:43 -0300 From: Gabriel Mandaji <firstname.lastname@example.org> To: email@example.com. org
While running tests TC-WRAP-*-14, I started to wonder how to properly format Key Values for wrapped objects and would really appreciate any help to clarify that.
Those tests expect wrapped keys to be within a Key Material, both when registering and when retrieving wrapped objects. E.g.:
<KeyValue><KeyMaterial type="ByteString" value="
However, that seems to go against what is defined on the specification. The Key Value's description states that it may either be a Structure, if the object is not wrapped, or a Byte String, if the object is wrapped.
Therefore, I would expect wrapped objects to have a Key Value without any Key Material. E.g.:
<KeyValue type="ByteString" value="
Which is the correct format?
On a related note, TC-WRAP-1-14 seems to be missing the Unwrap flag on the KEK (though I don't know how to properly report that, now that the public review has ended).