OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip-comment] Clarification on Key Value for wrapped objects

Ok then can you clarify what the "No Encoding" and "TTLV Encoding" is used for because its not clear to me.


From: Bruce Rich <bar@cryptsoft.com>
To: Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>, <gabriel@kryptus.com>
Sent: 10/5/2017 9:27 AM
Subject: Re: [kmip-comment] Clarification on Key Value for wrapped objects


Let's move this conversation over to the KMIP list, not the KMIP-Comments list, as we're all on the TC.


I think you answered the question of "what gets wrapped", but I think Gabriel's question was "how is a wrapped key presented", either to a server or a client.  His suggestion was that the KeyValue in the TC-WRAP-*-14 testcases should not be a structure, i.e.,

    <KeyMaterial type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>
but rather just the ByteString, which would be

<KeyValue type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>

I think he's correct, that we should follow the spec's description of Key Value, and the testcases should be amended.

Bruce Rich

On Thu, Oct 5, 2017 at 9:45 AM, Mark Joseph <mark@p6r.com> wrote:
I could be wrong but I believe the answer is in section 2.1.5 Key Wrapping Data

The following encoding options are currently defined:  

No Encoding (i.e., the wrapped un-encoded value of the Byte String Key Material field in the Key Value structure).  

TTLV Encoding (i.e., the wrapped TTLV-encoded Key Value structure).

TC-WRAP-14 uses the "No Encoding" value

Mark Joseph
P6R, Inc

-------- Forwarded Message --------
Subject: [kmip-comment] Clarification on Key Value for wrapped objects
Date: Fri, 1 Sep 2017 16:03:43 -0300
From: Gabriel Mandaji <gabriel@kryptus.com>
To: kmip-comment@lists.oasis-open.org

Hi all,

While running tests TC-WRAP-*-14, I started to wonder how to properly format Key Values for wrapped objects and would really appreciate any help to clarify that.

Those tests expect wrapped keys to be within a Key Material, both when registering and when retrieving wrapped objects. E.g.:

    <KeyMaterial type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>

However, that seems to go against what is defined on the specification. The Key Value's description states that it may either be a Structure, if the object is not wrapped, or a Byte String, if the object is wrapped.

Therefore, I would expect wrapped objects to have a Key Value without any Key Material. E.g.:

<KeyValue type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>

Which is the correct format?

On a related note, TC-WRAP-1-14 seems to be missing the Unwrap flag on the KEK (though I don't know how to properly report that, now that the public review has ended).

Best Regards,

Gabriel Francisco Mandaji,
Desenvolvedor de Software
Trust in Cybersecurity
+55 19 3112 5000

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]