OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip] Re: [kmip-comment] Clarification on Key Value for wrapped objects

Ok after reading over the spec a few times I do understand this.
It does appear that test case TC-WrAP-*-14 is incorrect.   I will mock up a change and send it to Tim.


Best,
Mark


Ok then can you clarify what the "No Encoding" and "TTLV Encoding" is used for because its not clear to me.


Best,
Mark


From: Bruce Rich <bar@cryptsoft.com>
To: Mark Joseph <mark@p6r.com>
Cc: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>, <gabriel@kryptus.com>
Sent: 10/5/2017 9:27 AM
Subject: Re: [kmip-comment] Clarification on Key Value for wrapped objects

Guys,

Let's move this conversation over to the KMIP list, not the KMIP-Comments list, as we're all on the TC.

Mark,

I think you answered the question of "what gets wrapped", but I think Gabriel's question was "how is a wrapped key presented", either to a server or a client.  His suggestion was that the KeyValue in the TC-WRAP-*-14 testcases should not be a structure, i.e.,

<KeyValue>
    <KeyMaterial type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>
</KeyValue>
 
but rather just the ByteString, which would be

<KeyValue type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>

I think he's correct, that we should follow the spec's description of Key Value, and the testcases should be amended.

Regards,
Bruce Rich


On Thu, Oct 5, 2017 at 9:45 AM, Mark Joseph <mark@p6r.com> wrote:
I could be wrong but I believe the answer is in section 2.1.5 Key Wrapping Data

The following encoding options are currently defined:  

No Encoding (i.e., the wrapped un-encoded value of the Byte String Key Material field in the Key Value structure).  

TTLV Encoding (i.e., the wrapped TTLV-encoded Key Value structure).


TC-WRAP-14 uses the "No Encoding" value



Best,
Mark Joseph
P6R, Inc



-------- Forwarded Message --------
Subject: [kmip-comment] Clarification on Key Value for wrapped objects
Date: Fri, 1 Sep 2017 16:03:43 -0300
From: Gabriel Mandaji <gabriel@kryptus.com>
To: kmip-comment@lists.oasis-open.org


Hi all,

While running tests TC-WRAP-*-14, I started to wonder how to properly format Key Values for wrapped objects and would really appreciate any help to clarify that.

Those tests expect wrapped keys to be within a Key Material, both when registering and when retrieving wrapped objects. E.g.:

<KeyValue>
    <KeyMaterial type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>
</KeyValue>

However, that seems to go against what is defined on the specification. The Key Value's description states that it may either be a Structure, if the object is not wrapped, or a Byte String, if the object is wrapped.

Therefore, I would expect wrapped objects to have a Key Value without any Key Material. E.g.:

<KeyValue type="ByteString" value="1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5"/>

Which is the correct format?

On a related note, TC-WRAP-1-14 seems to be missing the Unwrap flag on the KEK (though I don't know how to properly report that, now that the public review has ended).

Best Regards,

Gabriel Francisco Mandaji,
Desenvolvedor de Software
KRYPTUS EED S/A
Trust in Cybersecurity
+55 19 3112 5000
====================

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]