Fwd: [kmip] Groups - Key Format Type spec updates uploaded

kmip message

Subject: Fwd: [kmip] Groups - Key Format Type spec updates uploaded

From: Bruce Rich <bar@cryptsoft.com>

To: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>

Date: Thu, 12 Jul 2018 15:10:21 -0400

Hey, I won't be on today's call, but a couple of things came up that I thought maybe we could talk about on the mailing list.

1) The spec update I submitted on Key Format Type didn't require the server to create the Digest for the default key format type on a Register.Â That seems short-sighted on my part (wasn't really mentioned one way or the other in the original proposal at the F2F).Â I've attached an updated version of tc-181 that shows how it would look if the server also did the Digest on the default format (see the output from the second GetAttributes).Â If the point is interoperability, then requiring it on Register as well (if it's not a metadata-only object) makes sense.

2) Folks were interested in a new ReasonCode for "couldn't handle that key format".Â We could do that.Â But we already had this case in the 1.x protocol, as one could do a Get and specify a particular format for the key that the server couldn't handle.Â That case could have used this reason code as well, but we apparently didn't see the wisdom of it then.Â Is it a good thing now?Â What changed?Â Possibly we're now smarter than "those people back then"?Â So thought I'd ask, "Are you sure?"Â In theory, folks with 1.x and 2.0 servers should not surface this 2.0 reason code to 1.x clients, so it is not without impacts.

BruceÂ

---------- Forwarded message ----------
From: Bruce Rich <bar@cryptsoft.com>
Date: Wed, Jun 20, 2018 at 3:05 PM
Subject: [kmip] Groups - Key Format Type spec updates uploaded
To: kmip@lists.oasis-open.org

Document Name: Key Format Type spec updates

Description
Spec update from F2F topic...see
https://www.oasis-open.org/apps/org/workgroup/kmip/download.php/62857/KeyFormatType.pptx
Download Latest Revision
Public Download Link

Submitter: Mr. Bruce Rich
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Folder: Drafts
Date submitted: 2018-06-20 12:05:32

<KMIP> # [[Digests of Symmetric Keys]] # # Exercise the Digest attribute by registering two symmetric keys with the # same key material but using different Key Format Type. The Digest Value # for the key with the Key Format Type set to Transparent Symmetric Key is # calculated on the TTLV-encoded Key Material structure, # whereas the Digest Value for the key registered in the Raw Key Format Type # is calculated on the raw Key Material Byte String. The server calculates # the value of the mandatory Digest attribute instance using the Key # Format Type used by the client when registering the keys. Thereafter, # the client asks the server to create a symmetric key using the Create # operation. In this situation, it is up to the server to choose what Key # Format Type of the created key it uses to calculate the Digest Value. # # Note: This test case assumes a server that does not compute any # additional Digest attributes using another Hashing Algorithm and/or Key # Format Type. A server is permitted to provide multiple Digest attributes. # <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Register"/> <RequestPayload> <ObjectType type="Enumeration" value="SymmetricKey"/> <Attributes> <CryptographicAlgorithm type="Enumeration" value="AES"/> <CryptographicLength type="Integer" value="256"/> <CryptographicUsageMask type="Integer" value="Decrypt Encrypt"/> <Attribute> <VendorIdentification type="TextString" value="x"/> <AttributeName type="TextString" value="ID"/> <AttributeValue type="TextString" value="TC-181-20-key1"/> </Attribute> </Attributes> <SymmetricKey> <KeyBlock> <KeyFormatType type="Enumeration" value="Raw"/> <KeyValue> <KeyMaterial type="ByteString" value="0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff"/> </KeyValue> <CryptographicAlgorithm type="Enumeration" value="AES"/> <CryptographicLength type="Integer" value="256"/> </KeyBlock> </SymmetricKey> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Register"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="GetAttributes"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/> <AttributeReference type="Enumeration" value="Digest"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="GetAttributes"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/> <Attributes> <Digest> <HashingAlgorithm type="Enumeration" value="SHA_256"/> <DigestValue type="ByteString" value="6c064fe051add11edc07727b594eb48711df843e08445bba2cd786bc16bc58e8"/> <KeyFormatType type="Enumeration" value="Raw"/> </Digest> </Attributes> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Register"/> <RequestPayload> <ObjectType type="Enumeration" value="SymmetricKey"/> <Attributes> <CryptographicAlgorithm type="Enumeration" value="AES"/> <CryptographicLength type="Integer" value="256"/> <CryptographicUsageMask type="Integer" value="Decrypt Encrypt"/> <Attribute> <VendorIdentification type="TextString" value="x"/> <AttributeName type="TextString" value="ID"/> <AttributeValue type="TextString" value="TC-181-20-key2"/> </Attribute> </Attributes> <SymmetricKey> <KeyBlock> <KeyFormatType type="Enumeration" value="TransparentSymmetricKey"/> <KeyValue> <KeyMaterial> <Key type="ByteString" value="0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff"/> </KeyMaterial> </KeyValue> <CryptographicAlgorithm type="Enumeration" value="AES"/> <CryptographicLength type="Integer" value="256"/> </KeyBlock> </SymmetricKey> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Register"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_1"/> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="GetAttributes"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_1"/> <AttributeReference type="Enumeration" value="Digest"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="GetAttributes"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_1"/> <Attributes> <Digest> <HashingAlgorithm type="Enumeration" value="SHA_256"/> <DigestValue type="ByteString" value="499ce96ff6f5e19fe9fe7a2fe4c3e92b88db0001a4e8df28d9966856b6c4b87c"/> <KeyFormatType type="Enumeration" value="TransparentSymmetricKey"/> </Digest> <Digest> <HashingAlgorithm type="Enumeration" value="SHA_256"/> <DigestValue type="ByteString" value="6c064fe051add11edc07727b594eb48711df843e08445bba2cd786bc16bc58e8"/> <KeyFormatType type="Enumeration" value="Raw"/> </Digest> </Attributes> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Create"/> <RequestPayload> <ObjectType type="Enumeration" value="SymmetricKey"/> <Attributes> <CryptographicAlgorithm type="Enumeration" value="AES"/> <CryptographicLength type="Integer" value="256"/> <CryptographicUsageMask type="Integer" value="Decrypt Encrypt"/> <Attribute> <VendorIdentification type="TextString" value="x"/> <AttributeName type="TextString" value="ID"/> <AttributeValue type="TextString" value="TC-181-20-key3"/> </Attribute> </Attributes> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Create"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <ObjectType type="Enumeration" value="SymmetricKey"/> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="GetAttributes"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> <AttributeReference type="Enumeration" value="Digest"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="GetAttributes"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> <Attributes> <Digest> <HashingAlgorithm type="Enumeration" value="SHA_256"/> <DigestValue type="ByteString" value="314b223505091db03325c638a6016cf7080d3b116eb3f4896b6d24d4ec2215f8"/> <KeyFormatType type="Enumeration" value="Raw"/> </Digest> </Attributes> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Get"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> <KeyFormatType type="Enumeration" value="Raw"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Get"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <ObjectType type="Enumeration" value="SymmetricKey"/> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> <SymmetricKey> <KeyBlock> <KeyFormatType type="Enumeration" value="Raw"/> <KeyValue> <KeyMaterial type="ByteString" value="c1a99ac4716d4ea787d40b449d7b816f0ce82772b463cbf3a042b3f8e81e7bb7"/> </KeyValue> <CryptographicAlgorithm type="Enumeration" value="AES"/> <CryptographicLength type="Integer" value="256"/> </KeyBlock> </SymmetricKey> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Destroy"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Destroy"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Destroy"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_1"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Destroy"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_1"/> </ResponsePayload> </BatchItem> </ResponseMessage> <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Destroy"/> <RequestPayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> </RequestPayload> </BatchItem> </RequestMessage> <ResponseMessage> <ResponseHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="2"/> <ProtocolVersionMinor type="Integer" value="0"/> </ProtocolVersion> <TimeStamp type="DateTime" value="$NOW"/> <BatchCount type="Integer" value="1"/> </ResponseHeader> <BatchItem> <Operation type="Enumeration" value="Destroy"/> <ResultStatus type="Enumeration" value="Success"/> <ResponsePayload> <UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_2"/> </ResponsePayload> </BatchItem> </ResponseMessage> </KMIP>