[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] Protect Stop Date question
That is a really good point â I am in favor of adjusting the Protect Stop Case so it is in line with the Test Case. Reason being â a key pair can be used for key establishment ( which isnât a protect-stop function) BUT it can also be used to encrypt and decrypt information
â which denotes the need for a protect stop date. As for keeping the Protect Start\Stop dates in sync between the key pair- that is something that should be left up to the student so to speak.
From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org]
On Behalf Of Mark Joseph From Section 3.26 Protect Stop Date in KMIP 1.4 spec, and the same wording in Section 4.41 KMIP 2.0 draft The Protect Stop Date attribute is the date and time after which a
Managed Symmetric Key Object SHALL NOT be used for applying cryptographic protection (e.g., encryption or wrapping), depending on the value of its Cryptographic Usage Mask attribute. This value MAY be equal to or earlier than, but SHALL NOT be later than the Deactivation Date. Once the Protect Stop Date has occurred, then this attribute SHALL NOT be changed or deleted before the object is destroyed I added the emphasis. Does this mean that the Protect Stop Date attribute only applies to Symmetric Keys? I ask this question because published test cases CS-AC-M-8-13, -14, -20 all define this attribute for a Key Pair Managed object. Do I have an old version of these test cases? <RequestMessage> <RequestHeader> <ProtocolVersion> <ProtocolVersionMajor type="Integer" value="1"/> <ProtocolVersionMinor type="Integer" value="4"/> </ProtocolVersion> <BatchCount type="Integer" value="1"/> </RequestHeader> <BatchItem> <Operation type="Enumeration" value="Register"/> <RequestPayload> <ObjectType type="Enumeration" value="PrivateKey"/> <TemplateAttribute> <Attribute> <AttributeName type="TextString" value="Cryptographic Usage Mask"/> <AttributeValue type="Integer" value="Sign"/> </Attribute> <Attribute> <AttributeName type="TextString" value="x-ID"/> <AttributeValue type="TextString" value="CS-AC-M-8-14-prikey1"/> </Attribute> <Attribute> <AttributeName type="TextString" value="Activation Date"/> <AttributeValue type="DateTime" value="$NOW-3600"/> </Attribute> <Attribute> <AttributeName type="TextString" value="Process Start Date"/> <AttributeValue type="DateTime" value="$NOW+3600"/> </Attribute> <Attribute> <AttributeName type="TextString" value="Protect Stop Date"/> <AttributeValue type="DateTime" value="$NOW-3600"/> </Attribute> <Attribute> <AttributeName type="TextString" value="Cryptographic Parameters"/> <AttributeValue> <PaddingMethod type="Enumeration" value="PSS"/> <HashingAlgorithm type="Enumeration" value="SHA_256"/> <CryptographicAlgorithm type="Enumeration" value="RSA"/> </AttributeValue> </Attribute> </TemplateAttribute> <PrivateKey> <KeyBlock> <KeyFormatType type="Enumeration" value="PKCS_1"/> <KeyValue> <KeyMaterial type="ByteString" value="308204a50201000282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001028201003b12455d53c1816516c518493f6398aafa72b17dfa894db888a7d48c0a47f62579a4e644f86da711fec850cdd9dbbd17f69a443d2ec1dd60d3c618fa74cde5fdafabd6baa26eb0a3adb4def6480fb1218cd3b083e252e885b6f0729f98b2144d2b72293e1b11d73393bc41f75b15ee3d7569b4995ed1a14425da4319b7b26b0e8fef17c37542ae5c6d5849f87209567f3925a47b016d564859717bc57fcb4522d0aa49ce816e5be7b3088193236ec9efff140858045b73c5d79baf38f7c67f04c5dcf0e3806ad982d1259058c3473e847179a878f2c6b3bd968fb99ea46e9185892f3676e78965c2aed4877ba3917df07c5e927474f19e764ba61dc38d63bf2902818100d5c69c8c3cdc2464744a793713dafb9f1dbc799ff96423fecd3cba794286bce920f4b5c183f99ee9028db6212c6277c4c8297fcfbce7f7c24ca4c51fc7182fb8f4019fb1d5659674c5cbe6d5fa992051341760cd00735729a070a9e54d342beba8ef47ee82d3a01b04cec4a00d4ddb41e35116fc221e854b43a696c0e6419b1b02818100cd5ea7702789064b673540cbff09356ad80bc3d592812eba47610b9fac6aecefe22acae438459cda74e59653d88c04189d34399bf5b14b920e34ef38a7d09fe69593396e8fe735e6f0a6ae4990401041d8a406b6fd86a1161e45f95a3eaa5c1012e6662e44f15f335ac971e1766b2bb9c985109974141b44d37e1e319820a55f02818100b2871237bf9fad38c3316ab7877a6a868063e542a7186d431e8d27c19ac0414584033942e9ff6e2973bb7b2d8b0e94ad1ee82158108fbc8664517a5a467fb963014bd5dcc2b4fb087c23039d11920dbe22fd9f16b4d89e23225cd455adbaf32ef43f185864a36d630309d6853f7714b39aae1ebee3938f87c2707e178c739f9f028181009690bed14b2afaa26d986d592231ee27d71d49065bd2ba1f78157e20229881fd9d23227d0f8479eaefa922fd75d5b16b1a561fa6680b040ca0bdce650b23b917a4b1bb7983a74fad70e1c305cbec2bff1a85a726a1d90260e4f1084f518234dcd3fe770b9520215bd543bb6a4117718754676a34171666a79f26e79c149c5aa102818100a0c985a0a0a791a659f99731134c44f37b2e520a2cea35800ad27241ed360dfde6e8ca614f12047fd08b76ac4d13c056a0699e2f98a1cac91011294d71208f4abab33ba87aa0517f415baca88d6bac006088fa601d349417e1f0c9b23affa4d496618dbc024986ed690bbb7b025768ff9df8ac15416f489f8129c32341a8b44f"/> </KeyValue> <CryptographicAlgorithm type="Enumeration" value="RSA"/> <CryptographicLength type="Integer" value="2048"/> </KeyBlock> </PrivateKey> </RequestPayload> </BatchItem> </RequestMessage> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]