OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [kmip] Protect Stop Date question


That is a really good point â I am in favor of adjusting the Protect Stop Case so it is in line with the Test Case.

 

Reason being â a key pair can be used for key establishment ( which isnât a protect-stop function) BUT it can also be used to encrypt and decrypt information â which denotes the need for a protect stop date.  As for keeping the Protect Start\Stop dates in sync between the key pair- that is something that should be left up to the student so to speak.

 

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Mark Joseph
Sent: Thursday, November 08, 2018 11:19 AM
To: kmip@lists.oasis-open.org
Subject: [kmip] Protect Stop Date question

 

 

From Section 3.26 Protect Stop Date in KMIP 1.4 spec, and the same wording in Section 4.41 KMIP 2.0 draft

 

The Protect Stop Date attribute is the date and time after which a Managed Symmetric Key Object SHALL NOT be used for applying 

cryptographic protection (e.g., encryption or wrapping), depending on the value of its Cryptographic Usage Mask attribute. This value 

MAY be equal to or earlier than, but SHALL NOT be later than the Deactivation Date. Once the Protect Stop Date has occurred, then this 

attribute SHALL NOT be changed or deleted before the object is destroyed

 

I added the emphasis.   Does this mean that the Protect Stop Date attribute only applies to Symmetric Keys?

I ask this question because published test cases CS-AC-M-8-13, -14, -20 all define this attribute for a Key Pair Managed object.

Do I have an old version of these test cases?

 

 

<RequestMessage>

  <RequestHeader>

    <ProtocolVersion>

      <ProtocolVersionMajor type="Integer" value="1"/>

      <ProtocolVersionMinor type="Integer" value="4"/>

    </ProtocolVersion>

    <BatchCount type="Integer" value="1"/>

  </RequestHeader>

  <BatchItem>

    <Operation type="Enumeration" value="Register"/>

    <RequestPayload>

      <ObjectType type="Enumeration" value="PrivateKey"/>

      <TemplateAttribute>

        <Attribute>

          <AttributeName type="TextString" value="Cryptographic Usage Mask"/>

          <AttributeValue type="Integer" value="Sign"/>

        </Attribute>

        <Attribute>

          <AttributeName type="TextString" value="x-ID"/>

          <AttributeValue type="TextString" value="CS-AC-M-8-14-prikey1"/>

        </Attribute>

        <Attribute>

          <AttributeName type="TextString" value="Activation Date"/>

          <AttributeValue type="DateTime" value="$NOW-3600"/>

        </Attribute>

        <Attribute>

          <AttributeName type="TextString" value="Process Start Date"/>

          <AttributeValue type="DateTime" value="$NOW+3600"/>

        </Attribute>

        <Attribute>

          <AttributeName type="TextString" value="Protect Stop Date"/>

          <AttributeValue type="DateTime" value="$NOW-3600"/>

        </Attribute>

        <Attribute>

          <AttributeName type="TextString" value="Cryptographic Parameters"/>

          <AttributeValue>

            <PaddingMethod type="Enumeration" value="PSS"/>

            <HashingAlgorithm type="Enumeration" value="SHA_256"/>

            <CryptographicAlgorithm type="Enumeration" value="RSA"/>

          </AttributeValue>

        </Attribute>

      </TemplateAttribute>

      <PrivateKey>

        <KeyBlock>

          <KeyFormatType type="Enumeration" value="PKCS_1"/>

          <KeyValue>

            <KeyMaterial type="ByteString" value="308204a50201000282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001028201003b12455d53c1816516c518493f6398aafa72b17dfa894db888a7d48c0a47f62579a4e644f86da711fec850cdd9dbbd17f69a443d2ec1dd60d3c618fa74cde5fdafabd6baa26eb0a3adb4def6480fb1218cd3b083e252e885b6f0729f98b2144d2b72293e1b11d73393bc41f75b15ee3d7569b4995ed1a14425da4319b7b26b0e8fef17c37542ae5c6d5849f87209567f3925a47b016d564859717bc57fcb4522d0aa49ce816e5be7b3088193236ec9efff140858045b73c5d79baf38f7c67f04c5dcf0e3806ad982d1259058c3473e847179a878f2c6b3bd968fb99ea46e9185892f3676e78965c2aed4877ba3917df07c5e927474f19e764ba61dc38d63bf2902818100d5c69c8c3cdc2464744a793713dafb9f1dbc799ff96423fecd3cba794286bce920f4b5c183f99ee9028db6212c6277c4c8297fcfbce7f7c24ca4c51fc7182fb8f4019fb1d5659674c5cbe6d5fa992051341760cd00735729a070a9e54d342beba8ef47ee82d3a01b04cec4a00d4ddb41e35116fc221e854b43a696c0e6419b1b02818100cd5ea7702789064b673540cbff09356ad80bc3d592812eba47610b9fac6aecefe22acae438459cda74e59653d88c04189d34399bf5b14b920e34ef38a7d09fe69593396e8fe735e6f0a6ae4990401041d8a406b6fd86a1161e45f95a3eaa5c1012e6662e44f15f335ac971e1766b2bb9c985109974141b44d37e1e319820a55f02818100b2871237bf9fad38c3316ab7877a6a868063e542a7186d431e8d27c19ac0414584033942e9ff6e2973bb7b2d8b0e94ad1ee82158108fbc8664517a5a467fb963014bd5dcc2b4fb087c23039d11920dbe22fd9f16b4d89e23225cd455adbaf32ef43f185864a36d630309d6853f7714b39aae1ebee3938f87c2707e178c739f9f028181009690bed14b2afaa26d986d592231ee27d71d49065bd2ba1f78157e20229881fd9d23227d0f8479eaefa922fd75d5b16b1a561fa6680b040ca0bdce650b23b917a4b1bb7983a74fad70e1c305cbec2bff1a85a726a1d90260e4f1084f518234dcd3fe770b9520215bd543bb6a4117718754676a34171666a79f26e79c149c5aa102818100a0c985a0a0a791a659f99731134c44f37b2e520a2cea35800ad27241ed360dfde6e8ca614f12047fd08b76ac4d13c056a0699e2f98a1cac91011294d71208f4abab33ba87aa0517f415baca88d6bac006088fa601d349417e1f0c9b23affa4d496618dbc024986ed690bbb7b025768ff9df8ac15416f489f8129c32341a8b44f"/>

          </KeyValue>

          <CryptographicAlgorithm type="Enumeration" value="RSA"/>

          <CryptographicLength type="Integer" value="2048"/>

        </KeyBlock>

      </PrivateKey>

    </RequestPayload>

  </BatchItem>

</RequestMessage>

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]