kmip message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Interoperation question
- From: Mark Joseph <mark@p6r.com>
- To: OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>
- Date: Fri, 23 Sep 2022 12:04:12 -0700
Hi,
We have seen the following request sequence treated differently amoung 3 KMIP servers each from a separate vendor.
The request sequence is: create an AES 128 bit key and then perform AES CBC encrypt operation on a 16 byte data item WITH NO PADDING METHOD specified (see XML below).
The results we see is that two servers perform the encrypt with a 16 byte ciphertext being returned.
However, the third KMIP server adds padding and returns a 32 byte value (with no idea what padding was applied).
So is there a default padding method value assumed if none is specified for a block cipher?
-- Key created with no cryptographic parameters defined
<RequestMessage>
<RequestHeader>
<ProtocolVersion>
<ProtocolVersionMajor type="Integer" value="1"/>
<ProtocolVersionMinor type="Integer" value="4"/>
</ProtocolVersion>
<BatchCount type="Integer" value="1"/>
</RequestHeader>
<BatchItem>
<Operation type="Enumeration" value="Create"/>
<RequestPayload>
<ObjectType type="Enumeration" value="SymmetricKey"/>
<TemplateAttribute>
<Attribute>
<AttributeName type="TextString" value="Cryptographic Usage Mask"/>
<AttributeValue type="Integer" value="Decrypt Encrypt"/>
</Attribute>
<Attribute>
<AttributeName type="TextString" value="Cryptographic Algorithm"/>
<AttributeValue type="Enumeration" value="AES"/>
</Attribute>
<Attribute>
<AttributeName type="TextString" value="Cryptographic Length"/>
<AttributeValue type="Integer" value="128"/>
</Attribute>
</TemplateAttribute>
</RequestPayload>
</BatchItem>
</RequestMessage>
... Key was activated in the middle ...
<RequestMessage>
<RequestHeader>
<ProtocolVersion>
<ProtocolVersionMajor type="Integer" value="1"/>
<ProtocolVersionMinor type="Integer" value="4"/>
</ProtocolVersion>
<BatchCount type="Integer" value="1"/>
</RequestHeader>
<BatchItem>
<Operation type="Enumeration" value="Encrypt"/>
<RequestPayload>
<UniqueIdentifier type="TextString" value="<unique id of the above created key"/>
<CryptographicParameters>
<BlockCipherMode type="Enumeration" value="CBC"/>
\ <CryptographicAlgorithm type="Enumeration" value="AES"/>
</CryptographicParameters>
<Data type="ByteString" value="01020304050607080910111213141516"/> <-- Note exactly 16 bytes of data to be encrypted
<IVCounterNonce type="ByteString" value="00000000000000000000000000000000"/>
</RequestPayload>
</BatchItem>
</RequestMessage>
best Regards,
Mark Joseph, Ph.D. President
P6R, Inc
408-205-0361
http://www.linkedin.com/pub/mark-joseph/0/752/4b4
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]