OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Interoperation question

Hi,

   We have seen the following request sequence treated differently amoung 3 KMIP servers each from a separate vendor.

The request sequence is: create an AES 128 bit key and then perform AES CBC encrypt operation on a 16 byte data item WITH NO PADDING METHOD specified (see XML below).

The results we see is that two servers perform the encrypt with a 16 byte ciphertext being returned.  
However, the third KMIP server adds padding and returns a 32 byte value  (with no idea what padding was applied).

So is there a default padding method value assumed if none is specified for a block cipher?

-- Key created with no cryptographic parameters defined 
<RequestMessage>
   <RequestHeader>
      <ProtocolVersion>
         <ProtocolVersionMajor type="Integer" value="1"/>
         <ProtocolVersionMinor type="Integer" value="4"/>
      </ProtocolVersion>
      <BatchCount type="Integer" value="1"/>
   </RequestHeader>
   <BatchItem>
      <Operation type="Enumeration" value="Create"/>
      <RequestPayload>
         <ObjectType type="Enumeration" value="SymmetricKey"/>
         <TemplateAttribute>
            <Attribute>
               <AttributeName type="TextString" value="Cryptographic Usage Mask"/>
               <AttributeValue type="Integer" value="Decrypt Encrypt"/>
            </Attribute>
            <Attribute>
               <AttributeName type="TextString" value="Cryptographic Algorithm"/>
               <AttributeValue type="Enumeration" value="AES"/>
            </Attribute>
            <Attribute>
               <AttributeName type="TextString" value="Cryptographic Length"/>
               <AttributeValue type="Integer" value="128"/>
            </Attribute>
         </TemplateAttribute>
      </RequestPayload>
   </BatchItem>
</RequestMessage>

... Key was activated in the middle ...

<RequestMessage>
   <RequestHeader>
      <ProtocolVersion>
         <ProtocolVersionMajor type="Integer" value="1"/>
         <ProtocolVersionMinor type="Integer" value="4"/>
      </ProtocolVersion>
      <BatchCount type="Integer" value="1"/>
   </RequestHeader>
   <BatchItem>
      <Operation type="Enumeration" value="Encrypt"/>
      <RequestPayload>
         <UniqueIdentifier type="TextString" value="<unique id of the above created key"/>
         <CryptographicParameters>
            <BlockCipherMode type="Enumeration" value="CBC"/>
\            <CryptographicAlgorithm type="Enumeration" value="AES"/>
         </CryptographicParameters>
         <Data type="ByteString" value="01020304050607080910111213141516"/>   <--  Note exactly 16 bytes of data to be encrypted
         <IVCounterNonce type="ByteString" value="00000000000000000000000000000000"/>
      </RequestPayload>
   </BatchItem>
</RequestMessage>




best Regards,
Mark Joseph, Ph.D. 
President P6R, Inc 
408-205-0361 
http://www.linkedin.com/pub/mark-joseph/0/752/4b4


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]