meta data only mdo keys kmip 1 2 proposal n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal PowerPoint Presentation
Download Presentation
Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal

Loading in 2 Seconds...

play fullscreen
1 / 8

Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal - PowerPoint PPT Presentation


  • 142 Views
  • Uploaded on

Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal. Oct 4 - 2012 Denis Pochuev , SafeNet John Leiseboer, QuintessenceLabs. Register Operation in KMIP 1.1 From Test-Case 6.1. Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal' - jillian-navarro


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
meta data only mdo keys kmip 1 2 proposal

Meta-Data-Only (MDO) KeysKMIP 1.2 Proposal

Oct 4 - 2012

Denis Pochuev, SafeNet

John Leiseboer, QuintessenceLabs

register operation in kmip 1 1 from test case 6 1
Register Operation in KMIP 1.1From Test-Case 6.1

Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data:

Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data:

Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data:

Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x00000001

Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x00000001

Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x00000001

Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data:

Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x00000003 (REGISTER)

Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data:

Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x00000002 (SYMMETRIC_KEY)

Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask

Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x00000004

Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data:

Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data:

Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x00000001 (RAW)

Tag: KEY_VALUE (0x420045), Type: STRUCTURE (0x01), Data:

Tag: KEY_MATERIAL (0x420043), Type: BYTE_STRING (0x08), Data: 0x0123456789abcdef0123456789abcdef

Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x00000003 (AES)

Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x00000080

register operation in kmip 1 1 2 3 1 key block1
Register Operation in KMIP 1.12.3.1 Key Block

A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains a Key Value of one of the following Key Format Types:

  • Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes

mdo key register operation in kmip 1 2 proposal
MDO-key Register Operation in KMIP 1.2Proposal

Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data:

Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data:

Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data:

Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x00000001

Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x00000001

Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x00000001

Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data:

Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x00000003 (REGISTER)

Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data:

Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x00000002 (SYMMETRIC_KEY)

Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask

Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x00000004

Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent

Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE

Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data:

Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data:

Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x00000001 (RAW)

Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x00000003 (AES)

Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x00000080

“Not Here” tag

not here tag alternatives
“Not Here” Tag Alternatives

“Just Not Here”

  • Not having it at all (empty key value => MDO key)
  • Explicit “not here” designation

Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent

Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE

“Not Here, but I’ll tell you where”

  • Un-interpreted text string

Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation

Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: Bottom Drawer

  • URI

Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data:

Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation

Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: http://example.com/keyValue

  • Your suggestion
mdo key register operation in kmip 1 2 proposed text changes
MDO Key Register Operation in KMIP 1.2Proposed Text Changes

-------------------------------------------

A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains may containa Key Value of one of the following Key Format Types:

  • Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes

A Key Block that does not contain a Key Value represents a Meta-Data-Only key.

-------------------------------------------

The above changes are based on option 1 on the above slide. Further changes will be needed based on other “Not Here” tag alternatives and KeyValueLocation choice.