Embed Size (px)
DESCRIPTION
Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal. Oct 4 - 2012 Denis Pochuev , SafeNet John Leiseboer, QuintessenceLabs. Register Operation in KMIP 1.1 From Test-Case 6.1. Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: - PowerPoint PPT Presentation
Citation preview
Meta-Data-Only (MDO) KeysKMIP 1.2 Proposal
Oct 4 - 2012
Denis Pochuev, SafeNetJohn Leiseboer, QuintessenceLabs
Register Operation in KMIP 1.1From Test-Case 6.1
Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x00000001 Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data: Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x00000003 (REGISTER) Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data: Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x00000002 (SYMMETRIC_KEY) Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x00000004 Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data: Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data: Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x00000001 (RAW) Tag: KEY_VALUE (0x420045), Type: STRUCTURE (0x01), Data: Tag: KEY_MATERIAL (0x420043), Type: BYTE_STRING (0x08), Data: 0x0123456789abcdef0123456789abcdef Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x00000003 (AES) Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x00000080
Register Operation in KMIP 1.12.3.1 Key Block
Register Operation in KMIP 1.12.3.1 Key Block
A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains a Key Value of one of the following Key Format Types:
• Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes
…
MDO-key Register Operation in KMIP 1.2Proposal
Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x00000001 Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data: Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x00000003 (REGISTER) Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data: Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x00000002 (SYMMETRIC_KEY) Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x00000004 Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data: Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data: Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x00000001 (RAW) Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x00000003 (AES) Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x00000080
“Not Here” tag
MDO Key Register Operation in KMIP 1.2Proposed Table Changes
“Not Here” Tag Alternatives“Just Not Here”
1. Not having it at all (empty key value => MDO key)2. Explicit “not here” designation
Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE
“Not Here, but I’ll tell you where”3. Un-interpreted text string
Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: Bottom Drawer
4. URITag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: http://example.com/keyValue
5. Your suggestion
MDO Key Register Operation in KMIP 1.2Proposed Text Changes
-------------------------------------------A Key Block object is a structure (see Table 6) used to encapsulate all of the
information that is closely associated with a cryptographic key. It contains may contain a Key Value of one of the following Key Format Types:
• Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes
…
A Key Block that does not contain a Key Value represents a Meta-Data-Only key.
-------------------------------------------The above changes are based on option 1 on the above slide. Further changes
will be needed based on other “Not Here” tag alternatives and KeyValueLocation choice.
