Presentation is loading. Please wait.

Presentation is loading. Please wait.

Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct 4 - 2012 Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs.

Published byBernard Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct 4 - 2012 Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs."— Presentation transcript:

1 Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct 4 - 2012 Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs

2 Register Operation in KMIP 1.1 From Test-Case 6.1 Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x00000001 Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data: Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x00000003 (REGISTER) Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data: Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x00000002 (SYMMETRIC_KEY) Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x00000004 Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data: Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data: Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x00000001 (RAW) Tag: KEY_VALUE (0x420045), Type: STRUCTURE (0x01), Data: Tag: KEY_MATERIAL (0x420043), Type: BYTE_STRING (0x08), Data: 0x0123456789abcdef0123456789abcdef Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x00000003 (AES) Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x00000080

3 Register Operation in KMIP 1.1 2.3.1 Key Block

4 A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains a Key Value of one of the following Key Format Types: Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes …

5 MDO-key Register Operation in KMIP 1.2 Proposal Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x00000001 Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x00000001 Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data: Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x00000003 (REGISTER) Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data: Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x00000002 (SYMMETRIC_KEY) Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x00000004 Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data: Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data: Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x00000001 (RAW) Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x00000003 (AES) Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x00000080 “Not Here” tag

6 MDO Key Register Operation in KMIP 1.2 Proposed Table Changes

7 “Not Here” Tag Alternatives “Just Not Here” 1.Not having it at all (empty key value => MDO key) 2.Explicit “not here” designation Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE “Not Here, but I’ll tell you where” 3.Un-interpreted text string Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: Bottom Drawer 4.URI Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: http://example.com/keyValue 5.Your suggestion

8 MDO Key Register Operation in KMIP 1.2 Proposed Text Changes ------------------------------------------- A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains may contain a Key Value of one of the following Key Format Types: Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes … A Key Block that does not contain a Key Value represents a Meta-Data-Only key. ------------------------------------------- The above changes are based on option 1 on the above slide. Further changes will be needed based on other “Not Here” tag alternatives and KeyValueLocation choice.

Download ppt "Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct 4 - 2012 Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs."

Similar presentations

Tutorial on KMIP and FCEAP/GPSK

Tutorial on KMIP and FCEAP/GPSK
11 *Other names and brands may be claimed as the property of others Purpose –The following slides summarize rules and issues for the new mixed-mode format.

11 *Other names and brands may be claimed as the property of others Purpose –The following slides summarize rules and issues for the new mixed-mode format.
Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins

Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
Mercury: Scalable Routing for Range Queries Ashwin R. Bharambe Carnegie Mellon University With Mukesh Agrawal, Srinivasan Seshan.

Mercury: Scalable Routing for Range Queries Ashwin R. Bharambe Carnegie Mellon University With Mukesh Agrawal, Srinivasan Seshan.
4-Bit Binary-to-BCD Converter: case Statement

4-Bit Binary-to-BCD Converter: case Statement
SSE for H.264 Encoder Chuck Tsen Sean Pieper. SSE– what can’t it do? Mixed scalar and vector Unaligned memory accesses Predicated execution >2 source.

SSE for H.264 Encoder Chuck Tsen Sean Pieper. SSE– what can’t it do? Mixed scalar and vector Unaligned memory accesses Predicated execution >2 source.
21-05-0407-03-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-05-0407-03-0000 Title: Integration of XML and TLV Date Submitted: January, 9, 2006 Presented.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Integration of XML and TLV Date Submitted: January, 9, 2006 Presented.
Notes Ch. 12—Creating Tables Web Page Design. Why Use Tables? Tables are used to create a variety of items such as calendars, charts, and spreadsheets.

Notes Ch. 12—Creating Tables Web Page Design. Why Use Tables? Tables are used to create a variety of items such as calendars, charts, and spreadsheets.
Homework –Continue Reading K&R Chapter 2 –We’ll go over HW2 –HW3 is posted Questions?

Homework –Continue Reading K&R Chapter 2 –We’ll go over HW2 –HW3 is posted Questions?
CS-280 Dr. Mark L. Hornick 1 ASCII table. 2 Displaying Numbers as Text Problem: display numerical values as text Consider the numerical value 0x5A held.

CS-280 Dr. Mark L. Hornick 1 ASCII table. 2 Displaying Numbers as Text Problem: display numerical values as text Consider the numerical value 0x5A held.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev

HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev
Binary, Decimal and Hexadecimal Numbers Svetlin Nakov Telerik Corporation www.telerik.com.

Binary, Decimal and Hexadecimal Numbers Svetlin Nakov Telerik Corporation
KMIP 1.3 Deprecation February 20, 2014. Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.

KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
1 Key Management Interoperability Protocol (KMIP) www.oasis-open.org.

1 Key Management Interoperability Protocol (KMIP)
Comments in PHP In PHP, we use // to make a singleline comment or /* and */ to make a large comment block. Comment is a part of your PHP code that will.

Comments in PHP In PHP, we use // to make a singleline comment or /* and */ to make a large comment block. Comment is a part of your PHP code that will.
Clarifications to KMIP v1.1 for Asymmetric Crypto and Certificates J. Furlong 29 September 2010.

Clarifications to KMIP v1.1 for Asymmetric Crypto and Certificates J. Furlong 29 September 2010.
Sheet 1XML Technology in E-Commerce 2001Lecture 2 XML Technology in E-Commerce Lecture 2 Logical and Physical Structure, Validity, DTD, XML Schema.

Sheet 1XML Technology in E-Commerce 2001Lecture 2 XML Technology in E-Commerce Lecture 2 Logical and Physical Structure, Validity, DTD, XML Schema.

Similar presentations

Ads by Google