What KMIP coverage do we provide?

Prev Next

1.0 KMIP

The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management.

2.0 KMIP Versions Supported

  • 1.4

  • 1.3

  • 1.2

  • 1.1

  • 1.0

3.0 Supported Operations

  • ACTIVATE

  • ARCHIVE

  • CHECK

  • CREATE

  • CREATE_KEY_PAIR

  • DECRYPT

  • DELETE_ATTRIBUTES

  • DERIVE_KEY

  • DESTROY

  • DISCOVER_VERSIONS

  • ENCRYPT

  • GET

  • ADD_ATTRIBUTE

  • GET_ATTRIBUTE_LIST

  • GET_ATTRIBUTES

  • LOCATE

  • MAC

  • MAC_VERIFY

  • HASH

  • MODIFY_ATTRIBUTE

  • QUERY

  • RECOVER

  • REGISTER

  • REKEY

  • REKEY_KEY_PAIR

  • REVOKE

  • SIGN

  • SIGNATURE_VERIFY

4.0 Supported Object Types

  • PUBLIC_KEY

  • PRIVATE_KEY

  • SYMMETRIC_KEY

  • CERTIFICATE

  • SECRET_DATA

  • OPAQUE_OBJECT

  • SPLIT_KEY

5.0 Supported Attributes for Operations: Register/Create/Rekey

  • Name

  • Alternate Name

  • Application Specific Information

  • Cryptographic Length

  • Cryptographic Usage Mask

  • Cryptographic Algorithm

  • Activation Date

  • Process Start Date

  • Process Stop Date

  • Deactivate Date

  • Cryptographic Parameters

  • Contact Information

  • X- All custom attributes starting with X-  of  the following data types:

    • Big Integer

    • Boolean

    • Byte String

    • Date-Time

    • Enumeration

    • Integer

    • Interval

    • Long Integer

    • TextString

  • Digest

  • Default Operation Policy

  • Original Creation Date

  • Object Group

  • Operation Policy Name

  • Last Change Date

6.0 Changelog

This section outlines the new features, improvements, and bug fixes for the Fortanix DSM KMIP client.

DSM 4.37 - Latest

  • Updated KMIP tab user interface (UI) under Fortanix DSM Settings → Client Configuration to provide greater flexibility in filtering keys.

    • The Allow secrets with unknown operations check box has been removed.

    • The Ignore unknown key operations for section has been added to disallow keys with unknown operations in the KMIP client configuration settings.

    For more details, refer to User's Guide: Group Client Configurations and User's Guide: Account Client Configurations.

DSM 4.36

  • Introduced EXPORT permission for all keys during creation.

    • Using DSM UI: A new check box Default to creating keys with Export permission is added in DSM account Settings → CLIENT CONFIGURATION →  KMIP to enable this permission.

      For more details, refer to User's Guide: Group Client Configurations and User's Guide: Account Client Configurations.

    • Using DSM REST API: Added EXPORT operation in key_ops_override method to apply EXPORT permission for all keys.
      Example:

      "kmip": {
                      "ignore_unknown_key_ops_for_secrets":
                      "key_ops_override": {
                          "add_key_ops": ["EXPORT"]
               }