1.0 KMIP
The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management.
2.0 KMIP Versions Supported
1.4
1.3
1.2
1.1
1.0
3.0 Supported Operations
ACTIVATE
ARCHIVE
CHECK
CREATE
CREATE_KEY_PAIR
DECRYPT
DELETE_ATTRIBUTES
DERIVE_KEY
DESTROY
DISCOVER_VERSIONS
ENCRYPT
GET
ADD_ATTRIBUTE
GET_ATTRIBUTE_LIST
GET_ATTRIBUTES
LOCATE
MAC
MAC_VERIFY
HASH
MODIFY_ATTRIBUTE
QUERY
RECOVER
REGISTER
REKEY
REKEY_KEY_PAIR
REVOKE
SIGN
SIGNATURE_VERIFY
4.0 Supported Object Types
PUBLIC_KEY
PRIVATE_KEY
SYMMETRIC_KEY
CERTIFICATE
SECRET_DATA
OPAQUE_OBJECT
SPLIT_KEY
5.0 Supported Attributes for Operations: Register/Create/Rekey
Name
Alternate Name
Application Specific Information
Cryptographic Length
Cryptographic Usage Mask
Cryptographic Algorithm
Activation Date
Process Start Date
Process Stop Date
Deactivate Date
Cryptographic Parameters
Contact Information
X-
All custom attributes starting withX-
of the following data types:Big Integer
Boolean
Byte String
Date-Time
Enumeration
Integer
Interval
Long Integer
TextString
Digest
Default Operation Policy
Original Creation Date
Object Group
Operation Policy Name
Last Change Date
6.0 Changelog
This section outlines the new features, improvements, and bug fixes for the Fortanix DSM KMIP client.
DSM 4.37 - Latest
Updated KMIP tab user interface (UI) under Fortanix DSM Settings → Client Configuration to provide greater flexibility in filtering keys.
The Allow secrets with unknown operations check box has been removed.
The Ignore unknown key operations for section has been added to disallow keys with unknown operations in the KMIP client configuration settings.
For more details, refer to User's Guide: Group Client Configurations and User's Guide: Account Client Configurations.
DSM 4.36
Introduced
EXPORT
permission for all keys during creation.Using DSM UI: A new check box Default to creating keys with Export permission is added in DSM account Settings → CLIENT CONFIGURATION → KMIP to enable this permission.
For more details, refer to User's Guide: Group Client Configurations and User's Guide: Account Client Configurations.
Using DSM REST API: Added
EXPORT
operation inkey_ops_override
method to applyEXPORT
permission for all keys.
Example:"kmip": { "ignore_unknown_key_ops_for_secrets": "key_ops_override": { "add_key_ops": ["EXPORT"] }