--- title: "What KMIP coverage do we provide?" slug: "what-kmip-coverage-do-we-provide" updated: 2026-03-16T17:35:39Z published: 2026-03-16T17:35:39Z --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # What KMIP coverage do we provide? ### 1.0 KMIP The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. ### 2.0 KMIP Versions Supported - 1.4 - 1.3 - 1.2 - 1.1 - 1.0 ### 3.0 Supported Operations - `ACTIVATE` - `ARCHIVE` - `CHECK` - `CREATE` - `CREATE_KEY_PAIR` - `DECRYPT` - `DELETE_ATTRIBUTES` - `DERIVE_KEY` - `DESTROY` - `DISCOVER_VERSIONS` - `ENCRYPT` - `GET` - `ADD_ATTRIBUTE` - `GET_ATTRIBUTE_LIST` - `GET_ATTRIBUTES` - `LOCATE` - `MAC` - `MAC_VERIFY` - `HASH` - `MODIFY_ATTRIBUTE` - `QUERY` - `RECOVER` - `REGISTER` - `REKEY` - `REKEY_KEY_PAIR` - `REVOKE` - `SIGN` - `SIGNATURE_VERIFY` > [!NOTE] > NOTE > > When you disable the **Implicit Export permission in KMIP operations** check box in the Fortanix-Data-Security-Manager (DSM) account and group-level **Client Configuration → KMIP** tab, the implicit `EXPORT` permission will not be added to the following KMIP operations: `CREATE`, `REGISTER`, `REKEY`, `CREATE_KEY_PAIR`, `REKEY_KEY_PAIR`, `DERIVE_KEY`, `LOCATE`, and `CHECK`. ### 4.0 Supported Object Types - `PUBLIC_KEY` - `PRIVATE_KEY` - `SYMMETRIC_KEY` - `CERTIFICATE` - `SECRET_DATA` - `OPAQUE_OBJECT` - `SPLIT_KEY` ### 5.0 Supported Attributes for Operations: Register/Create/Rekey - `Name` - `Alternate Name` - `Application Specific Information` - `Cryptographic Length` - `Cryptographic Usage Mask` - `Cryptographic Algorithm` - `Activation Date` - `Process Start Date` - `Process Stop Date` - `Deactivate Date` - `Cryptographic Parameters` - `Contact Information` - `X-` All custom attributes starting with `X-` of the following data types: - `Big Integer` - `Boolean` - `Byte String` - `Date-Time` - `Enumeration` - `Integer` - `Interval` - `Long Integer` - `TextString` - `Digest` - `Default Operation Policy` - `Original Creation Date` - `Object Group` - `Operation Policy Name` - `Last Change Date` ## 6.0 Changelog This section outlines the new features, improvements, and bug fixes for the Fortanix DSM KMIP client. ### DSM 5.4 - Latest - The `TemplateAttribute` field in the `ReKey` request is now optional in the Fortanix DSM KMIP client. - Added support for configurable `EXPORT` permission in the Fortanix DSM KMIP client. ### DSM 5.1 - Added support for the `KeyRoleType` field within the `Cryptographic Parameters` attribute in the Fortanix DSM KMIP client. - Added support for `AuthenticatedEncryptionAdditionalData` and `AuthenticatedEncryptionTag` in KMIP **Encrypt** and **Decrypt** operations. - Added support for key wrapping in KMIP **Register** and **Get** operations using `KeyWrappingData` and `KeyWrappingSpecification` structures. ### DSM 4.37 - Updated **KMIP** tab user interface (UI) under Fortanix DSM **Settings** → **Client Configuration** to provide greater flexibility in filtering keys. *For more information, refer to the*[*User's Guide: Group Client Configurations*](https://support.fortanix.com/docs/users-guide-group-client-configurations)**and**[*User's Guide: Account Client Configurations*](https://support.fortanix.com/docs/users-guide-account-client-configurations)*.* - The **Allow secrets with unknown operations** check box has been removed. - The **Ignore unknown key operations for** section has been added to disallow keys with unknown operations in the KMIP client configuration settings. ### DSM 4.36 - Introduced `EXPORT` permission for all keys during creation. - **Using DSM UI**: A new check box **Default to creating keys with Export permission** is added in DSM account **Settings → CLIENT CONFIGURATION → KMIP** to enable this permission. *For more information, refer to the*[*User's Guide: Group Client Configurations*](https://support.fortanix.com/docs/users-guide-group-client-configurations)**and**[*User's Guide: Account Client Configurations*](https://support.fortanix.com/docs/users-guide-account-client-configurations)*.* - **Using DSM REST API**: Added `EXPORT` operation in `key_ops_override` method to apply `EXPORT` permission for all keys. Example: ```bash "kmip": {                "ignore_unknown_key_ops_for_secrets":                "key_ops_override": {                    "add_key_ops": ["EXPORT"]         } ``` Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface. ## Related - [Fortanix DSM as External KMIP in Rubrik](/fortanix-dsm-as-external-kmip-in-rubrik.md) - [Fortanix DSM with NetApp ONTAP](/fortanix-dsm-with-netapp-ontap.md) - [Logging](/fortanix-dsm-logging.md) - [Fortanix DSM with Scality S3C](/fortanix-dsm-with-scality-s3c.md) - [Fortanix DSM with Microsoft CNG Provider and SignTool](/using-fortanix-dsm-with-microsoft-cng-provider-and-signtool.md)