Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct 4 - 2012 Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs.

Slides:

Advertisements

Similar presentations

Tutorial on KMIP and FCEAP/GPSK

Advertisements

11 *Other names and brands may be claimed as the property of others Purpose –The following slides summarize rules and issues for the new mixed-mode format.

Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

Mercury: Scalable Routing for Range Queries Ashwin R. Bharambe Carnegie Mellon University With Mukesh Agrawal, Srinivasan Seshan.

4-Bit Binary-to-BCD Converter: case Statement

SSE for H.264 Encoder Chuck Tsen Sean Pieper. SSE– what can’t it do? Mixed scalar and vector Unaligned memory accesses Predicated execution >2 source.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Integration of XML and TLV Date Submitted: January, 9, 2006 Presented.

Notes Ch. 12—Creating Tables Web Page Design. Why Use Tables? Tables are used to create a variety of items such as calendars, charts, and spreadsheets.

Homework –Continue Reading K&R Chapter 2 –We’ll go over HW2 –HW3 is posted Questions?

CS-280 Dr. Mark L. Hornick 1 ASCII table. 2 Displaying Numbers as Text Problem: display numerical values as text Consider the numerical value 0x5A held.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev

Binary, Decimal and Hexadecimal Numbers Svetlin Nakov Telerik Corporation

KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.

1 Key Management Interoperability Protocol (KMIP)

Comments in PHP In PHP, we use // to make a singleline comment or /* and */ to make a large comment block. Comment is a part of your PHP code that will.

Clarifications to KMIP v1.1 for Asymmetric Crypto and Certificates J. Furlong 29 September 2010.

Sheet 1XML Technology in E-Commerce 2001Lecture 2 XML Technology in E-Commerce Lecture 2 Logical and Physical Structure, Validity, DTD, XML Schema.

CDA Structured Text. Classes involved in structured text & coded entries.

HDF5 UML Figures for Presenters Part I: Class Diagrams Part II: Relationship Diagrams Parts III & IV: The above, with text blocks.

Decoding an IP Header (1)

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Lecture Objectives: 1)Explain the relationship between miss rate and block size in a cache. 2)Construct a flowchart explaining how a cache miss is handled.

1 Homework –Continue Reading K&R Chapter 2 –We’ll go over HW2 at end of class today –Continue working on HW3 Questions?

CSE 351 Final Exam Review 1. The final exam will be comprehensive, but more heavily weighted towards material after the midterm We will do a few problems.

// A // --- // F| G |B // --- // E| |C // ---.Dp // D // My LED Functions Scott Nichols.

KMIP Support for PGP Things to take out Things to put in.

1 Title Line on a Divider Slide Format >Level one bullet text for a divider slide.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 23 September, 2010 Encoding Options for Key Wrap.

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.

Locate By Value Anthony Berglas. Basic Idea To extend Locate so that it queries managed object’s values (KeyBlock) in the same way that it can now be.

1 Bits, Bytes, Binary & Hex CIS TAG ▪ Byte Bit.

Master Boot Record (MBR)

9/21/2016 Presentation layer Abstract Syntax Notation #1 Basic Encoding Rules.

Test1 Here some text. Text 2 More text.

Introduction to Information Security

JAVA Applets Pavan D.M..

Binary, Decimal and Hexadecimal Numbers

Client / Server Correlation Values

KMIP Client Registration Ideas for Discussion

Cryptographic Usage Mask

USB-Microcontroller C540U Family

Creating Form Elements

Help! Tell me about Computer Data!

Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.

Example 13 The Serial Peripheral Interface (SPI)

Wild Card Characters Locate Operation Nitin Jain ( Safenet )

Client / Server Correlation Values

Re-provision Credentials

[type text here] [type text here] [type text here] [type text here]

CS-401 Computer Architecture & Assembly Language Programming

Cryptographic Usage Mask

Your text here Your text here Your text here Your text here Your text here Pooky.Pandas.

Re-provision Credentials

Your text here Your text here Your text here Your text here

CS334: Memory _ Mars simulator Lab 4(part2-2)

[type text here] [type text here] [type text here] [type text here]

Facilitator Instructions

Default Constraints February, 2019.

Test Case Items February, 2019.

PRESENTATION TITLE SUBTITLE Presenter Name Date.

People’s Choice… When not just any CA will do

Presentation transcript:

Meta-Data-Only (MDO) Keys KMIP 1.2 Proposal Oct Denis Pochuev, SafeNet John Leiseboer, QuintessenceLabs

Register Operation in KMIP 1.1 From Test-Case 6.1 Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data: Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x (REGISTER) Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data: Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x (SYMMETRIC_KEY) Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data: Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data: Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x (RAW) Tag: KEY_VALUE (0x420045), Type: STRUCTURE (0x01), Data: Tag: KEY_MATERIAL (0x420043), Type: BYTE_STRING (0x08), Data: 0x abcdef abcdef Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x (AES) Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x

Register Operation in KMIP Key Block

A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains a Key Value of one of the following Key Format Types: Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes …

MDO-key Register Operation in KMIP 1.2 Proposal Tag: REQUEST_MESSAGE (0x420078), Type: STRUCTURE (0x01), Data: Tag: REQUEST_HEADER (0x420077), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION (0x420069), Type: STRUCTURE (0x01), Data: Tag: PROTOCOL_VERSION_MAJOR (0x42006a), Type: INTEGER (0x02), Data: 0x Tag: PROTOCOL_VERSION_MINOR (0x42006b), Type: INTEGER (0x02), Data: 0x Tag: BATCH_COUNT (0x42000d), Type: INTEGER (0x02), Data: 0x Tag: BATCH_ITEM (0x42000f), Type: STRUCTURE (0x01), Data: Tag: OPERATION (0x42005c), Type: ENUMERATION (0x05), Data: 0x (REGISTER) Tag: REQUEST_PAYLOAD (0x420079), Type: STRUCTURE (0x01), Data: Tag: OBJECT_TYPE (0x420057), Type: ENUMERATION (0x05), Data: 0x (SYMMETRIC_KEY) Tag: TEMPLATE_ATTRIBUTE (0x420091), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: Cryptographic Usage Mask Tag: ATTRIBUTE_VALUE (0x42000b), Type: INTEGER (0x02), Data: 0x Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE Tag: SYMMETRIC_KEY (0x42008f), Type: STRUCTURE (0x01), Data: Tag: KEY_BLOCK (0x420040), Type: STRUCTURE (0x01), Data: Tag: KEY_FORMAT_TYPE (0x420042), Type: ENUMERATION (0x05), Data: 0x (RAW) Tag: CRYPTOGRAPHIC_ALGORITHM (0x420028), Type: ENUMERATION (0x05), Data: 0x (AES) Tag: CRYPTOGRAPHIC_LENGTH (0x42002a), Type: INTEGER (0x02), Data: 0x “Not Here” tag

MDO Key Register Operation in KMIP 1.2 Proposed Table Changes

“Not Here” Tag Alternatives “Just Not Here” 1.Not having it at all (empty key value => MDO key) 2.Explicit “not here” designation Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValuePresent Tag: ATTRIBUTE_VALUE (0x42000b), Type: BOOLEAN(0x06), Data: FALSE “Not Here, but I’ll tell you where” 3.Un-interpreted text string Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: Bottom Drawer 4.URI Tag: ATTRIBUTE (0x420008), Type: STRUCTURE (0x01), Data: Tag: ATTRIBUTE_NAME (0x42000a), Type: TEXT_STRING (0x07), Data: KeyValueLocation Tag: ATTRIBUTE_VALUE (0x42000b), Type: TEXT_STRING(0x07), Data: 5.Your suggestion

MDO Key Register Operation in KMIP 1.2 Proposed Text Changes A Key Block object is a structure (see Table 6) used to encapsulate all of the information that is closely associated with a cryptographic key. It contains may contain a Key Value of one of the following Key Format Types: Raw – This is a key that contains only cryptographic key material, encoded as a string of bytes … A Key Block that does not contain a Key Value represents a Meta-Data-Only key The above changes are based on option 1 on the above slide. Further changes will be needed based on other “Not Here” tag alternatives and KeyValueLocation choice.