sign in sign up
<<
Home , Cryptography standards, PKCS

[PKCS#1] RSA Laboratories, PKCS #1 v2.1: RSA Standard, June 14, 2002, http://www.preserveitall.org/emc-plus/rsa-labs/standards-initiatives/pkcs-- cryptography-standard.htm. [PKCS#5] RSA Laboratories, PKCS #5 v2.1: Password-Based Cryptography Standard, October 5, 2006, http://www.preserveitall.org/emc-plus/rsa-labs/standards- initiatives/pkcs-5-password-based-cryptography-standard.htm. [PKCS#8] RSA Laboratories, PKCS#8 v1.2: Private- Information Syntax Standard, November 1, 1993, http://www.preserveitall.org/emc-plus/rsa-labs/standards- initiatives/pkcs-8-private-key-information-syntax-stand.htm. [PKCS#10] RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard, May 26, 2000, http://www.preserveitall.org/emc-plus/rsa-labs/standards- initiatives/pkcs10-certification-request-syntax-standard.htm. [PKCS#11] OASIS PKCS #11 Cryptographic Token Interface Base Specification Version 3.0 [POLY1305] Daniel J. Bernstein. The Poly1305-AES Message- Code. In Henri Gilbert and Helena Handschuh, editors, Fast Software : 12th International Workshop, FSE 2005, Paris, France, February 21-23, 2005, Revised Selected Papers, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005. [RFC1319] B. Kaliski, The MD2 Message-Digest Algorithm, IETF RFC 1319, Apr 1992, http://www.ietf.org/rfc/rfc1319.txt. [RFC1320] R. Rivest, The MD4 Message-Digest Algorithm, IETF RFC 1320, April 1992, http://www.ietf.org/rfc/rfc1320.txt. [RFC1321] R. Rivest, The MD5 Message-Digest Algorithm, IETF RFC 1321, April 1992, http://www.ietf.org/rfc/rfc1321.txt. [RFC1421] J. Linn, Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures, IETF RFC 1421, February 1993, http://www.ietf.org/rfc/rfc1421.txt. [RFC1424] B. Kaliski, Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services, IETF RFC 1424, Feb 1993, http://www.ietf.org/rfc/rfc1424.txt. [RFC2104] H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-Hashing for Message Authentication, IETF RFC 2104, February 1997, http://www.ietf.org/rfc/rfc2104.txt. [RFC2119] Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, March 1997. http://www.ietf.org/rfc/rfc2119.txt. [RFC2898] B. Kaliski, PKCS #5: Password-Based Cryptography Specification Version 2.0, IETF RFC 2898, September 2000, http://www.ietf.org/rfc/rfc2898.txt. [RFC2986] M. Nystrom and B. Kaliski, PKCS #10: Certification Request Syntax Specification Version 1.7, IETF RFC2986, November 2000, http://www.rfc- editor.org/rfc/rfc2986.txt. [RFC3447] J. Jonsson, B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, IETF RFC 3447, Feb 2003, http://www.ietf.org/rfc/rfc3447.txt. [RFC3629] F. Yergeau, UTF-8, a transformation format of ISO 10646, IETF RFC 3629, November 2003, http://www.ietf.org/rfc/rfc3629.txt. [RFC3686] R. Housley, Using Advanced Encryption Standard (AES) Counter Mode with IPsec Encapsulating Security Payload (ESP), IETF RFC 3686, January 2004, http://www.ietf.org/rfc/rfc3686.txt. [RFC4210] C. Adams, S. Farrell, T. Kause and T. Mononen, Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP), IETF RFC 4210, September 2005, http://www.ietf.org/rfc/rfc4210.txt.

kmip-spec-v2.0-wd03 Working Draft 03 10 January 2018 Standards Track Draft Copyright © OASIS Open 2018. All Rights Reserved. Page 14 of 214 Response Payload Item REQUIRED Description Unique Identifier Yes The Unique Identifier of the object. Lease Time Yes An interval (in seconds) that specifies the amount of time that the object MAY be used until a new lease needs to be obtained. Last Change Date Yes The date and time indicating when the latest change was made to the contents or any attribute of the specified object.

Table 226: Obtain Lease Response Payload

6.1.29.1 Error Handling - Obtain Lease This section details the specific Result Reasons that SHALL be returned for errors detected in a Obtain Lease Operation. Error Definition Result Status Result Reason No object with the specified Unique Operation Failed Item Not Found Identifier exists The server determines that a new lease Operation Failed Permission Denied is not permitted to be issued for the specified cryptographic object Object is archived Operation Failed Object Archived

Table 227: Obtain Lease Errors

6.1.30 PKCS#11 This operation makes the server perform a PKCS 11 operation.

Request Payload Item REQUIRED Description PKCS#11 Function Yes The function to perform PKCS#11 Input Parameters Yes The parameters to the function. The format is specified in the PKCS#11 Profile and the [PKCS#11] standard document.

Table 228: PKCS#11 Request Payload

kmip-spec-v2.0-wd03 Working Draft 03 10 January 2018 Standards Track Draft Copyright © OASIS Open 2018. All Rights Reserved. Page 106 of 214 Response Payload Item REQUIRED Description PKCS#11 Function Yes The function that was performed. PKCS#11 Output Parameters Yes The parameters output from the function. The format is specified in the PKCS#11 Profile and the [PKCS#11] standard document. PKCS# Return Code Yes Long Integer, The PKCS#11 return code as specified in the CK_RV values in [PKCS#11]

Table 229: PKCS#11 Response Payload

6.1.30.1 Error Handling – PKCS#11 This section details the specific Result Reasons that SHALL be returned for errors detected in a Pkcs#11 Operation.. Error Definition Result Status Result Reason PKCS#11 Function not known to server Operation Failed Invalid Field Badly formatted Input Parameters Operation Failed Invalid Field Result Reason not CKR_OK Success

Table 230: PKCS#11 Errors

6.1.306.1.31 Poll This operation is used to poll the server in order to obtain the status of an outstanding asynchronous operation. The correlation value of the original operation SHALL be specified in the request. The response to this operation SHALL NOT be asynchronous.

Request Payload Item REQUIRED Description Asynchronous Correlation Value Yes Specifies the request being polled.

Table 231228: Poll Request Payload The server SHALL reply with one of two responses: If the operation has not completed, the response SHALL contain no payload and a Result Status of Pending. If the operation has completed, the response SHALL contain the appropriate payload for the operation. This response SHALL be identical to the response that would have been sent if the operation had completed synchronously.

6.1.30.16.1.31.1 Error Handling – Poll This section details the specific Result Reasons that SHALL be returned for errors detected in a Poll Operation.

kmip-spec-v2.0-wd03 Working Draft 03 10 January 2018 Standards Track Draft Copyright © OASIS Open 2018. All Rights Reserved. Page 107 of 214 MAC Verify 00000024 RNG Retrieve 00000025 RNG Seed 00000026 Hash 00000027 Create Split Key 00000028 Join Split Key 00000029 Import 0000002A Export 0000002B Log 0000002C Extensions 8XXXXXXX

Table 361358: Operation Enumeration

11.32 Method Enumeration Padding Method Name Value None 00000001 OAEP 00000002 PKCS5 00000003 SSL3 00000004 Zeros 00000005 ANSI X9.23 00000006 ISO 10126 00000007 PKCS1 v1.5 00000008 X9.31 00000009 PSS 0000000A Extensions 8XXXXXXX

Table 362359: Padding Method Enumeration

11.33 PKCS#11 Function Enumeration This is specified in [PKCS#11] via the CK_FUNCTION_LIST table in the header files.

kmip-spec-v2.0-wd03 Working Draft 03 10 January 2018 Standards Track Draft Copyright © OASIS Open 2018. All Rights Reserved. Page 174 of 214