KMIP Encrypt
KMIP Encrypt request includes information about the cryptographic parameters, mode, and padding method, data to be encrypted and the IV to be used. In case of AES/CBC/PKCS5Padding or AES/CBC/NoPadding, If the encrypt request does not contain the IV, a random IV is generated on behalf of the client.
The response includes the key i.e. the unique identifier of the managed cryptographic object, the encrypted text and the randomly generated IV used for encryption (in case the algorithm requires an IV for encryption and no IV has been provided in request).
For AES
Example
Instead of UID, keyName can also be used. Check overloaded API for same.
For AES/GCM
Note:
— For AES/GCM, an IV of size between 1 to 16 bytes is mandatory. The recommended size for IV is 12 bytes.
— The Auth Tag Length is mandatory for AES/GCM and must be a value from [4, 8, 12, 13, 14, 15, and 16]
— KMIP does not support AAD.
For RSA
Note:
— Only PKCS1Padding is supported for RSA.
— Use other overloaded API to use keyName. RSA does not require spec. Refer to javadocs for more details.