KMIP Managed Objects
The following table shows the support available for KMIP Managed Objects in CADP for Java.
| Managed Object Type | Create | Register | Export/Get | Delete | Manage Lifecycle |
|---|---|---|---|---|---|
| Symmetric Key | ✔ | ✔ | ✔ | ✔ | ✔ |
| Asymmetric Public/Private Key | ✔ | ✔ | ✔ | ✔ | ✔ |
| Secret Data | X | ✔ | ✔ | ✔ | ✔ |
| Template | X | ✔ | X | ✔ | X |
| Certificate | X | ✔ | ✔ | ✔ | ✔ |
Definitions of managed object types
Symmetric Key: This object is composed of a key block. Can be in raw or opaque format.
Public Key: Contains the public portion of an asymmetric key pair. This is not a certificate.
Private Key: Contains the private portion of an asymmetric key pair.
Secret Data - Contains a shared secret value that is not a key or certificate (e.g. a password). Composed of a secret data type and a key block. Must be in opaque format.
Template: A collection of attributes that can be assigned when a key is created. It contains the attributes of a managed cryptographic object that can be set by a client. Templates are used to specify the attributes of a new managed cryptographic object in various operations and are intended to simplify the assignment of attributes of new objects. Stored on the server side, the template includes these key creation parameters:
KMIP Attributes
Algorithm
Key Size
You can create Symmetric Keys and Register Asymmetric Key data that will inherit template parameters.
Certificate: Contains an X.509 certificate managed object that supports the KMIP public keys. This certifies that the public key for the certificate belongs to its SubjectName.
Note
To store PGP certificates on a Key Manager server, use KMIP SecretData objects to store their byte stream.
