Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

User Guide
Release Notes
CSEG Administration
BYOK Integration
WebServices Guide
BYOK REST APIs

All

All

KMIP Fundamentals

KMIP Managed Operations

Please Note:

User Guide
Quick Start
- Deploy CADP for Java using Maven Distribution
- Deploy CADP for Java using installer
Tasks
- Generate random IV
- Encrypt Data
- Decrypt Data
- Encrypt String and Write to File
- Encrypt File
- Tokenize/Detokenize Date
- Sign and Sign Verify
  - Generate Digital Signature with RSA Private Key using message/text
  - Verify Digital Signature with RSA Public Key using message/text
  - Generating Digital Signature with RSA Private Key using pre-calculated hash
  - Verify Digital Signature with RSA Public Key using Pre-calculated Hash
- MAC Operations
  - Bulk Operations in HMAC
  - Generate MAC
  - Verify MAC
- Key Operations
  - Create global key
  - Create key with random name
  - Create key owned by the NAE user
  - Create EC key owned by NAE user
  - Create Symmetric Key Using HKDF Algorithm
  - Create Key and Assign Permissions
  - Create Key and Assign Custom Attributes
  - Modify Group Permissions for an Existing Key
  - Get Group Permissions on an Existing Key
  - Generate Global RSA Public-Private Key Pair
  - Generate Global EC Public-Private Key Pair
  - Generate KMIP Public-Private Key Pair
  - Export Global Key
  - Export Non-Global Key
  - Import Global Key
  - Delete Global Key
  - Get Size of Global Key
  - Return List of Global Keys on NAE Server
  - Return List of Available Keys on NAE Server
  - Access Non-Global Key
  - Wrap Key
  - Get Key Names
  - Create Versioned Key
  - Create New Version of Key
  - Alter State of a Key Version
  - Encryption, Decryption, and MAC Operations Using Versioned Key
  - Encrypt and Decrypt using All Key Versions
  - Export Versioned Key
- User and Group Management Tasks
  - Create User
  - Delete User
  - Create User with Custom Attributes
  - Update Custom Attribute User
  - Retrieve Custom Attribute
  - Delete Custom Attribute
  - Change User Password
  - Change Key Owner
  - List Group Membership of a Specific User
  - List All Users in All Groups
  - List All Users in Single Group
  - Create Group
  - Delete Group
  - Add Users to Group
  - List All Users in Specific Group
  - Get All Information About Group
- Certificate Management Tasks
  - Import Certificate to Key Manager
  - Export Certificate and Private Key From Key Manager
  - Export Certificate From Key Manager
  - Export CA Certificate From Key Manager
  - Delete Certificate From Key Manager
- Session Management Tasks
  - Create Global Session
  - Create Global Session Using SSL with Client Certificates
  - Create Authenticated Session using NAE Credentials
  - Create an Authenticated Session using Domain User
  - Create session with Obfuscated Credentials
  - Create Authenticated Session using SSL with Client Certificates
  - Create Authenticated Session using SessionLevelConfig
  - Create Authenticated Session with Access to Persistent Key Cache
- Add Multiple Key Managers
- Refresh Cached Keys
- KMIP Tasks
  - KMIP Session
    - Create Authenticated KMIP Session with Client Certificate
    - Create Authenticated KMIP Session with User Credentials
    - Create Authenticated KMIP Session with User Credentials and Client Certificate
  - Wrap Key
  - Verify Key
  - KMIP Encrypt and Decrypt
    - KMIP Encrypt
    - KMIP Decrypt
  - KMIP Encrypt and Decrypt Sample
- Obfuscate Credentials
- Logging Related Tasks
  - Time-based Log Rotation
  - Size-based Log Rotation
  - Time and Size -based Log Rotation
  - Include GMT Timestamp Offset
  - Log_MaxBackupIndex
  - Reloading Log Configuration
  - Targeted Logging
  - Configuring Multiple Logging Outputs
  - Implement External Logger Object
- Obfuscate SSL Client Private Key Passphrase
- Chain Operations
  - Create Chained Operations
  - Return Intermediate Result in a Chain of Operations
- SSL Configuration
  - Configure SSL on CipherTrust Manager for NAE Interface
  - Configure SSL on CipherTrust Manager for KMIP Interface
- Tokenization Related Tasks
  - Initialize and close Token Service Vaultless instance
  - Create token for the plaintext
  - Return plaintext for token
  - Tokenize and detokenize Unicode blocks
    - Tokenize and detokenize Unicode blocks using AlgoSpec
    - Tokenize and detokenize Unicode blocks using Unicode.properties file
  - Tokenize and detokenize large data set
  - Java API Sample
  - REST APIs
    - Deploy Vaultless Tokenization on HTTPS Server
    - Return plaintext for token
    - Create token for the plaintext
Advanced Topics
- Configuration Parameters
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Local Encryption Parameters
  - SSL Configuration Parameters
  - Logging Parameters
  - Miscellaneous Parameters
- Connect to Server
- Connection Pooling
- Load Balancing
- Multi-Tier Load Balancing
- Format Preserving Encryption
  - FPE/AES
  - FPE/FF1
  - FPE/FF1v2
  - FPE/FF3
  - FPE/FF3-1
  - FPE Formats
  - FPE/AES/Unicode Cardinality Block-Size Table
- CADP for Java Utilities
  - CryptoDataUtility
  - GetJCEDetails Utility
- Supported Algorithms
  - Encryption and Decryption with Symmetric Keys
  - Encryption and Decryption with Asymmetric Keys
  - Message Authentication Codes
  - Digital Signatures
  - Supported Cryptographic Algorithms
- KMIP Fundamentals
  - KMIP Managed Objects
  - KMIP Attribute
  - KMIP Managed Operations
  - KMIP Multiple Operation Batching
  - KMIP Support for NAECertificates
  - Certify and Recertify
  - KMIP States and Dates
- Key Caching
  - Symmetric/Asymmetric Key Caching
  - Persistent Key Caching
- Logging
- Tokenization Concepts
  - AlgoSpec
  - TokenSpec
  - Bulk Migration Parameters
- Advisory Notes and Best Practices
Troubleshooting

CADP for Java
User Guide
Advanced Topics
KMIP Fundamentals
KMIP Managed Operations

KMIP Managed Operations

Here is the list of KMIP managed operations.

Add Attribute - Adds a new attribute instance or application specific information instance to a managed object and sets its value.
Create - Generate a new symmetric key. Our implementation of the create operation supports application specific information, custom attributes, and aliases.
Create Key Pair- Generate a new asymmetric key pair. Our implementation of the create key pair operation supports application specific information, custom attributes, and aliases.
Certify/Recertify - Generate or renew a Certificate object for a public key. The certify method creates a new Certificate Managed Object on the server.
Modify Attribute: Modifies an attribute associated with a managed object. The object is specified by its unique identifier. Attributes are specified by their name.
Delete Attribute: Deletes an attribute associated with a managed object. The object is specified by its unique identifier. Attributes are specified by their name. Any attribute that is required cannot be deleted. Our implementation of the DeleteAttribute operation supports application specific information and custom attributes.
Destroy: Requests that the key material for a managed object be destroyed. Our implementation of KMIP does not retain metadata. Once the managed object is destroyed, its metadata is erased, too. Because our KMIP implementation does not support object state, there is no state requirement when destroying objects - cryptographic objects can be destroyed regardless of their state.
Get: Requests that the server return the managed object specified by its unique identifier. Only a single object is returned. The response contains the object’s unique identifier and the object itself. Compression is not supported.
Get Attributes: Requests one or more attributes of a managed object. The object is specified by its unique identifier. Attributes are specified by their name. If the specified attribute has multiple instances, then all instances are returned. If a specified attribute does not exist, then it is not present in the returned response. If none of the attributes exist, the response consists only of the unique identifier. If no attribute name is specified in the request, the server will act as if all attributes match the request.
Get Attribute List: Requests a list of the attribute names associated with the managed object. The object is specified by its unique identifier. This request supports application specific information, custom attributes, and aliases.
Locate: Requests that the server search for one or more managed objects. We recommend limiting searches to return no more than 1000 items. Otherwise, the response may be delayed, or the server may close the connection. Wild cards are not supported. The server supports only online objects, so if the storage-status mask excludes online object, the search returns empty. All supported attributes are valid. Date matching is supported.
Modify Attribute: Modifies the value of an existing attribute instance associated with a managed object. The object is specified by its unique identifier. The operation request contains the attribute name to be modified, the attribute index (optional), and the new value. Only existing values may be changed. If an attribute has multiple instances, only the specified instance of the attribute is modified. If the attribute has multiple instances, and not index is specified, the index is assumed to 0. If the attribute does not support multiple instances, then an index can not be specified.
Query - Requests information about the server’s capabilities and/or protocol mechanisms. The server vendor identification is Thales . The KMIPSession.query() is passed a java.util.Set of one or more enumeration values from com.ingrian security.nae.KMIPQueryFunction.Query
- Query.QueryOperations: KMIP Operations supported
- Query.QueryObjects: KMIP Managed Objects handled by the server
- Query.QueryServerInformation: KMIP Server information
- Query.QueryApplicationNamespaces: Application Namespaces defined on the NAE Server
- Query.QueryVendorIdentification: KMIP Server-specific identification
Each query type may return one or more values as a string. KMIPSession.query retrieves information into a map > indexed by the original Query Operations submitted. See the KMIPQuerySample.java for usage.
Register - Requests that the server register a managed object that was created by the client or obtained by the client through some other means. This request adds templates, Asymmetric Key or Secret data to the server from a template definition or key data on the client.

On this page

CADP for Java

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Support Contacts
- Text Conventions
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com