luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/secrets/kmip-profiles.mdx
Divya Pola 55760606c2
Add documentation for KMIP features implemented in 1.13 (#18613) 
* Add documentation for KMIP features implemented in 1.13

* Add release version for key format types

* Fix syntax

* Add supported hashing algorithms and padding methods

* Fix formatting

* Add  nit picks from review feedback
2023-01-11 20:33:05 +05:30

339 lines
34 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: KMIP - Profiles Support
description: |-
The KMIP profiles define the use of KMIP objects, attributes, operations, message elements
and authentication methods within specific contexts of KMIP server and client interaction.
These profiles define a set of normative constraints for employing KMIP within a particular
environment or context of use.
---
# KMIP Profiles Version 1.4
This document specifies conformance clauses in accordance with the OASIS TC Process ([TC-PROC section 2.18 paragraph 8a][tc-proc-2.18] )
for the KMIP Specification ([KMIP-SPEC 12.1 and 12.2][kmip-spec]) for a KMIP server or KMIP client through profiles that define the
use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of
KMIP server and client interaction.
Vault implements version 1.4 of the following Key Management Interoperability Protocol Profiles:
## [Baseline Server][baseline-server]
1. Supports the following objects:
| Object | Supported |
| ----------------------------------------------------------------------- | :-------: |
| Attribute [KMIP-SPEC 2.1.1][kmip-spec-2.1.1] | ✅ |
| Credential [KMIP-SPEC 2.1.2][kmip-spec-2.1.2] | ✅ |
| Key Block [KMIP-SPEC 2.1.3][kmip-spec-2.1.3] | ✅ |
| Key Value [KMIP-SPEC 2.1.4][kmip-spec-2.1.4] | ✅ |
| Template-Attribute Structure [KMIP-SPEC 2.1.8][kmip-spec-2.1.8] | ✅ |
| Extension Information [KMIP-SPEC 2.1.9][kmip-spec-2.1.9] | ✅ |
| Profile Information [KMIP-SPEC 2.1.19][kmip-spec-2.1.19] | ✅ |
| Validation Information [KMIP-SPEC 2.1.20][kmip-spec-2.1.20] | ✅ |
| Capability Information [KMIP-SPEC 2.1.21][kmip-spec-2.1.21] | ✅ |
2. Supports the following subsets of attributes:
| Attribute | Supported | Notes |
| -----------------------------------------------------------------------| :-------: | :----: |
| Unique Identifier [KMIP-SPEC 3.1][kmip-spec-3.1] | ✅ | |
| Name [KMIP-SPEC 3.2][kmip-spec-3.2] | ✅ | |
| Object Type [KMIP-SPEC 3.3][kmip-spec-3.3] | ✅ | |
| Cryptographic Algorithm [KMIP-SPEC 3.4][kmip-spec-3.4] | ✅ | |
| Cryptographic Length [KMIP-SPEC 3.5][kmip-spec-3.5] | ✅ | |
| Cryptographic Parameters [KMIP-SPEC 3.6][kmip-spec-3.6] | ✅ | |
| Digest [KMIP-SPEC 3.17][kmip-spec-3.17] | ✅ | |
| Cryptographic Usage Mask [KMIP-SPEC 3.19][kmip-spec-3.19] | ✅ | |
| State [KMIP-SPEC 3.22][kmip-spec-3.22] | ✅ | |
| Initial Date [KMIP-SPEC 3.23][kmip-spec-3.23] | ✅ | |
| Process Start Date [KMIP-SPEC 3.25][kmip-spec-3.25] | ✅ | Vault 1.11 |
| Protect Stop Date [KMIP-SPEC 3.26][kmip-spec-3.26] | ✅ | Vault 1.11 |
| Activation Date [KMIP-SPEC 3.24][kmip-spec-3.24] | ✅ | |
| Deactivation Date [KMIP-SPEC 3.27][kmip-spec-3.27] | ✅ | |
| Compromise Occurrence Date [KMIP-SPEC 3.29][kmip-spec-3.29] | ✅ | |
| Compromise Date [KMIP-SPEC 3.30][kmip-spec-3.30] | ✅ | |
| Revocation Reason [KMIP-SPEC 3.31][kmip-spec-3.31] | ✅ | |
| Object Group [KMIP-SPEC 3.33][kmip-spec-3.33] | ✅ | |
| Fresh [KMIP-SPEC 3.34][kmip-spec-3.34] | ✅ | |
| Link [KMIP-SPEC 3.35][kmip-spec-3.35] | ✅ | |
| Last Change Date [KMIP-SPEC 3.38][kmip-spec-3.38] | ✅ | |
| Alternative Name [KMIP-SPEC 3.40][kmip-spec-3.40] | ✅ | Vault 1.12 |
| Key Value Present [KMIP-SPEC 3.41][kmip-spec-3.41] | ✅ | Vault 1.12 |
| Key Value Location [KMIP-SPEC 3.42][kmip-spec-3.42] | 🔴 | |
| Original Creation Date [KMIP-SPEC 3.43][kmip-spec-3.43] | ✅ | |
| Random Number Generator [KMIP-SPEC 3.44][kmip-spec-3.44] | ✅ | |
| Description [KMIP-SPEC 3.46][kmip-spec-3.46] | ✅ | |
| Comment [KMIP-SPEC 3.47][kmip-spec-3.47] | ✅ | |
| Sensitive [KMIP-SPEC 3.48][kmip-spec-3.48] | ✅ | |
| Always Sensitive [KMIP-SPEC 3.49][kmip-spec-3.49] | ✅ | |
| Extractable [KMIP-SPEC 3.50][kmip-spec-3.50] | ✅ | |
| Never Extractable [KMIP-SPEC 3.51][kmip-spec-3.51] | ✅ | |
3. Supports the following client-to-server operations:
| Operation | Supported | Notes |
| ------------------------------------------------------| :--------:|:-----:|
| Locate [KMIP-SPEC 4.9][kmip-spec-4.9] | ✅ | Vault version 1.11 supports attributes Activation Date, Application Specific Information, Cryptographic Algorithm, Cryptographic Length, Name, Object Type, Original Creation Date, and State. <br/> Vault version 1.12 supports all profile attributes except for Key Value Location. |
| Check [KMIP-SPEC 4.10][kmip-spec-4.10] | 🔴 | |
| Get [KMIP-SPEC 4.11][kmip-spec-4.11] | ✅ | |
| Get Attributes [KMIP-SPEC 4.12][kmip-spec-4.12] | ✅ | |
| Get Attribute List [KMIP-SPEC 4.13][kmip-spec-4.13] | ✅ | |
| Add Attribute [KMIP-SPEC 4.14][kmip-spec-4.14] | ✅ | |
| Modify Attribute [KMIP-SPEC 4.15][kmip-spec-4.15] | ✅ | Vault 1.12 |
| Delete Attribute [KMIP-SPEC 4.16][kmip-spec-4.16] | ✅ | Vault 1.12 |
| Activate [KMIP-SPEC 4.19][kmip-spec-4.19] | ✅ | |
| Revoke [KMIP-SPEC 4.20][kmip-spec-4.20] | ✅ | |
| Destroy [KMIP-SPEC 4.21][kmip-spec-4.21] | ✅ | |
| Query [KMIP-SPEC 4.25][kmip-spec-4.25] | ✅ | Vault 1.11 |
| Discover Versions [KMIP-SPEC 4.26][kmip-spec-4.26] | ✅ | |
4.Supports the following message contents:
| Message Content | Supported |
| -----------------------------------------------------------------| :--------:|
| Protocol Version [KMIP-SPEC 6.1][kmip-spec-6.1] | ✅ |
| Operation [KMIP-SPEC 6.2][kmip-spec-6.2] | ✅ |
| Maximum Response Size [KMIP-SPEC 6.3][kmip-spec-6.3] | ✅ |
| Unique Batch Item ID [KMIP-SPEC 6.4][kmip-spec-6.4] | ✅ |
| Time Stamp [KMIP-SPEC 6.5][kmip-spec-6.5] | ✅ |
| Asynchronous Indicator [KMIP-SPEC 6.7][kmip-spec-6.7] | ✅ |
| Result Status [KMIP-SPEC 6.9][kmip-spec-6.9] | ✅ |
| Result Reason [KMIP-SPEC 6.10][kmip-spec-6.10] | ✅ |
| Batch Order Option [KMIP-SPEC 6.12][kmip-spec-6.12] | ✅ |
| Batch Error Continuation Option [KMIP-SPEC 6.13][kmip-spec-6.13] | ✅ |
| Batch Count [KMIP-SPEC 6.14][kmip-spec-6.14] | ✅ |
| Batch Item [KMIP-SPEC 6.15][kmip-spec-6.15] | ✅ |
| Attestation Capable Indicator [KMIP-SPEC 6.17][kmip-spec-6.17] | ✅ |
| Client Correlation Value [KMIP-SPEC 6.18][kmip-spec-6.18] | ✅ |
| Server Correlation Value [KMIP-SPEC 6.19][kmip-spec-6.19] | ✅ |
| Message Extension [KMIP-SPEC 6.16][kmip-spec-6.16] | ✅ |
5. Supports the ID Placeholder [KMIP-SPEC 4][kmip-spec-4]
6. Supports Message Format [KMIP-SPEC 7][kmip-spec-7]
7. Supports Authentication [KMIP-SPEC 8][kmip-spec-8]
8. Supports the TTLV encoding [KMIP-SPEC 9.1][kmip-spec-9.1]
9. Supports the transport requirements [KMIP-SPEC 10][kmip-spec-10]
10. Supports Error Handling [KMIP-SPEC 11][kmip-spec-11] for any supported object, attribute, or operation
11. Optionally supports any clause within [KMIP-SPEC][kmip-spec] that is not listed above
12. Optionally supports extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements - We do not have any extensions
## [Symmetric Key Lifecycle Server][lifecycle-server]
1. SHALL conform to the [Baseline Server][baseline-server]
2. Supports the following objects:
| Object | Supported |
| -----------------------------------------------------------------------| :----- --:|
| Symmetric Key [KMIP-SPEC 2.2.2][kmip-spec-2.2.2] | ✅ |
| Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] | ✅ |
3. Supports the following subsets of attributes:
| Attribute | Supported | Notes |
| -----------------------------------------------------------------------| :-------: | :---: |
| Cryptographic Algorithm [KMIP-SPEC 3.4][kmip-spec-3.4] | ✅ | |
| Object Type [KMIP-SPEC 3.3][kmip-spec-3.3] | ✅ | |
| Process Start Date [KMIP-SPEC 3.25][kmip-spec-3.25] | ✅ | Vault 1.11 |
| Protect Stop Date [KMIP-SPEC 3.26][kmip-spec-3.26] | ✅ | Vault 1.11 |
4. Supports the following client-to-server operations:
| Operation | Supported |
| ------------------------------------------------------| :--------:|
| Create [KMIP-SPEC 4.1][kmip-spec-4.1] | ✅ |
5. Supports the following message encoding:
| Message Encoding | Supported | Notes |
| -------------------------------------------------------------------------------------| :--------:|:-----:|
| Cryptographic Algorithm [KMIP-SPEC 9.1.3.2.13][kmip-spec-9.1.3.2.13] with values: | | |
| i. 3DES | ✅ | Vault 1.12 |
| ii. AES | ✅ | |
| Object Type [KMIP-SPEC 9.1.3.2.12][kmip-spec-9.1.3.2.12] with value: | | |
| i. Symmetric Key | ✅ | |
| Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] with value: | | |
| i. Raw | ✅ | |
| ii. Transparent Symmetric Key | 🔴 | |
6. MAY support any clause within [KMIP-SPEC][kmip-spec] provided it does not conflict with any other clause within the section [Symmetric Key Lifecycle Server][lifecycle-server]
7. MAY support extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements.
## [Basic Cryptographic Server][basic-cryptographic-server]
1. SHALL conform to the [Baseline Server][baseline-server]
2. Supports the following client-to-server operations:
| Operation | Supported | Notes |
| ------------------------------------------------------| :--------:| --------|
| Encrypt [KMIP-SPEC 4.29][kmip-spec-4.29] | ✅ | Vault 1.11 <br/> Supported for AES, unsupported for 3DES: <br/><br/> Supported Block Cipher Modes: <br/> <ol> <li> GCM </li> <li> CBC </li> <li> CFB </li> <li> CTR </li> <li> ECB </li> <li> OFB </li> </ol> <br/> Stream operations are supported except for GCM block cipher mode. <br/><br/> Supported padding methods: <br/> <ol> <li> None </li> <li> PKCS5 </li> </ol> |
| Decypt [KMIP-SPEC 4.30][kmip-spec-4.30] | ✅ | Vault 1.11 <br/> Supported for AES, unsupported for 3DES: <br/><br/> Supported Block Cipher Modes: <br/> <ol> <li> GCM </li> <li> CBC </li> <li> CFB </li> <li> CTR </li> <li> ECB </li> <li> OFB </li> </ol> <br/> Stream operations are supported except for GCM block cipher mode. <br/><br/> Supported padding methods: <br/> <ol> <li> None </li> <li> PKCS5 </li> </ol> | |
3. MAY support any clause within [KMIP-SPEC][kmip-spec] provided it does not conflict with any other clause within the section [Basic Cryptographic Server][basic-cryptographic-server]
4. MAY support extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements.
## [Asymmetric Key Lifecycle Server][asymmetric-key-lifecycle-server]
1. SHALL conform to the [Baseline Server][baseline-server]
2. Supports the following objects:
| Object | Supported |
| -----------------------------------------------------------------------| :----- --:|
| Symmetric Key [KMIP-SPEC 2.2.2][kmip-spec-2.2.2] | ✅ |
| Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] | ✅ |
3. Supports the following objects:
| Object | Supported | Notes |
| --------------------------------------------------------------------| :-------: | :---: |
| Public Key [KMIP-SPEC 2.2.3][kmip-spec-2.2.3] | ✅ | Vault 1.13 |
| Private Key [KMIP-SPEC 2.2.4][kmip-spec-2.2.4] | ✅ | Vault 1.13 |
| Process Start Date [KMIP-SPEC 3.25][kmip-spec-3.25] | ✅ | Vault 1.11 |
| Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] | ✅ | |
4. Supports the following attributes:
| Attribute | Supported | Notes |
| -----------------------------------------------------------------------| :-------: | :---: |
| Cryptographic Algorithm [KMIP-SPEC 3.4][kmip-spec-3.4] | ✅ | |
| Object Type [KMIP-SPEC 3.3][kmip-spec-3.3] | ✅ | |
| Process Start Date [KMIP-SPEC 3.25][kmip-spec-3.25] | ✅ | Vault 1.11 |
| Protect Stop Date [KMIP-SPEC 3.26][kmip-spec-3.26] | ✅ | Vault 1.11 |
5. Supports the following message encoding:
| Message Encoding | Supported | Notes |
| -------------------------------------------------------------------------------------| :--------:|:-----:|
| Cryptographic Algorithm [KMIP-SPEC 9.1.3.2.13][kmip-spec-9.1.3.2.13] with values: | | |
| i. RSA | ✅ | Vault 1.13 |
| Object Type [KMIP-SPEC 9.1.3.2.12][kmip-spec-9.1.3.2.12] with value: | | |
| i. Public Key | ✅ | Vault 1.13 |
| ii. Private Key | ✅ | Vault 1.13 |
| Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] with value: | | |
| i. PKCS#1 | ✅ | Vault 1.13 <br/> Supported for Private and Public Keys|
| ii. PKCS#8 | ✅ | Vault 1.13 <br/> Supported for Private Key|
| iii. Transparent RSA Public Key | ✅ | Vault 1.13 |
| iv. Transparent RSA Private Key | ✅ | Vault 1.13 |
| v. X.509 | ✅ | Vault 1.13 <br/> Supported for Public Key|
6. MAY support any clause within [KMIP-SPEC][kmip-spec] provided it does not conflict with any other clause within the section [Symmetric Key Lifecycle Server][lifecycle-server]
7. MAY support extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements.
## [Advanced Cryptographic Server][advanced-cryptographic-server]
1. SHALL conform to the [Baseline Server][baseline-server]
2. Supports the following client-to-server operations:
| Operation | Supported | Notes |
| ------------------------------------------------------| :--------:| --------|
| Encrypt [KMIP-SPEC 4.29][kmip-spec-4.29] | ✅ | Vault 1.11 <br/> [See Basic Cryptographic Server](#basic-cryptographic-server) <br/><br/> Vault 1.13 <br/> Supported for RSA Asymmetric Keys: <br/><br/> Supported padding methods: <br/> <ol> <li> OAEP </li> <li> PKCS1v15 </li> </ol> <br/> Streaming operations are not supported. |
| Decypt [KMIP-SPEC 4.30][kmip-spec-4.30] | ✅ | Vault 1.11 <br/> [See Basic Cryptographic Server](#basic-cryptographic-server) <br/><br/> Vault 1.13 <br/> Supported for RSA Asymmetric Keys: <br/><br/> Supported padding methods: <br/> <ol> <li> OAEP </li> <li> PKCS1v15 </li> </ol> <br/> Streaming operations are not supported. |
| Sign [KMIP-SPEC 4.31][kmip-spec-4.31] | ✅ | Vault 1.13 <br/> Supported for RSA Asymmetric Keys: <br/><br/> Supported padding methods: <br/> <ol> <li> PSS </li> <li> PKCS1v15 </li> </ol> <br/><br/> The supported hashing algorithms with PSS are: <br/> <ol> <li> SHA224 </li> <li> SHA256 </li> <li> SHA384 </li> <li> SHA512 </li> <li> RIPEMD160 </li> <li> SHA512_224 </li> <li> SHA512_256 </li> <li> SHA3_224 </li> <li> SHA3_256 </li> <li> SHA3_384 </li> <li> SHA3_512 </li> </ol> <br/> The supported hashing algorithms with PKCS1v15 are: <br/> <ol> <li> SHA224 </li> <li> SHA256 </li> <li> SHA384 </li> <li> SHA512 </li> <li> RIPEMD160 </li> </ol> <br/> Streaming operations are supported.|
| Signature Verify [KMIP-SPEC 4.32][kmip-spec-4.32] | ✅ | Vault 1.13 <br/> Supported for RSA Asymmetric Keys: <br/><br/> Supported padding methods: <br/> <ol> <li> PSS </li> <li> PKCS1v15 </li> </ol> <br/><br/> The supported hashing algorithms with PSS are: <br/> <ol> <li> SHA224 </li> <li> SHA256 </li> <li> SHA384 </li> <li> SHA512 </li> <li> RIPEMD160 </li> <li> SHA512_224 </li> <li> SHA512_256 </li> <li> SHA3_224 </li> <li> SHA3_256 </li> <li> SHA3_384 </li> <li> SHA3_512 </li> </ol> <br/> The supported hashing algorithms with PKCS1v15 are: <br/> <ol> <li> SHA224 </li> <li> SHA256 </li> <li> SHA384 </li> <li> SHA512 </li> <li> RIPEMD160 </li> </ol> <br/> Streaming operations are supported.|
| MAC [KMIP-SPEC 4.33][kmip-spec-4.33] | ✅ | Vault 1.13 <br/> Supported for RSA Asymmetric Keys: <br/><br/> The supported hashing algorithms are: <br/> <ol> <li> SHA224 </li> <li> SHA256 </li> <li> SHA384 </li> <li> SHA512 </li> <li> RIPEMD160 </li> <li> SHA512_224 </li> <li> SHA512_256 </li> <li> SHA3_256 </li> <li> SHA3_384 </li> <li> SHA3_512 </li> </ol> <br/> The follwing hashing algorithms are not supported: <br/> <ol> <li> MD4 </li> <li> MD5 </li> <li> SHA1 </li> </ol> <br/> Streaming operations are supported.|
| MAC Verify [KMIP-SPEC 4.34][kmip-spec-4.34] | ✅ | Vault 1.13 <br/> Supported for RSA Asymmetric Keys: <br/><br/> The supported hashing algorithms are: <br/> <ol> <li> SHA224 </li> <li> SHA256 </li> <li> SHA384 </li> <li> SHA512 </li> <li> RIPEMD160 </li> <li> SHA512_224 </li> <li> SHA512_256 </li> <li> SHA3_256 </li> <li> SHA3_384 </li> <li> SHA3_512 </li> </ol> <br/> The follwing hashing algorithms are not supported: <br/> <ol> <li> MD4 </li> <li> MD5 </li> <li> SHA1 </li> </ol> <br/> Streaming operations are supported.|
| RNG Retrieve [KMIP-SPEC 4.35][kmip-spec-4.35] | ✅ | Vault 1.13 |
| RNG Seed [KMIP-SPEC 4.36][kmip-spec-4.36] | ✅ | Vault 1.13 |
3. MAY support any clause within [KMIP-SPEC][kmip-spec] provided it does not conflict with any other clause within the section [Basic Cryptographic Server][basic-cryptographic-server]
4. MAY support extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements.
[kmip-spec-2.1.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660735
[kmip-spec-2.1.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660736
[kmip-spec-2.1.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660737
[kmip-spec-2.1.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660738
[kmip-spec-2.1.8]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660757
[kmip-spec-2.1.9]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660758
[kmip-spec-2.1.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660768
[kmip-spec-2.1.20]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660769
[kmip-spec-2.1.21]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660770
[kmip-spec-2.2.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660776
[kmip-spec-2.2.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660777
[kmip-spec-3.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660784
[kmip-spec-3.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660785
[kmip-spec-3.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660786
[kmip-spec-3.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660787
[kmip-spec-3.5]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660788
[kmip-spec-3.6]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660789
[kmip-spec-3.17]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660800
[kmip-spec-3.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660807
[kmip-spec-3.22]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660810
[kmip-spec-3.23]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660811
[kmip-spec-3.25]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660813
[kmip-spec-3.26]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660814
[kmip-spec-3.24]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660812
[kmip-spec-3.27]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660815
[kmip-spec-3.29]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660817
[kmip-spec-3.30]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660818
[kmip-spec-3.31]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660819
[kmip-spec-3.33]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660821
[kmip-spec-3.34]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660822
[kmip-spec-3.35]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660823
[kmip-spec-3.38]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660826
[kmip-spec-3.40]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660828
[kmip-spec-3.41]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660829
[kmip-spec-3.42]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660830
[kmip-spec-3.43]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660831
[kmip-spec-3.44]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660832
[kmip-spec-3.46]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660834
[kmip-spec-3.47]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660835
[kmip-spec-3.48]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660836
[kmip-spec-3.49]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660837
[kmip-spec-3.50]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660838
[kmip-spec-3.51]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660839
[kmip-spec-4.9]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660849
[kmip-spec-4.10]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660850
[kmip-spec-4.11]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660851
[kmip-spec-4.12]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660852
[kmip-spec-4.13]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660853
[kmip-spec-4.14]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660854
[kmip-spec-4.15]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660855
[kmip-spec-4.16]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660856
[kmip-spec-4.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660859
[kmip-spec-4.20]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660860
[kmip-spec-4.21]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660861
[kmip-spec-4.25]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660865
[kmip-spec-4.26]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660866
[kmip-spec-4.29]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660869
[kmip-spec-4.30]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660870
[kmip-spec-4.31]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660871
[kmip-spec-4.32]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660872
[kmip-spec-4.33]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660873
[kmip-spec-4.34]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660874
[kmip-spec-4.35]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660875
[kmip-spec-4.36]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660876
[kmip-spec-6.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660887
[kmip-spec-6.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660888
[kmip-spec-6.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660889
[kmip-spec-6.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660890
[kmip-spec-6.5]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660891
[kmip-spec-6.7]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660893
[kmip-spec-6.9]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660895
[kmip-spec-6.10]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660896
[kmip-spec-6.12]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660898
[kmip-spec-6.13]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660899
[kmip-spec-6.14]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660900
[kmip-spec-6.15]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660901
[kmip-spec-6.17]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660903
[kmip-spec-6.18]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660904
[kmip-spec-6.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660905
[kmip-spec-6.16]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660902
[kmip-spec-4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660840
[kmip-spec-7]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660906
[kmip-spec-8]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660909
[kmip-spec-9.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660911
[kmip-spec-10]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660973
[kmip-spec-11]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660974
[kmip-spec]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html
[kmip-spec-2.2.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660775
[kmip-spec-9.1.3.2.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660923
[kmip-spec-4.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660841
[kmip-spec-9.1.3.2.13]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660933
[kmip-spec-9.1.3.2.12]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660932
[baseline-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431430
[lifecycle-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431487
[basic-cryptographic-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431527
[asymmetric-key-lifecycle-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431516
[advanced-cryptographic-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431528
[tc-proc-2.18]: https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26/technical-committee-tc-process-27-july-2011/#specQuality
Reference in a new issue View git blame Copy permalink