The Cosmian KMS server supports the tagging of objects. Tags are arbitrary strings that can be attached to objects. Tags can be used to group objects together, and to find objects for most operations, such as export, import, encrypt, decrypt, etc.
In addition, the KMS server will automatically add a system tag to objects based on the object type:
_sk: for a private key
_pk: for a public key
_kk: for a symmetric key
_uk: for a Covercrypt user decryption key
_cert: for a X509 certificate
In addition, for certificates, these additional system tags are added:
_cert_cn=<CN>: for the Common Name of the certificate subject
_cert_spki=<SPKI>: for the hex encoded Subject Public Key Info of the certificate
_cert_issuer=<Issuer>: for the unique identifier of the issuer of the certificate, if known
_cert_sk=<SK>: for the unique identifier of the private key of the certificate, if known
Since there is no provision in the KMIP 2.1 specification for tagging. The Cosmian KMS server implements tagging using the following KMIP 2.1 extensions:
Attributesare passed as part of the KMIP operation, such as in the
Create Key Pair,
Importoperations, the tags are passed as
VendorAttributeswith the vendor identification
Cosmianand attribute name
tag. The value is the serialization of the tags as a JSON array of strings.
When unique identifiers are passed as part of the KMIP operation, such as in the
Destroyoperations, the tags are in the unique identifier itself as a serialized JSON array e.g.
[ "tag1", "tag2" ].
Export the Symmetric key (tag
_kk) with user tag