KMIP support by Cosmian KMSΒΆ
This page summarizes the KMIP coverage in Cosmian KMS. The support status is
derived from the actual implementation in crate/server/src/core/operations.
Cosmian KMS Server supports KMIP versions: 2.1, 2.0, 1.4, 1.3, 1.2, 1.1, 1.0
Legend:
- β Fully supported
- β Not implemented
- π« Deprecated
- N/A Not applicable (operation/attribute not defined in that KMIP version)
KMIP Baseline Profile ComplianceΒΆ
Baseline Server: β Compliant (all 9 required + 18/18 optional)
The Baseline Server profile (defined in KMIP Profiles v2.1 Section 4.1) requires:
- Required operations: Discover Versions, Query, Create, Register, Get, Destroy, Locate, Activate, Revoke
- Optional operations: Many additional operations for extended functionality
KMIP CoverageΒΆ
MessagesΒΆ
| Message | Support |
|---|---|
| Request Message | β |
| Response Message | β |
Operations by KMIP VersionΒΆ
The following table shows operation support across all KMIP versions.
| Operation | 1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 2.0 | 2.1 |
|---|---|---|---|---|---|---|---|
| Activate | β | β | β | β | β | β | β |
| Add Attribute | N/A | β | β | β | β | β | β |
| Archive | β | β | β | β | β | β | β |
| Cancel | β | β | β | β | β | β | β |
| Certify | β | β | β | β | β | β | β |
| Check | β | β | β | β | β | β | β |
| Create | β | β | β | β | β | β | β |
| Create Key Pair | β | β | β | β | β | β | β |
| Create Split Key | N/A | N/A | β | β | β | β | β |
| Decrypt | N/A | N/A | β | β | β | β | β |
| Delete Attribute | N/A | β | β | β | β | β | β |
| DeriveKey | β | β | β | β | β | β | β |
| Destroy | β | β | β | β | β | β | β |
| Discover Versions | N/A | β | β | β | β | β | β |
| Encrypt | N/A | N/A | β | β | β | β | β |
| Export | N/A | N/A | N/A | N/A | β | β | β |
| Get | β | β | β | β | β | β | β |
| Get Attribute List | N/A | β | β | β | β | β | β |
| Get Attributes | N/A | β | β | β | β | β | β |
| Get Usage Allocation | β | β | β | β | β | β | β |
| Hash | N/A | N/A | β | β | β | β | β |
| Import | N/A | N/A | N/A | N/A | β | β | β |
| Join Split Key | N/A | N/A | β | β | β | β | β |
| Locate | β | β | β | β | β | β | β |
| MAC | N/A | N/A | β | β | β | β | β |
| MAC Verify | N/A | N/A | β | β | β | β | β |
| Notify | N/A | N/A | N/A | N/A | N/A | β | β |
| Obtain Lease | β | β | β | β | β | β | β |
| Poll | β | β | β | β | β | β | β |
| Put | N/A | N/A | N/A | N/A | N/A | β | β |
| Query | β | β | β | β | β | β | β |
| RNG Retrieve | N/A | N/A | β | β | β | β | β |
| RNG Seed | N/A | N/A | β | β | β | β | β |
| Re-certify | β | β | β | β | β | β | β |
| Re-key | β | β | β | β | β | β | β |
| Re-key Key Pair | N/A | β | β | β | β | β | β |
| Recover | β | β | β | β | β | β | β |
| Register | β | β | β | β | β | β | β |
| Revoke | β | β | β | β | β | β | β |
| Set Attribute (Modify) | N/A | N/A | N/A | N/A | N/A | β | β |
| Sign | N/A | N/A | β | β | β | β | β |
| Signature Verify | N/A | N/A | β | β | β | β | β |
| Validate | β | β | β | β | β | β | β |
MethodologyΒΆ
- Operations marked β
are backed by a Rust implementation file under
crate/server/src/core/operations. - Operations marked β are defined in the KMIP specification but not implemented in Cosmian KMS.
- Operations marked N/A do not exist in that particular KMIP version.
- This documentation is auto-generated by analyzing source code and KMIP specifications.
If you spot a mismatch or want to extend coverage, please open an issue or PR.
Managed ObjectsΒΆ
The following table shows managed object support across all KMIP versions.
| Managed Object | 1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 2.0 | 2.1 |
|---|---|---|---|---|---|---|---|
| Certificate | β | β | β | β | β | β | β |
| Symmetric Key | β | β | β | β | β | β | β |
| Public Key | β | β | β | β | β | β | β |
| Private Key | β | β | β | β | β | β | β |
| Split Key | β | β | β | β | β | β | β |
| Template | π« | π« | π« | π« | π« | N/A | N/A |
| Secret Data | β | β | β | β | β | β | β |
| Opaque Data | β | β | β | β | β | β | β |
| PGP Key | β | β | β | β | β | β | β |
Notes:
- Opaque Object import support is present (see
import.rs). - PGP Key types appear in digest and attribute handling but full object import/register is not implemented, hence β.
- Template objects are deprecated in newer KMIP versions.
Base ObjectsΒΆ
The following table shows base object support across all KMIP versions.
| Base Object | 1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 2.0 | 2.1 |
|---|---|---|---|---|---|---|---|
| Attribute | β | β | β | β | β | β | β |
| Credential | β | β | β | β | β | β | β |
| Key Block | β | β | β | β | β | β | β |
| Key Value | β | β | β | β | β | β | β |
| Key Wrapping Data | β | β | β | β | β | β | β |
| Key Wrapping Specification | β | β | β | β | β | β | β |
| Transparent Key Structures | β | β | β | β | β | N/A | N/A |
| Template-Attribute Structures | N/A | β | β | β | β | N/A | N/A |
| Server Information | β | β | β | β | β | β | β |
| Extension Information | N/A | β | β | β | β | β | β |
| Data | β | β | β | β | β | β | β |
| Data Length | N/A | N/A | β | β | β | β | β |
| Signature Data | N/A | N/A | β | β | β | β | β |
| MAC Data | N/A | N/A | β | β | β | β | β |
| Nonce | β | β | β | β | β | β | β |
| Correlation Value | β | β | β | β | β | β | β |
| Init Indicator | N/A | N/A | N/A | β | β | β | β |
| Final Indicator | N/A | N/A | N/A | β | β | β | β |
| RNG Parameters | N/A | N/A | N/A | β | β | β | β |
| Profile Information | N/A | N/A | N/A | β | β | β | β |
| Validation Information | N/A | N/A | N/A | β | β | β | β |
| Capability Information | N/A | N/A | N/A | β | β | β | β |
| Authenticated Encryption Additional Data | N/A | N/A | N/A | N/A | β | β | β |
| Authenticated Encryption Tag | N/A | N/A | N/A | N/A | β | β | β |
Notes:
- AEAD Additional Data and Tag are supported in encrypt/decrypt APIs.
- Nonce and RNG Parameter are used by symmetric encryption paths.
- Base objects are fundamental structures present across all KMIP versions.
Transparent Key StructuresΒΆ
The following table shows transparent key structure support across all KMIP versions.
| Structure | 1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 2.0 | 2.1 |
|---|---|---|---|---|---|---|---|
| Symmetric Key | β | β | β | β | β | β | β |
| DSA Private Key | β | β | β | β | β | β | β |
| DSA Public Key | β | β | β | β | β | β | β |
| RSA Private Key | β | β | β | β | β | β | β |
| RSA Public Key | β | β | β | β | β | β | β |
| DH Private Key | β | β | β | β | β | β | β |
| DH Public Key | β | β | β | β | β | β | β |
| EC Private Key | N/A | N/A | N/A | β | β | β | β |
| EC Public Key | β | β | β | β | β | β | β |
| ECDSA Private Key | β | β | β | β | β | N/A | N/A |
| ECDSA Public Key | β | β | β | β | β | N/A | N/A |
| ECDH Private Key | β | β | β | β | β | N/A | N/A |
| ECDH Public Key | β | β | β | β | β | N/A | N/A |
| ECMQV Private Key | β | β | β | β | β | N/A | N/A |
| ECMQV Public Key | β | β | β | β | β | N/A | N/A |
Note: EC/ECDSA support is present; DH/DSA/ECMQV are not implemented.
AttributesΒΆ
| Attribute | Current |
|---|---|
| Activation Date | β |
| Alternative Name | β |
| Always Sensitive | β |
| Application Specific Information | β |
| Archive Date | β |
| Attribute Index | β |
| Certificate Attributes | β |
| Certificate Length | β |
| Certificate Type | β |
| Comment | β |
| Compromise Date | β |
| Compromise Occurrence Date | β |
| Contact Information | β |
| Critical | β |
| Cryptographic Algorithm | β |
| Cryptographic Domain Parameters | β |
| Cryptographic Length | β |
| Cryptographic Parameters | β |
| Cryptographic Usage Mask | β |
| Deactivation Date | β |
| Description | β |
| Destroy Date | β |
| Digest | β |
| Digital Signature Algorithm | β |
| Extractable | β |
| Fresh | β |
| Initial Date | β |
| Key Format Type | β |
| Key Value Location | β |
| Key Value Present | β |
| Last Change Date | β |
| Lease Time | β |
| Link | β |
| Name | β |
| Never Extractable | β |
| Nist Key Type | β |
| Object Group | β |
| Object Group Member | β |
| Object Type | β |
| Opaque Data Type | β |
| Original Creation Date | β |
| PKCS#12 Friendly Name | β |
| Process Start Date | β |
| Protect Stop Date | β |
| Protection Level | β |
| Protection Period | β |
| Protection Storage Masks | β |
| Quantum Safe | β |
| Random Number Generator | β |
| Revocation Reason | β |
| Rotate Date | β |
| Rotate Generation | β |
| Rotate Interval | β |
| Rotate Latest | β |
| Rotate Name | β |
| Rotate Offset | β |
| Sensitive | β |
| Short Unique Identifier | β |
| State | β |
| Unique Identifier | β |
| Usage Limits | β |
| Vendor Attribute | β |
| X.509 Certificate Identifier | β |
| X.509 Certificate Issuer | β |
| X.509 Certificate Subject | β |
Notes:
- GetAttributes returns a union of metadata attributes and those embedded in KeyBlock structures.
- βVendor Attributesβ are available via the Cosmian vendor namespace and are accessible via GetAttributes.
- A β
indicates the attribute is used or updated by at least one KMIP operation implementation in
crate/server/src/core/operations, including attribute handlers (Add/Delete/Set/Get Attribute). - Most attributes are present across all KMIP versions with some additions in newer versions.