KMIP support by Cosmian KMSΒΆ
This page summarizes the KMIP coverage in Cosmian KMS. The support status is
derived from the actual implementation in crate/server/src/core/operations.
Legend:
- β Fully supported
- β Not implemented
- π« Deprecated
- π§ Partially supported (not used here)
- N/A Not applicable
KMIP coverageΒΆ
MessagesΒΆ
| Message | Current |
|---|---|
| Request Message | β |
| Response Message | β |
OperationsΒΆ
| Operation | Current |
|---|---|
| Create | β |
| Create Key Pair | β |
| Register | β |
| Re-key | β |
| Re-key Key Pair | β |
| DeriveKey | β |
| Certify | β |
| Re-certify | β |
| Locate | β |
| Check | β |
| Get | β |
| Get Attributes | β |
| Get Attribute List | β |
| Add Attribute | β |
| Set Attribute (Modify) | β |
| Delete Attribute | β |
| Obtain Lease | β |
| Get Usage Allocation | β |
| Activate | β |
| Revoke | β |
| Destroy | β |
| Archive | β |
| Recover | β |
| Validate | β |
| Query | β |
| Cancel | β |
| Poll | β |
| Notify | β |
| Put | β |
| Discover Versions | β |
| Encrypt | β |
| Decrypt | β |
| Sign | β |
| Signature Verify | β |
| MAC | β |
| MAC Verify | β |
| RNG Retrieve | β |
| RNG Seed | β |
| Hash | β |
| Create Split Key | β |
| Join Split Key | β |
| Export | β |
| Import | β |
MethodologyΒΆ
- Operations shown as β
are backed by a Rust implementation file under
crate/server/src/core/operations. - If no implementation file exists for an operation, it is marked β.
- This documentation is auto-generated by analyzing the source code.
If you spot a mismatch or want to extend coverage, please open an issue or PR.
Managed ObjectsΒΆ
| Managed Object | Current |
|---|---|
| Certificate | β |
| Symmetric Key | β |
| Public Key | β |
| Private Key | β |
| Split Key | β |
| Template | π« |
| Secret Data | β |
| Opaque Object | β |
| PGP Key | β |
Notes:
- Opaque Object import support is present (see
import.rs). - PGP Key types appear in digest and attribute handling but full object import/register is not implemented, hence β.
Base ObjectsΒΆ
| Base Object | Current |
|---|---|
| Attribute | β |
| Credential | β |
| Key Block | β |
| Key Value | β |
| Key Wrapping Data | β |
| Key Wrapping Specification | β |
| Transparent Key Structures | β |
| Template-Attribute Structures | β |
| Extension Information | β |
| Data | β |
| Data Length | β |
| Signature Data | β |
| MAC Data | β |
| Nonce | β |
| Correlation Value | β |
| Init Indicator | β |
| Final Indicator | β |
| RNG Parameter | β |
| Profile Information | β |
| Validation Information | β |
| Capability Information | β |
| Authenticated Encryption Additional Data | β |
| Authenticated Encryption Tag | β |
Notes:
- AEAD Additional Data and Tag are supported in encrypt/decrypt APIs.
- Nonce and RNG Parameter are used by symmetric encryption paths.
Transparent Key StructuresΒΆ
| Structure | Current |
|---|---|
| Symmetric Key | β |
| DSA Private/Public Key | β |
| RSA Private/Public Key | β |
| DH Private/Public Key | β |
| ECDSA Private/Public Key | β |
| ECDH Private/Public Key | β |
| ECMQV Private/Public | β |
| EC Private/Public | β |
Note: EC/ECDSA support is present; DH/DSA/ECMQV are not implemented.
AttributesΒΆ
| Attribute | Current |
|---|---|
| Activation Date | β |
| Alternative Name | β |
| Always Sensitive | β |
| Application Specific Information | β |
| Archive Date | β |
| Attribute Index | β |
| Certificate Attributes | β |
| Certificate Identifier | π« |
| Certificate Issuer | π« |
| Certificate Length | β |
| Certificate Subject | π« |
| Certificate Type | β |
| Comment | β |
| Compromise Date | β |
| Compromise Occurrence Date | β |
| Contact Information | β |
| Critical | β |
| Cryptographic Algorithm | β |
| Cryptographic Domain Parameters | β |
| Cryptographic Length | β |
| Cryptographic Parameters | β |
| Cryptographic Usage Mask | β |
| Deactivation Date | β |
| Description | β |
| Destroy Date | β |
| Digest | β |
| Digital Signature Algorithm | β |
| Extractable | β |
| Fresh | β |
| Initial Date | β |
| Key Format Type | β |
| Key Value Location | β |
| Key Value Present | β |
| Last Change Date | β |
| Lease Time | β |
| Link | β |
| Name | β |
| Never Extractable | β |
| Nist Key Type | β |
| Object Group | β |
| Object Group Member | β |
| Object Type | β |
| Opaque Data Type | β |
| Operation Policy Name | π« |
| Original Creation Date | β |
| PKCS#12 Friendly Name | β |
| Process Start Date | β |
| Protect Stop Date | β |
| Protection Level | β |
| Protection Period | β |
| Protection Storage Masks | β |
| Quantum Safe | β |
| Random Number Generator | β |
| Revocation Reason | β |
| Rotate Date | β |
| Rotate Generation | β |
| Rotate Interval | β |
| Rotate Latest | β |
| Rotate Name | β |
| Rotate Offset | β |
| Sensitive | β |
| Short Unique Identifier | β |
| State | β |
| Unique Identifier | β |
| Usage Limits | β |
| Vendor Attribute | β |
| X.509 Certificate Identifier | β |
| X.509 Certificate Issuer | β |
| X.509 Certificate Subject | β |
Notes:
- GetAttributes returns a union of metadata attributes and those embedded in KeyBlock structures.
- βVendor Attributesβ are available via the Cosmian vendor namespace and are accessible via GetAttributes.
- A β
indicates the attribute is used or updated by at least one KMIP operation implementation in
crate/server/src/core/operations, explicitly excluding the attribute-only handlers (Add/Delete/Get/Set Attribute).