Objects Tagging
The Cosmian KMS server supports the tagging of objects. Tags are arbitrary strings that can be attached to objects. Tags can be used to group objects together, and to find objects for most operations, such as export, import, encrypt, decrypt, etc.
In addition, the KMS server will automatically add a system tag to objects based on the object type:
_sk
: for a private key_pk
: for a public key_kk
: for a symmetric key_uk
: for a Covercrypt user decryption key_cert
: for a X509 certificate
Since there is no provision in the KMIP 2.1 specification for tagging. The Cosmian KMS server implements tagging using the following KMIP 2.1 extensions:
-
When
Attributes
are passed as part of the KMIP operation, such as in theCreate
,Create Key Pair
,Locate
,Certify
andImport
operations, the tags are passed asVendorAttributes
with the vendor identificationCosmian
and attribute nametag
. The value is the serialization of the tags as a JSON array of strings. -
When unique identifiers are passed as part of the KMIP operation, such as in the
Certify
,Encrypt
,Export
,Decrypt
,Get
,Get Attributes
,Revoke
, andDestroy
operations, the tags are in the unique identifier itself as a serialized JSON array e.g.[ "tag1", "tag2" ]
.
Example¶
Export the Symmetric key (tag _kk
) with user tag myTag
: